OSINT Framework

Hacking and Threat Assessment Norse – Norse maintains the world’s largest dedicated threat intelligence network. With over eight million sensors that emulate over six thousand applications. Their network gathers data on who the attackers are and what they’re after. Their home page shows a live attack map with real-time information on attacks. Spyse – Spyse is a cyber security search engine that helps you find technical information about internet-based assets. They have a broad range of helpful tools. Examples include a subdomain finder, reverse IP lookup, port scanner, DNS lookup, and more.

The world’s most used penetration testing framework

webscreenshot Description A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script. Features Integrating url-to-image 'lazy-rendering' for AJAX resources Fully functional on Windows and Linux systems Cookie and custom HTTP header definition support for the PhantomJS renderer Multiprocessing and killing of unresponding processes after a user-definable timeout Accepting several formats as input target Customizing screenshot size (width, height), format and quality Mapping useful options of PhantomJS such as ignoring ssl error, proxy definition and proxy authentication, HTTP Basic Authentication Supports multiple renderers: PhantomJS, which is legacy and abandoned but the one still producing the best results Chromium, Chrome and Edge Chromium, which will replace PhantomJS but currently have some limitations: screenshoting an HTTPS website not having a valid certificate, for instance a self-signed one, will produce an empty screenshot. The reason is that the --ignore-certificate-errors option doesn't work and will never work anymore: the solution is to use a proper webdriver, but to date webscreenshot doesn't aim to support this rather complex method requiring some third-party tools. Firefox can also be used as a renderer but has some serious limitations (so don't use it for the moment): Impossibility to perform multiple screenshots at the time: no multi-instance of the firefox process No incognito mode, using webscreenshot will pollute your browsing history Embedding screenshot URL in image (requires ImageMagick)

Passive Reconnaissance Using OSINT

How to use Facebook for Open Source Investigation (OSINT) Share this...FacebookTwitterLinkedinPinterestReddit Facebook is one of the largest social media networks. It’s a biggest source for OSINT (open source investigation). Almost 8 billion people have a Facebook account, everyday around two and a half billion people use Facebook. Facebook has a complete database of people. If the target person has a Facebook account, then it is more easy and faster to find out the target details. In Washington, the FBI is recruiting the people for secret investigation, as commented by ethical hacker of International Institute of Cyber Security. Facebook is used in different ways like (advertisement campaigns, events/programs and others). Most politicians use Facebook to post the party related information. All the News channels post their breaking new in Facebook, to make it viral. (adsbygoogle = window.adsbygoogle || []).push({}); Facebook has different types of option like (Friends, Groups, Marketplace, videos on watch, Events, Memories, Saved, Pages, Nearby Friends, Gaming, jobs, Recommendation, city Guides, Crisis response, devices request, Live Videos, Mentor-ship, Movies,  Recent Ad Activity, send or request money and weather) On Facebook most people don’t follow the security steps, they post their activities publicly. If your target person doesn’t follow the security steps, then his activities and personal data can be captured easily using: Comments (responding to the post uploaded by that target).People (we can access the friend’s list of that target).Photos and videos (If that target post any photo or videos on Facebook, we can see the data in his profile)Pages (Facebook pages are completely publicly accessible to all users in Facebook. On their page, target can post throughs, events, businesses, jobs and other breaking news, etc.)Places (we can see places where the target visited and tagged himself or by other person) Events (on Facebook we have an option called event in this anyone of your friend an invite you for that event, users can accept or reject the invitation). Now let’s talk about the investigation on the target profile. For this we need to create a fake profile because if you work on your own profile, there are high chances of being caught and it will collapse your hole investigation process.

Here’s how hackers remotely attack smartphones: Taking control of victim’s camera and microphone using just 11 commands Share this...FacebookTwitterLinkedinPinterestReddit Mobile hacking is one of the most dangerous cybercriminal trends, as it allows threat actors to conduct detailed surveillance of people of interest, steal personal information, and even empty bank accounts and cryptocurrency wallets remotely and without raising suspicion. This time, specialists from the mobile security course of the International Institute of Cyber Security (IICS) will show you one of the most popular methods and tools for the attack of smart devices, used by the most recognized mobile hacking groups. To be specific, this tutorial details the creation of a remote access Trojan (RAT) for Android devices. (adsbygoogle = window.adsbygoogle || []).push({}); Remember that this article was prepared for informational purposes only and should not be taken as a call to action; IICS is not responsible for the misuse that may occur to the information contained herein.

