Posts

Leveling Up Your OSINT Game: Creating a Professional Email on a Budget

Image
  Some sites do not allow new users to register with a “free” email such as gmail.com or outlook.com. This is especially true if a site offers some free capability, but with the hope of converting you into a paying customer. Most OSINT practitioners would prefer to avoid using their “real” work email to signup for services, so the easiest solution is to register a domain (if you don’t already have one) and setup an email account using that. In this blog post we’ll explore how to accomplish this task as easily, and inexpensively as possible. Step 1: Acquire The Domain Many of us have likely purchased a .com or other domain over the years. Maybe you still have some, or maybe they expired. For years the only domain registrar I used was Google Domains. It was easy, inexpensive and provided free private registration to help enhance privacy. Recently, Google decided to get out of the domain registration business and is in the process of transferring all registered domains to Squarespac

Navigating Internet Censorship: An In-Depth Look at Tor, VPNs, and Circumvention Strategies

It’s an unfortunate reality that governments and nation-states around the world employ sophisticated methods to control and restrict their citizens' access to the Internet. I recently received an email from a student asking about using VPNs, Tor, etc., to bypass these restrictions. I replied to their question but thought the topic may interest other people, so I decided to turn it into a blog post as well. This blog post will examine the ongoing battle between censorship authorities and those using tools like Tor and VPNs to bypass these restrictions. We'll look at the various techniques used by nation-states to block or throttle VPN usage, dive into the technical details of how these methods work, and discuss strategies for circumventing censorship. Furthermore, we'll discuss the role of proxies, the effectiveness of the Tor network, and the importance of staying informed in the face of ever-evolving censorship tactics. Understanding VPN Blocking Techniques: To effec

Introducing FaviconLocator: The Eazy Button to Searching by Favicon

Image
  Favicons (short for favorite icons) are the cute little pixelated images that appear next to the site name in web browser tabs, bookmarks, etc. In the image below we can see the iconic GitHub logo on their site and the KFC logo on a bucket of chicken on their site. Originally, favicons were designed to add a touch of professionalism and branding, but for anyone who is like me and has over a dozen tabs open at any time, favicons are the only thing displayed and how I navigate tabs. Most of us rely on favicons on a daily basis but many never think of them as a tool we can use in OSINT and CTI investigations. That’s what we’re doing to talk about here as well as introduce a new tool. In addition to branding and aiding in navigation between tabs, favicons can serve as unique identifiers for websites. These unique identifiers can help us: Trace the online presence of organizations and discover obscure digital assets Map the online infrastructure of potential threats Potentially de-ano

Automating Domain Squatting Detection with DNSTwist and Python

Image
  There’s a good chance that, at some point, you’ve received a spam email with a link that looked close to the name of a popular domain but was just a little off. Payapl.com instead of Paypal.com or similar. Domain squatting is a malicious activity where attackers register domain names similar to legitimate ones. Attackers may use these domains to deceive users into believing they are visiting a legitimate website, which can lead to phishing and other attacks. DNSTwist (available here: https://github.com/elceef/dnstwist ) is a popular tool that helps identify domain names that are similar to a given domain name. It generates a list of potential domain names by applying various fuzzing techniques to the given domain name and then checks if these domains are registered. Check out the list of Bank Of America copycat domains: DNSTwist is an amazing tool that should likely be a part of every organization's Cyber Threat Intelligence monitoring efforts, and I wanted to automate it

Why Rainbow Tables Aren't the Pot of Gold They Once Were

Image
Today I’m presenting a SANS workshop on password cracking for OSINT and digital forensics. The workshop will require no previous knowledge and will progress from explaining how things work to how you can effectively crack passwords for file formats such as Office, Zip, RAR and PDF. There are a few topics that I won’t be covering that I expect to get some questions on. That’s the purpose of this blog post. Those topics are salt and rainbow tables. It’s not that these topics aren’t interesting or worth talking about; they’re just not as relevant to password cracking as many people think they are. Let’s explain! When I mention password cracking, many people instantly respond with “rainbow tables!!”. I try to avoid speaking in absolutes so I won’t say rainbow tables are useless, but I will say they aren’t much of a thing anymore. In the workshop, we cover how to acquire password hashes from files and how to crack them. Let’s place that aside for a second and instead talk about a book.

Expanding the Boundaries of ChatGPT with LangChain - Part Two

Image
  In huge ChatGPT news this week, they rolled out web browsing capability and plugins for ChatGPT Pro subscribers. That will be what I blog about next week, but for now, I wanted to post part two of looking at LangChain. In part one of this series, we explained that LangChain was a framework of connectors that allows us to use our code to tie together data and large language models (LLMs) like ChatGPT. The new ChatGPT browsing capabilities add a lot of functionality, but there is still a need for LangChain to allow us to automate these processes. We’ll look at increased functionality and use cases in future posts, but for now, I wanted to share the code I used in the previous post.   First things first are installing the Python dependencies: pip install openai pip install langchain pip install chromadb pip install tiktoken I installed these successfully on both a Windows system and an M1 Mac OS system. On the Windows system, I needed to download some Microsoft C++ tools for Ch

Expanding the Boundaries of ChatGPT with LangChain - Part One

Image
  You have likely noticed a massive influx of applications that claim to use artificial intelligence. Many of these applications are built using a framework called LangChain. In this post, we’ll provide a basic introduction to this technology and explain why it can be beneficial in your daily taskings. Let’s start off with “normal” ChatGPT usage. Most users go to the ChatGPT website, ask ChatGPT to do something, and read the response. The technology is both awe-inspiring and currently limited. It’s limited by not having internet access, access to recent information, or the ability to incorporate the user’s files or data into its workflow. It’s also limited by the size of how big prompts or answers can be. The “normal” usage of ChatGPT looks like this. You can do some amazing things with this basic model, but think of how many things aren’t incorporated here and the potential that they could unlock if they were. This is where LangChain comes in. LangChain is a framework that allows de