Our weekly hack for those in the field doing the work & digging up critical intel.
The ability to uncover information on the internet is the primary skill of an online investigator. There are hundreds of thousands of surface, deep, and dark websites, but which are most pertinent to your unique case? Do you know how to utilize Google to its full potential? With new social media platforms coming online at a rapid pace, capturing leads and evidence in social media networks is more complex than ever. Do you know the latest tools of the trade?
Hg’s OSINT Tips of the week provides you with the latest intel how to be most effective in our tradecraft. We are always looking for new tools, so don’t hesitate to let us know if you have one you’d like reviewed in a future post!
This week, our Timely Tips review two personal information aggregators and a site to combat malware. Come on, it’s time to dig in.
Pastebin is a web application used to store and share large amounts of online text anonymously. Originally a site for developers to share source code, Pastebin has since morphed into a place for hackers and malicious activity. While Pastebin claims to restrict email lists, login details and passwords, leaks and sensitive information are commonly found here. Pastebin is a resource for keeping track of possible exploits on you or your client’s information. No login is required to search; use the search bar to easily access data. To publish your own information, you must register. With your account, you have the option to upload, share, and restrict your content.
Hunter is a domain search website created to list all company employees’ names and email addresses. Having indexed over 100 million email addresses located online via the web to allow business professionals to contact one another, Hunter makes the business world more transparent. A Hunter user must first create a profile (ranging from free to Enterprise which costs $399/month). Once a profile is created, the user can perform searches of a company’s domain name and locate one or 1,000+ emails depending on the size of the company.
A seemingly harmless email or website URL could be one click away from disaster. VirusTotal is a free source to combat these cyber scams. Searches by file, URL, IP address, and domain may be performed through the website. VirusTotal will then run searches against 70 antivirus scanners and URL/domain blacklisting services (Malware Domain Blocklist and Threat Hive) to locate any potential threats. Should a URL be safe, it will be marked as Clean; if not, it’ll be marked Malicious. Once collected, the site aggregates and shares any malicious findings through its VirusTotal Community—helping to make the cyber community a safer place to explore.
Have an OSINT tip for us? Contact us, and we will consider reviewing it in future posts!
Like what you’re reading? Check out Hg’s monthly webinars!
Throughout the year, Hetherington Group offers monthly live webinars on current investigative tactics involving social networks, search engines, due diligence, the dark web, and other related topics. Participants should have some basic experience of the topic, as all programs are offered at an intermediate level, unless otherwise noted.