Create phishing page of 29 websites in minutes. Share this...FacebookTwitterLinkedinPinterestReddit Introduction Phishing attack is going all time high on internet. Most of the hackers work on these phishing pages to find out your credentials. These type of attacks are done by just sending links and provoking victim to click on the link. The main intention of this attack to steal the username & passwords, bank credentials and, other confidential information. A recent expose of phishing attack on AirBNB was demonstrated by ethical hacking researcher of International institute of Cyber Security. Today we will show you on how to create phishing page of 29 different websites in minutes. Zphisher is a tool that can be used to create phishing pages and send to the the victim to steal the confidential information.

Bayes’ Theorem postulates that the probability of a hypothesis being true increases or decreases as pieces of evidence for or against it accumulate. In the words of Bennett (2009: 8), ‘the more unlikely a piece of evidence [E] is in light of alternatives to explanation H, the more that evidence [E] increases our confidence that H is true . . .’ Although it remains controversial whether it makes sense to assign specific numerical probabilities to qualitative evidence (Beach, 2017: 15; Fairfield and Charman, 2017; Zaks, 2021), applying the general principles of Bayesian inference can be considered another benchmark for process-tracing research.

Disallow: /tmp/ For the most part you won’t usually find anything of great value inside a robots.txt file but here is the one exception: because it uses a “disallow” statement some web admins will include file paths to stop them from being indexed. So for example there might be a path under disallow that has file traversal enabled for some reason. Looking for any comments in the file might also yield information such as the persons name who added that comment, some information about why that comment exists or maybe some dates and times. Looking at a line from this robots.txt file we now know something about their organization in that someone called “Gerald” works there and has access to the webroot: $Id: robots.txt,v 1.85 2020/11/06 21:15:53 gerald Exp $ As an exercise to start looking for some files to assess and play with you can use Google dorks: inurl: “.robots.txt” In terms of workflow, now that you have some potentially decent seed data some other tools that might assist further would be: DirBuster, MetaGoofil , WGET and The Wayback Machine. By far the most flashy robots.txt file? That would the one used on Nike’s site. Some further reading on the robots.txt file from SANS: https://sansorg.egnyte.com/dl/QOBCnbDCx1/? __ATA.cmd.push(function() { __ATA.initVideoSlot('atatags-370373-61eddb7a68e85', { sectionId: '370373', format: 'inread' }); }); __ATA.cmd.push(function() { __ATA.initDynamicSlot({ id: 'atatags-26942-61eddb7a68eae', location: 120, formFactor: '001', label: { text: 'Advertisements', }, creative: { reportAd: { text: 'Report this ad', }, privacySettings: { text: 'Privacy', onClick: function() { window.__tcfapi && window.__tcfapi( 'showUi' ); }, } } }); });

ETECTION OF FALSE INFORMATIONIn the previous section, we discussed a number of tell-tale signs and often-found characteristics of opinion-basedand fact-based false information. In this section, we complement this information by discussing a number ofapproaches that researchers have employed to actually detect false information and those who spread it.Algorithms to identify false information can be broadly categorized into three categories: feature engineering-based, graph-based, and modeling-based, as shown in Figure 11. The majority of algorithms are feature-based, inthat they rely on developing efficient features that individually or jointly are able to distinguish between true andfalse information. These features are developed from the characterization analyzes that show the differences inproperties of the two classes. These differences are then characterized by intelligently designed features. Whilewe go into the details of some key research in feature-based detection, other papers that use features as describedin Section 5 can directly be applied for detecting false information as well. Alternatively, graph-based algorithmsrely on identifying false information by targeting groups of users (spreaders) with unlikely high, lock-stepcoordination boosting a certain story (e.g., a botnet retweeting the same article in near-identical time). Thesealgorithms try to identify dense blocks of activity in an underlying adjacency matrix. While these algorithmsmay be able to identify large-scale coordinated activity, small-scale or lone-wolf attacks are unlikely to be caughtsince the algorithms primarily focus on the largest dense blocks. Finally, modeling-based algorithms work bycreating information propagation models that emulate the empirical observation of edges and information spread.The intuition behind these algorithms is that since most information is true, it likely spreads a similar or uniqueway. Thus, emulating this mode of information spread can pinpoint false information spread as anomalies whichcan then be verified and removed.

