Another season has ended and now we will sum up every episode to give a clear explanation what you can expect from each of the articles.

Summary of season 1 is available below.

Offensive OSINT season 1 - Summary
Finally, we made it. Around 3 months, 8 episodes and many hours of researchingsuspicious cyber activities and other OSINT rabbit holes. This article will sumup first season, what we have learned and what each research was about. I hope it will make you interested to sign up for next season. OSIN…

S02e01 - OSINT & Digital Footprint. Tentacles of Mindgeek part 2.

Offensive OSINT s02e01 - OSINT & Digital Footprint. Tentacles of Mindgeek part 2
New season starts from Mindgeek research that is a continuation of first partwhere we learned about corporate espionage. Having names of subsidiaries,related organizations and corporate network graph, we can move on to next phaseof investigation - mapping attack surface. You can refresh you memo…

It's continuation of research from first season about Mindgeek, but this time article focuses on digital footprint and assets of porn giant Mindgeek. Information collected in part one allowed to do a digital reconnaissance and check their online presence. It also helped to discover more connections to other brands and get general info what they are up to.

S03e02 - Human trafficking investigation part 2. Monitoring Bedpage

Offensive OSINT - s02e02 - Human trafficking investigation part 2. Monitoring Bedpage.
In this episode we will focus on widely known website which offers escortservices around the world and how it allegedly helps human traffickers.Moreover, I will present application that was mentioned in part 1, i.e. solutionthat Thorn[…

Bedpage is one of the most famous website in terms of escorts. Similar to Backpage which has been seized couple years ago or CityXGuide, taken down couple months ago. They all took part in money laundering, approving prostitution and human trafficking on their sites.

Article describes actions done by law enforcement thanks to monitoring mentioned services. I also wrote a small poc tool to monitor Bedpage and find potential bad ads based on the keywords, phone number or image hash. "Bad Ads" is accessible on my Github.

S02e03 - Intelligence gathering on Internet facing critical infrastructure in United States of America and Russian Federation.

Offensive OSINT s02e03 - Intelligence gathering on Internet facing critical infrastructure in United States of America and Russian Federation.
In this episode we will make an analysis of exposed Industrial Control System(ICS) devices in Russia and United States from military perspective. What is thebest way to spy on foreign exposed critical infrastructure? How to do espionageof strategic places? What exploit will be the most profitable…

It's next episode about Kamerka. After, Southeast Asia we deep dive into exposed devices, mostly HMI in US and Russia. It covers wastewater treatments, dams, earth engines(!) and infrastructure in military facilities.

Article also describes each country as an adversary and presents what groups perform offensive and defensive operations against other countries. It includes government organizations and other advanced persistent threats groups.

S03e04 - Story about OSINT, MS-13, Facebook and mapping organized crime

Offensive OSINT s02e04 - Story about OSINT, MS-13, Facebook and mapping organized crime
Today we will take a deep dive into investigation of eleven members of MS-13gang that were arrested at the beginning of this month for Sex Trafficking of aMinor, VICAR assault (Violent Crime in Aid of Racketeering Activity throughassault with a dangerous weapon) and also drug dealing and possessi…

This one shows how to find and use details disclosed in indictment to do your own investigation into organized crime. Article dives into Facebook accounts of the arrested persons and presents how to scrape friends and build an interactive network with connection to other potential members of MS-13.

S02e05 - SocialPath - Social media intelligence gathering tool

Offensive OSINT s02e05 - SocialPath - Social media intelligence gathering tool
We stay on social media intelligence and this time will see how to track usersacross different social media platforms. As a real life scenario I took usersfrom Russian website which is full of very ‘specific’ contentincluding creepshots, revenge photos or indecent child images. Last ep…

Old tool - SocialPath has been refreshed in this episode and now works better and faster. It describes cases when cyber criminals use same usernames on different sites and how to successfully track them. As an example, I took users from Russian photo hosting forum and followed their social media visibility.

SocialPath is accessible on my Github.

S02e06 - Journey over exposed databases

Offensive OSINT s02e06 - Journey over exposed databases
Today we will do a deep dive into different sources of data leaks. I prepared anupdate for LeakLooker X which fixes all bugs, clears output and adds additionalway to check for exposed Amazon S3 buckets. In addition, I will present how todiscover such things and latest findings I reported to the o…

It's yet again episode about LeakLooker with new ways to discover data leaks from variety of sources. You can learn useful tricks to track exposure of different databases and what to look for to confirm data leak.

S02e07 - Recreating Lazarus' infrastructure in Maltego

Offensive OSINT s02e07 - Recreating Lazarus’ infrastructure in Maltego
In today’s episode we will take a closer look on infrastructure used in attacksby North Koreans state-sponsored hackers. It’s also good example to show basicsof Maltego and how to write your own transforms. Last episode about leaks and unsecured databases is available below Offensive OSINT s02e0…

This was a quick and informative post about how to use Maltego and write your own transform. We took a look on some operations performed by North Korea hackers and visualize it in Maltego looking for any patterns and common points with help of our own VirusTotal transform.

S02e08 - Gathering data from different sources

Offensive OSINT s02e08 - Gathering data from different sources
This is the material, I’ve been working on since start of this season.We will dodeep dive into rabbit hole of child abuse content distribution network. It is acontinuation of episode from season one titled “OSINT & Deobfuscation” and youcan read it below. Offensive OSINT s01e02 - Deobfuscation &…

Title might sound a little bizarre but it presents an investigation into person or group distributing child abuse content in clearnet via complex network of old websites, pastes and cloud hosting services. It also involves abusing of different community forums and shorten url platforms.

Article describes how to gather as much information as possible via OSINT techniques, connect them together and find more artifacts.

What's next

During each research, I donated money from subscriptions to the organizations depending on the article's topic, in total around 600 USD. To show you what can you expect from running such blog, I will publish transparency report about money, subscribers and followers in a couple days.

I still want to continue writing and sharing knowledge on the blog and have already couple ideas for next season. Nonetheless, I if you have any ideas feel free to drop me a Twitter dm or to contact me via email.

I already wrote a cool feature to LeakLooker, where hundreds of organizations are vulnerable and leak their credentials and API keys, already reported such case to Lego and Polish Ministry of Finance.

Currently, I'm writing modular and flexible bug bounty monitor with help of Elasticsearch and Telegram, and of course will share the code and methodology.

Other topics I started to investigate are:

  • Possibility to make Kamerka more offensive with exploits and scans
  • Ad network
  • Iranian APT indictment

I will also try to stick with topics like human trafficking, organized crime or corporates. And again, if you have a topic to investigate or need explanation, write me.

I don't know how long the next season will last due to my private problems and general pandemic situation but I estimate it might end in March-April. So if you want to subscribe still, I'm very happy you like the content, if not - you can unsubscribe in any moment in your account.

Thank you and stay safe.