Posts

Showing posts from September, 2020

OSINT blog: Key West

Image
 One way to improve your OSINT skills is to practice. Practice makes perfect as they say.  #OSINT challenge. Find the exact coordinates of this webcam in Key West, Florida. RT for reach https://t.co/ZLpAGeHvVU — Jake Creps (@jakecreps) September 10, 2020 Thanks @JakeCreps, I'll take it from here. Let's start by visiting the stream, the initial piece of intelligence provided: I immediately noticed the "CIDBW0008" and it looks like a possible address or unique identifier to me. A quick search of "CIDBW0008" brought me to: Clicking on one of these links brought me to a Facebook page that also shares this live video feed, giving us a new location "Galleon Marina": I then searched up "Galleon Marina": This location lines up with the title of the intital YouTube stream's location. I then searched 'Front Street' from the title: Via scanning around on Google Street Maps, I was able to find the two buildings present in the stream: W...

Intelligence & Analysis report: Attacks leveraging the Cloud

Image
“ The cloud is not a physical entity, but instead is a vast network of remote servers around the globe which are linked together and meant to operate as a single ecosystem. These servers are designed to either store and manage data, run applications or deliver content or a service such as streaming videos, web email, office productivity software or social media. ” - Microsoft Azure Cloud services are increasingly being leveraged by cybercriminals and advanced persistent threat groups in attack campaigns. These cloud services include consumer accounts for OneDrive, Google Drive, DropBox, compromised SharePoint and GSuite accounts, as well as the Discord CDN. These are leveraged to host malicious files, phishing pages, redirector links, and other parts of attack campaigns. These services are often used for business operations and are regarded as safe by default by most detection systems. Any threat actor can leverage these services for free or could compromise user accounts. The most com...

Fantastic APTs and Where to Find Them

Image
  Sophisticated computer security breaches in some of the most heavily defended networks around the world have been orchestrated by so-called Advanced Persistent Threats (APT) groups. Many of these APTs operate on behalf of a nation state’s intelligence agency or military. They can even be private sector hacking groups, hired for specific operations. An APT group specialises in gaining access, maintaining it, and executing post-exploitative activities while remaining undiscovered. There are also many types of APT attack campaigns. This can include, but is not limited to, intelligence gathering operations, intellectual property theft, sabotage and data destruction, and exploitation for financial gain. Intelligence gathering, cyber-espionage One such APT that exemplifies this type of behaviour is known as the Naikon APT group. In May 2020, Check Point disclosed new evidence of an ongoing cyber-espionage campaign against several national government entities in the Asia Pacific (APAC) ...