ETECTING SOCKPUPPETSOur previous analysis found that sockpuppets generally contributeworse content and engage in deceptive behavior. Thus, it would beuseful to create automated tools that can help identify sockpuppets,and assist moderators in policing online communities. In this sec-tion, we consider two classification tasks, both of which relate tothe prediction of sockpuppetry. First, can we distinguish sockpup-pets from ordinary users? And second, can we identify pairs ofsockpuppets in the communities?Based on the observations and findings from the analyses in theprevious sections, we identify three sets of features that may help infinding sockpuppets and sockpuppet pairs: activity features, com-munity features, and post features. For each user U, we develop thefollowing features:Activity features: This set of features is derived from U’s post-ing activity. Prior research has shown that activity behavior of bots,spammers, and vandals is different from that of benign users [10,24, 25, 12, 40]. Moreover, in our analysis, we have seen thatsockpuppets make more posts and they start less sub-discussions.Therefore, the activity features we consider include the number ofposts, the proportion of posts that are replies, the mean time be-tween two consecutive posts, and U’s site tenure, or the number ofdays from U’s first post. Further, we use features based on how Uis situated in the reply network. Here, U’s local network consists ofU, the users whose posts U replied to, and the users that replied toU’s posts. We then consider clustering coefficient and reciprocityof this network. In addition, for the task of identifying pairs ofsockpuppets, we use number of common sub-discussions betweenthese sockpuppets to measure how often the two comment together.Community features: Interactions between a user and the restof the community may also be indicative of sockpuppetry. Commu-nity feedback on an account’s posts has been effective in identifyingtrolls and cheaters [11, 4], and we also observed that sockpuppetsare treated more harshly than ordinary users. Thus, we consider thefraction of downvotes on posts U wrote, as well as the fraction thatwere reported or deleted, in addition to whether U was blocked

HawkEye: A Robust Reputation System for Community-based Counter-Misinformation Authors : Rohit Mujumdar, Srijan Kumar Link to the paper About HawkEye Identifying misinformation is a critical task on web and social media platforms. Recent efforts have focused on leveraging the community of ordinary users to detect, counter, and curb misinformation. Twitter launched a community-driven misinformation detection service called Birdwatch, where users provide notes to label tweets as misinformation or not, and rate other users' notes as being 'helpful' or not. However, malicious users can inject fake notes and helpfulness ratings to manipulate the system for their gains. In this work, we investigate the robustness of Birdwatch against adversaries. We show that the current Birdwatch system is vulnerable to adversarial attacks - using only a few fake accounts, an adversary can promote any random note as one of the top ranking notes. To overcome this vulnerability, we propose HawkEye, a graph-based recursive algorithm that leverages the global graph structure to quantifyall the quality metrics. Since many users will only write andrate a few notes and many tweets will only have a few notes, we introduce a Laplacian smoothing technique to overcomethis cold-start problem. We posit that HawkEye will be more robust to adversaries. We compare the Birdwatch and HawkEye models' robustness against an attacker whose goal is to manipulate the ranking of notes. We show that our proposed HawkEye algorithm is more robust against this attack. Furthermore, we show that the HawkEye algorithm performs better than the Birdwatch system in identifying accurate and misleading tweets in both unsupervised and supervised settings. If you make use of this code, the HawkEye algorithm, please cite the following paper:

Frequently this website was running a random and sometimes obscure PHP application or CMS

The fingerprint technique is conceptually similar to the JA3S fingerprint technique published by Salesforce in 2019

Methodology The classic OSINT methodology you will find everywhere is strait-forward: Define requirements: What are you looking for? Retrieve data Analyze the information gathered Pivoting & Reporting: Either define new requirements by pivoting on data just gathered or end the investigation and write the report.