Digital Forensics Tips

I have a few servers running on the dark web for my SANSSEC497 Practical OSINT course . The dark web is known for many things, but reliability isn’t necessarily one of them, which is why I have multiple. As the class becomes available in March, students will take it all over the world, at different times. Because of this, I needed a small program to monitor my dark web sites and let me know if they were offline. My first attempt was using a popular open-source website monitor. I made several attempts to route its traffic through Tor to monitor my .onion sites, but they weren’t successful. I finally decided to write a simple Python script to fit my needs. I then thought, why do that, when I can have ChatGPT do it for me? I went to the ChatGPT website and asked it to write me some python code to check if my .onion site was online and to alert me if it wasn’t. I had to switch the port it wanted to use for the SOCKS proxy (more on that later), but the code worked. I then asked it to ch

In a recent Discord chat, someone told me that they hated new year’s resolutions, and greatly preferred new year’s themes. I thought about it for a minute, and agreed that was a much better approach. Instead of a goal like “lose thirty pounds”, an overall theme of becoming a healthier person. That is one of my biggest themes for 2023 but another of the things I want to focus on this year is producing content.  I wrote a blog post last which normally isn’t a big deal, but that was my first blog post since... (checks notes) … May of 2020. I could blame it on Covid or some other excuses but the fact is I was just burnt out. I was working a fifty hour a week job with the federal government and spending my vacation time teaching SANS classes. These are all good things and I’m not complaining, I just didn’t really have much energy left for producing much content outside of the occasional conference talk.  Early in 2022 I received the opportunity to write an OSINT class for SANS which I knew

You may have read that Twitter was hacked and hundreds of millions of user's data was stolen. In this post we'll talk about what happened, and what's in the data. This wasn't a breach in the way that most people think breach. Twitter's API had a flaw where if you provided an email address, it would reveal if that email address belonged to an account, and which account it belonged to. Someone used that to compile over 220,000,000 email addresses, and what user accounts those email addresses were tied to. Here is a (censored) look at what the data looks like: One of the biggest questions I had was if the data contained phone numbers for user's who used that method to authenticate instead of emails, but it doesn't look like that was the case, at least in this dataset. Everything that matches the pattern of a phone number looks to be part of the user's screen name. Hudson Rock co-founder Alon Gal pointed out on the @RockHudsonRock Twitter account tha