Hacking the Cloud

Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,)

https://hackingthe.cloud

Contributor twitter.com/Frichette_n

Awesome Incident Response

twitter.com/meirwah has been collecting this list for over seven years!

Memory Analysis and Imaging Tools
Log analysis
OSX Evidence
Process dumps tools
Scanner tools
Reversing tools
and much more

https://github.com/meirwah/awesome-incident-response

#dfir #forensic #incidentresponse

PHOTO Investigation OSINT Toolkit

Reverse image search engines
Image AI analyze and comparing
Exif/metadata analyze
Photo forensics
Fact checking
Online graphical editors

Contributor https://t.me/ibederov_en

#osint #socmint

How to copy the link from the Startme page?
(they are copy-protected and are NOT displayed in View Source)

1. Open page and browser JavaScript Console
2. Run console.log(document.body.innerHTML);
3. Copy source code to online links extractor. For example, http://tools.buzzstream.com/link-building-extract-urls

Username Availability Checker

Simple online tool that checks if a user with a certain nickname is present on popular social networks. Very far behind Maigret/WhatsMyName in terms of number of services, but suitable for a quick check.

https://username-check.herokuapp.com
Creator twitter.com/manu_chroma

OSM Smart Menu

Google Chrome extension to switch between dozens of different types of online maps (based on #OpenStreetMap and NOT only):

OpenSea
OpenSnow
OpenTopo
Open Public Transport
Historical Objects
3D map

and more!

https://chrome.google.com/webstore/detail/osm-smart-menu/icipmdhgbkejfideagkhdebiaeohfijk/related

#osint #geoint

BlackBird

- Search username across 73 sites:
- API username check (Protonmail, PlayerDB, Hackthebox etc);
- Check archived Twitter accounts.

https://github.com/p1ngul1n0/blackbird

#osint #socmint

Creator twitter.com/p1ngul1n0

Little timesave trick

Use "map:" advanced search operator for quick view some geographical object (country, town, river) in #Google search results.

map:europe
map:berlin
map:dnepr

Note that today the BlackBird tool has a standalone version. It can now be used directly in the browser.

DAILY UPDATED PROXY LISTS

For scraping and other information gathering automations:

https://github.com/clarketm/proxy-list
https://github.com/TheSpeedX/PROXY-List
https://github.com/ShiftyTR/Proxy-List
https://github.com/jetkai/proxy-list

Socks5 for Telegram:
https://github.com/hookzof/socks5_list

#osint #socmint #scraping #pentest

Awesome Anti Censorship

Privacy and anonymity
Network tunnels
Firewall analysis
Decentralized systems
Steganography
Deniable encryption

https://github.com/danoctavian/awesome-anti-censorship

#privacy #anticensorship

The Worldwide #OSINT Tools map now links not only to individual tools, but also to entire toolkits for countries (Startme, Github):

South Africa
China
Australia
Hungary
Canada
South Korea

https://cipher387.github.io/osintmap/

#geoint

It's been almost nine months since I used the bot @getnaked_bot for creating Telegra.ph articles from Twitter threads.

I found out about this bot because its developer @techcrunch sent me a message inviting me to try it. This bot turned out to be absolutely essential for me. I've run it dozens of times (and regularly pestered the developer to improve the bot).

But a couple of days ago @techcrunch told me that only 3 people (including the developer himself) were using this bot.

I was, of course, very surprised. But, unfortunately, this is a very typical situation for highly specialised tools. Many scripts for #osint on Github have no more than a couple of dozen stars, but are completely indispensable for some tasks. And for some researchers, even become part of their daily workflow.


Unfortunately, the development of unique and indispensable, yet unpopular tools is often halted by a lack of feedback. Developers do not see the return on their work and switch to other projects.

If you use a highly specialised free tools, try to support its developers at least occasionally: write reviews and acknowledgements, talk about their projects on your social media accounts, make donations, etc.

These simple actions are as important for the development of free software as the development itself. Tens of thousands of worthwhile projects are lost each year due to lack of user support.


-------------------

Other project of @techcrunch (@getnaked_bot creator):


@igspybot - bot for downloading content from Instagram accounts
@youbastard_bot — bot deleting spam from group Telegram chats

It is no longer possible to enter the site: search operator directly into the input form to search for a specific site on Yandex Pictures.

You now have to add the parameter directly into the URL:

&site=instagram.com

#osint #socmint

One of Twitter's interesting features is to create themed lists of accounts. For example, I recently put together a list of accounts of hacker conferences taking place around the world.

In this list you can find links to recordings of interesting talks, announcements of live and offline events, and a bunch of different cybersecurity-related content

https://twitter.com/cyb_detective/status/1530876908820484096

Guide to searching in different file types

This guide is particularly useful for those working with data leaks (which come in a wide variety of file formats). You will learn which tools to use and how to use them in different situations.

https://github.com/soxoj/files-search-guide

#osint #leaks

RUBY

Simple tool for searching videos by keyword in Rumble, BitChute, YouTube and saving results (author, title, link) to CSV file.

https://github.com/jakecreps/ruby

Creator twitter.com/jakecreps


#python #opensource #osint

nDorker

Enter the domain name and get quick links to Google Dorks, Github dorks, Shodan dorks and quick links to get info about domain in Codepad, Codepen, Codeshare and other sites ("vendor dorking")

https://github.com/nerrorsec/nDorker

#python #opensource

One of the main drawbacks of many hacker conferences is the large number of promotional speeches that IS companies advertise their products at.

But many large IS conferences have so-called "community zones" where only independent researchers and real hacking enthusiasts gather.

That is exactly what we are expecting "Defcone ZONE" at OFFZONE 2022, that will take place in the end of August in Moscow.

There you'll be able to listen to talks by famous people like lockpicking wizard Nipnull (https://www.youtube.com/watch?v=BBnhZnQkuA0&t=1116s) and OSINT tools developer Soxoj (https://t.me/cybdetective/970)

You can find all the details on the DC Online channel https://t.me/defcon_events

For speaker submissions and media partnerships, please contact @nipnull

Все к этому шло, но только теперь уже публично и для всех)

Мы будем на OFFZONE 2022!

Более того, теперь эта история будет больше, чем когда-либо раньше, так что анонсируем вам:

DEF CON ZONE ON OFFZONE 2022

У ребят еще пока есть Early Birds Tickets

А если не хочется покупать билет, то можно попробовать свои силы и запилить аддон к бейджу, как на старом добром DEF CON
Авторы самых красивых бейджей, по мнению организаторов, получат проход на конференцию бесплатно
Но стоит поторопиться - конкурс идет еще месяц!