Finally, we made it. Around 3 months, 8 episodes and many hours of researching suspicious cyber activities and other OSINT rabbit holes. This article will sum up first season, what we have learned and what each research was about.

I hope it will make you interested to sign up for next season.

OSINT & RDP

Offensive OSINT s01e01 - OSINT & RDP
This is the first part of Offensive OSINT tutorials which covers preparation (technical and mindset), and presents how to set up a monitoring for Bluekeep vulnerability in hospitals using Shodan and Elasticsearch database. Introduction These tutorials will give you insight of OSINT techniques used …

It was one of the simplest article to write and good warm-up for further adventures. It presents how to set up a basic Python environment with help of Pycharm and how to connect it to Elasticsearch. As a real case study I took detection and monitoring publicly exposed servers with Remote Desktop Protocol open in the organizations such as hospitals.

Included code uses Shodan for detection and gmail as a email provider to monitor and report new findings every week/month. Also, another useful tricks was presented to target RDP like credential stuffing .

OSINT & DEOBFUSCATION

Offensive OSINT s01e02 - Deobfuscation & Source code analysis + uncovering CP distribution network
In this episode, we will take a look on obfuscated javascript code which is actively used in CP campaign, from at least 2018, and on whole distribution process that’s also obfuscated by pretending legit files. As a source code analysis example, I will present very brief analysis of known coinminer …

This was one of my favorite one. Unusual rabbit hole that was used as a real case to show deobfuscation methods of javascript files. We went from posts on obsolete blogs to child abuse material that was distributed across different sites and was hosted anonymously in the cloud. The campaign has been reported to Pastebin and then FBI and they are working on it, that's all what I got.

We learned useful tricks in terms of deobfuscation and dealing with complex obfuscated network structure used by child abusers. I definitely want to continue this topic in next season, what I presented is just small percentage of what is really going on. It goes much deeper, the are forums, chans and darknet, I will have to gather and analyze a lot of data to show you real scale of this network, even in clearnet.

OSINT & DISINFORMATION

Offensive OSINT s01e03 - Looking for election related disinformation on Polish service wykop.pl
In this episode, we will take a look on disinformation campaign in polish social media platform - wykop.pl. It’s very similar to widely known Reddit, without subreddits, but with tags and micro blog instead. I will present techniques to gather information about users, upvotes/downvotes and content. …

Pattern for disinformation related investigations is almost the same in every case. If you don't know where to start, you should choose any current and controversial topic on social media, most popular platform for disinformation campaigns is Twitter. It could be political or military matter, depends what you like or who are you working for.

In this episode, we searched for disinformation in presidential election in Poland, in polish social media platform - Wykop.pl. It explains basics of OSINT and disinformation, how to track such cases, what to look for and how to establish connections.

This article was also published on polish security portal Zaufana Trzecia Strona

Jak analizować akcje dezinformacji na przykładzie użytkowników portalu Wykop.pl

OSINT & CRITIAL INFRASTRUCTURE

Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia
This is the second part of my investigation into critical infrastructure around the world. This article should have been a presentation on ICS Conference in Singapore, however due to Coronavirus it will be a virtual event. I’m not interested in participating and I have left with quite good material …

This was a continuation of really long term investigation into internet facing Industrial Control and Internet of Things devices all around the world. The main goal of article was to scan, find and locate any device that, if exposed, could potentially be dangerous for national security and people's lives at the end.

The research was based on tool I created - ꓘamerka. It's a web application ICS, IIoT, IoT reconnaissance tool that has everything what you need in terms of industrial investigations. I will continue this topic as well, since I will be presenting ꓘamerka on x33fcon. I plan to scan whole world and make database with ꓘamerka public for subscribers.

OSINT & CORPORATE ESPIONAGE

Offensive OSINT s01e05 - OSINT & Corporate espionage. Tentacles of Mindgeek part 1.
In this episode we will take a look on corporate structure of Mindgeek - leading company in content delivery, SEO, advertisement, hosting and general tech innovation. They operate worldwide and websites owned by them generate hundreds of millions visits per day and more bandwidth than Twitter, Amazo…

I like to reverse various things from javascript obfuscated code to corporate structure of adult entertainment organization. Corporate espionage is being done by many companies that want to know what they competitors are up to.

This episode explains how to map and visualize corporate structure of any organization including daughter companies and subsidiaries. It also show how to gather data about organization and officers  with help of python and OpenCorporate API. Technical research of Mindgeek assets will be part of season 2.

