Using a Google CSE (Custom Search Engine) to enhance OSINT investigations.
In this post I use a python tool (EyeWitness), TOR, TorGhost, and the Dark Web Reports from Hunchly to automate viewing the Dark Web resources.
What is WannaCry? In March 2017, Microsoft issued the MS17-010 bulletin (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) patching (and warning) of a broad set of vulnerabilities in many of its operating systems from Windows XP to Windows 10 and 2016. This vulnerability could be exploited via the DOUBLEPULSAR attack released by ShadowBrokers and supposedly attributed to the NSA. For more... Continue Reading →
Helpful guide that provides directions on how to remove private information from public web sites.
Sending financial, health and other sensitive information over the internet is like sending postcards in the snail mail. From the time you hit send to the time it is received in the other person's mailbox anyone can read your messages. Once in the email-provider mailbox (Gmail, Hotmail, Yahoo, Comcast...) they can read the email and... Continue Reading →
This year I'll be presenting a talk on Imposter Feelings or, more commonly known as Imposter Syndrome. The title of the talk is "Imposter Syndrome: I Don't Feel Like Who You Think I Am." and it is scheduled to be run at BSidesNOVA in February and BSidesCharm in April. [UPDATE] - Links to the videos from: BSidesNOVA... Continue Reading →
For those of you that have been the targets of SPAM or phishing or perhaps for those of you that are cyber defenders, how many times have you heard "I have no idea how the attacker got my personal email address." I have a secret to share with you. [Come a little closer to the... Continue Reading →
What Is It? I've created the WhatsMyName project on Github (https://github.com/WebBreacher/WhatsMyName) to help with #OSINT searches by using target user names. Here's how it works: We understand that people use the same username across multiple web sites. For example, I am "WebBreacher" on both the Github and BitBucket web sites. Some web sites make it... Continue Reading →
What I just made a thing on Twitter. It is a "bot". This python computer program runs on my computer and retweets Donald Trump's (https://twitter.com/realDonaldTrump) Twitter account only if the original tweet came from an Android device. Here's what it looks like for both a tweet from Trump and one that is probably not: Why... Continue Reading →