Just gave a SANS @MIC talk and wanted to share the links to the sites and tools I discussed. A video of the talk is below: https://www.youtube.com/watch?v=BVFhMqktkeE https://osintcurio.us/http://osintframework.dehttp://www.cnn.com/robots.txthttps://www.cisco.com/robots.txthttps://www.apple.com/robots.txthttps://map.snapchat.com/@30.943495,41.053944,3.75zhttps://whatsmyname.app/https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/https://untappd.com/NorthernMonkhttps://untappd.osint.ninjahttps://wifi.xfinity.com/https://viewdns.info/https://www.osintcombine.com/data-visualization-toolhttps://haveibeenpwned.com/https://dehashed.com/https://sans.org/sec487https://github.com/webbreacher/untappdscraperInstant Data Scraper Google Chrome Extension
We are OSINTCurious!
I've been working with some of the amazing people in the OSINT world for a while. Most are amazing and so willing to share ideas. So we decided to create a trusted, online resource at https://OSINTCurio.us Definitions OSINT - "a method of using open source tools to collect information from publicly available sources and then... Continue Reading →
Mining for OSINT gold: RIR data via API
This is a guest post by David Mashburn (@d_mashburn, https://www.sans.org/instructors/david-mashburn), Certified SANS Instructor and cyber ninja! OSINT isn't just about doing pre-attack recon. It is often leveraged by defenders as part of the incident response and investigation process. One of the most common applications of OSINT for a defender is to perform lookups on available... Continue Reading →
The Secrets of LinkedIn
For those of you that have been the targets of SPAM or phishing or perhaps for those of you that are cyber defenders, how many times have you heard "I have no idea how the attacker got my personal email address." I have a secret to share with you. [Come a little closer to the... Continue Reading →
Harvesting Whois Data for OSINT
At work I was given the task of figuring out at least one method to find some of the domains that were registered by my company's employees but that we may not have known that they registered. Anyone can visit GoDaddy or PSI or 1and1 and register a domain. We wanted to find out anyone... Continue Reading →