OSINT & OFFSHORE ORGANIZATIONS

Offensive OSINT s01e06 - Analysis of offshore organizations of Polish Steamship Company.
This time, we are diving into researching offshore organizations from bunch of leaks like Panama Papers, Bahamas Leaks or Paradise Papers. In this episode I will present: * Structure of offshore organizations of Polish Steamship Company (POLSTEAM) * Methods to research offshore leaks * Network…

It's another topic where OSINT can help a lot. Article describes a deep dive into leaks from Panama & Paradise Papers and Bahamas leaks - how to establish connections, where to look for officers and other related companies. We search through documents from Distributed Denial of Secrets and International Consortium of Investigative Journalists.

In addition, interactive D3js network graph has been open sourced to use it for any similar investigation.

OSINT & DATA LEAKS

Offensive OSINT s01e07 - Offensive leak hunting with LeakLooker
In this episode we are going to find a sensitive data leak with unique tool I made - LeakLooker X. I added new features to detect leaks from Github repositories, anonymous FTP, 2x methods for Amazon S3 buckets and way to scan for API keys in HTML source code. So let’s find some sensitive informati…

LeakLooker is a tool that can deliver you entertainment for hours. You can look for leak from 16 possible sources, including database, source code or private secrets leaks. It is another, after Kamerka, long-term project that will be continued. There are still many type of sources that need to be added to make LeakLooker even more powerful.

OSINT & HUMAN TRAFFICKING

Offensive OSINT s01e08 - Human trafficking investigation part 1
Welcome in last episode of first season of Offensive OSINT. Today’s topic is very important from ethical perspective and super interesting from technical point of view. This is the field where Open Source Intelligence is used the most. We will go through most common methods of human trafficking onli…

It's another deep rabbit hole where OSINT and Python skills are super useful. This article is only an introduction to the human trafficking problems online that law enforcement and private companies have to deal with. It shows history of Backpage, current sites where human trafficking may happen and how to bite this topic in terms of your own OSINT & Python investigation.

Next parts definitely will be subject of season 2

OFFENSIVE OSINT SEASON 2

Art Brut (Outsider art) is art by self-taught or naïve art makers. Typically, those labeled as outsider artists have little or no contact with the mainstream art world or art institutions. Often, outsider art illustrates extreme mental states, unconventional ideas, or elaborate fantasy worlds.

This description suits best for next season, it will be kind of OSINT Art Brut with unconventional approach.

It's hard to find similar blog as Offensive OSINT which mentions variety of subjects based on real live scenarios combining Open Source Intelligence, Python and analyst skills. As you might see, first season touched fragile topics, sensitive material and general truth seeking in cyber world.

So, I would like to continue in this same way and want it to be eyes opening OSINT experience for everyone who is interested in investigations and want to learn process, methodology and technical skills.

Unfortunately, I had no luck with cooperation with different infosec people and organizations regarding any of my projects but I still want to continue the series. In this case, I decided to move on and started a second season for paid members only, if you still want to read my OSINT journey across dark Internet corners subscribe for season 2.

It will have ~8 episodes and take 3-4 months. I already made a list of topics that will be included in next season (random order).

  • Mindgeek part 2 - Techical OSINT mapping - General techniques used to find footprint of company
  • Human trafficking part 2 - Proof of Concept Thorn-like tool - mentioned in episode 8
  • Human trafficking part 3 - Recreating social path of known human traffickers. I plan to resurrect my old tool SocialPath and make it as best as I can.
  • Deeper dive into CP network described in episode 2. There are plenty of distributed data across many network, how to deal with it?
  • State of Industrial Control Systems in the world. I'm thinking about new updates to ꓘamerka and I will check each country in the world to show you the most spectacular findings in terms of ICS and IoT.
  • LeakLooker is a next topic that never ends. There are still a lot of new types and sources to implement to catch all possible data leaks. I can't wait what we will find this time.
  • There is a topic I always want to investigate but had no time enough. It will be bonus one.

Honestly, I don't know how far we will go so it might be more parts of some episodes. In addition, if you have any subject to investigate, let me know, I accept the challenge.

I believe there are people with similar mindset that are curious about what is really going on and how you can fight with this. It is also great opportunity to gather all the people that think in similar way and share interesting intel. Let me know if you need access to any of my tools, I will add you to the private github repository.

You can sign up below.

Offensive OSINT