Another season has ended and now we will sum up every episode to give a clear explanation what you can expect from each of the articles.
Summary of season 1 is available below.
S02e01 – OSINT & Digital Footprint. Tentacles of Mindgeek part 2.
It’s continuation of research from first season about Mindgeek, but this time article focuses on digital footprint and assets of porn giant Mindgeek. Information collected in part one allowed to do a digital reconnaissance and check their online presence. It also helped to discover more connections to other brands and get general info what they are up to.
S03e02 – Human trafficking investigation part 2. Monitoring Bedpage
Bedpage is one of the most famous website in terms of escorts. Similar to Backpage which has been seized couple years ago or CityXGuide, taken down couple months ago. They all took part in money laundering, approving prostitution and human trafficking on their sites.
Article describes actions done by law enforcement thanks to monitoring mentioned services. I also wrote a small poc tool to monitor Bedpage and find potential bad ads based on the keywords, phone number or image hash. “Bad Ads” is accessible on my Github.
S02e03 – Intelligence gathering on Internet facing critical infrastructure in United States of America and Russian Federation.
It’s next episode about Kamerka. After, Southeast Asia we deep dive into exposed devices, mostly HMI in US and Russia. It covers wastewater treatments, dams, earth engines(!) and infrastructure in military facilities.
Article also describes each country as an adversary and presents what groups perform offensive and defensive operations against other countries. It includes government organizations and other advanced persistent threats groups.
S03e04 – Story about OSINT, MS-13, Facebook and mapping organized crime
This one shows how to find and use details disclosed in indictment to do your own investigation into organized crime. Article dives into Facebook accounts of the arrested persons and presents how to scrape friends and build an interactive network with connection to other potential members of MS-13.
S02e05 – SocialPath – Social media intelligence gathering tool
Old tool – SocialPath has been refreshed in this episode and now works better and faster. It describes cases when cyber criminals use same usernames on different sites and how to successfully track them. As an example, I took users from Russian photo hosting forum and followed their social media visibility.
SocialPath is accessible on my Github.
S02e06 – Journey over exposed databases
It’s yet again episode about LeakLooker with new ways to discover data leaks from variety of sources. You can learn useful tricks to track exposure of different databases and what to look for to confirm data leak.
S02e07 – Recreating Lazarus’ infrastructure in Maltego
This was a quick and informative post about how to use Maltego and write your own transform. We took a look on some operations performed by North Korea hackers and visualize it in Maltego looking for any patterns and common points with help of our own VirusTotal transform.
S02e08 – Gathering data from different sources
Title might sound a little bizarre but it presents an investigation into person or group distributing child abuse content in clearnet via complex network of old websites, pastes and cloud hosting services. It also involves abusing of different community forums and shorten url platforms.
Article describes how to gather as much information as possible via OSINT techniques, connect them together and find more artifacts.
During each research, I donated money from subscriptions to the organizations depending on the article’s topic, in total around 600 USD. To show you what can you expect from running such blog, I will publish transparency report about money, subscribers and followers in a couple days.
I still want to continue writing and sharing knowledge on the blog and have already couple ideas for next season. Nonetheless, I if you have any ideas feel free to drop me a Twitter dm or to contact me via email.
I already wrote a cool feature to LeakLooker, where hundreds of organizations are vulnerable and leak their credentials and API keys, already reported such case to Lego and Polish Ministry of Finance.
Currently, I’m writing modular and flexible bug bounty monitor with help of Elasticsearch and Telegram, and of course will share the code and methodology.
Other topics I started to investigate are:
- Possibility to make Kamerka more offensive with exploits and scans
- Ad network
- Iranian APT indictment
I will also try to stick with topics like human trafficking, organized crime or corporates. And again, if you have a topic to investigate or need explanation, write me.
I don’t know how long the next season will last due to my private problems and general pandemic situation but I estimate it might end in March-April. So if you want to subscribe still, I’m very happy you like the content, if not – you can unsubscribe in any moment in your account.
Thank you and stay safe.