👮♀ 10 Cybersecurity Blogs/Websites for Cybersecurity Professionals/Hackers
1. Daniel Missler
2. Graham Kewley
https://grahamcluley.com/about-this-site/
3. Security Weekly
https://scmagazine.com/security-weekly-blog
4. Infosecurity Logs
https://infosecurity-magazine.com
5. Hacker news
6. Intigriti
7. Hakluke
8. Hacker 1
https://hackerone.com/hacktivity
9. BugCrowd
https://bugcrowd.com/crowdstream?filter=disclosures
10. IT Security Guru
⚙ Network intelligence tools.
• The ohshint website has a section with very useful tools and resources on network intelligence. All material is divided into relevant categories and contains a brief description.
#OSINT
Seeker
A tool for creating fake web pages that request permission to access the user's geolocation. If the request is accepted, the attacker receives the exact coordinates of the device, such as longitude and latitude, as well as additional information, including the unique device ID, model, operating system, IP address, and other characteristics.
Unlike conventional geolocation methods that only use IP address and provide an approximate location, Seeker uses GPS data, which allows for more accurate information, especially on smartphones.
Link to the tool:
🤐 Censorship for those who are uncomfortable?
The Spanish government is preparing a new law that will force users considered "relevant" on social networks to rectify false or inaccurate information they publish.
This legislation, in the draft phase, extends the 1984 law, originally designed for traditional media, to now include influencers and other users with a wide reach on digital platforms.
The Government wants to fight against "professional hoaxers".
Reports LibertadDigital
-I would just like to say... How many times has an "official" or "real" story been subsequently denied?-
Illusion of Freedom
"When governments intervene in markets, they repeat the mistakes the countries of Eastern Europe made in the latter half of the 20th century. High taxes on competing goods is a form of indirect subsidy too. It's impossible to calculate the total damages taxation and inflation have done to society.
But think of it this way: If you're in a so-called laissez-faire country, your total taxes might look something like this:
25% income tax, 25% social-security contributions, and other taxes your employer pays. Even before we start adding hidden costs, that's about 50%.
Add a VAT adjusted for certain goods with extra taxes, like fuel for your car... That's an additional 25% of whatever you had left. So, in total, 62.5%. Make that 65% to compensate for every other tax we didn't include. Now add a best-case scenario of 5% inflation rate.
Congratulations, you live in a "free country", and you're 70% a slave."
Due to maintenance work on OpenStreetMap, it is temporarily not possible to save any map edits.
OpenStreetMap.org will shortly be available READ-ONLY. You will unfortunately NOT be able to save any map edits. We will be running on our backup infrastructure in Dublin. We are working to restore full services and we are waiting for our ISP to restore services in Amsterdam.❞
Source: en.osm.town/@osm_tech
Indian uncles treat buying a car as the ultimate life achievement.
They’ll talk about it endlessly, making others feel like their lives are wasted.
I’ve seen it in my family.
My opinion: Luxuries = liability
Live free, live on your own terms
If you own alot of liabilities in a city you aren’t available to explore things and move around
📱 Unlocking and infecting a journalist's phone
Serbian police used a Cellebrite device to unlock the mobile phone of a journalist, Slaviša Milanov, and then infect it with malware. This allowed access to his phone and the installation of surveillance software.
Milanov was arrested in Pirot, Serbia, where police confiscated his phone, laptop and camera, claiming they only wanted to check his documents. However, after more than an hour, and without following clear legal procedures, officers used a Cellebrite device to extract data from his phone.
Upon returning the phone to Milanov, he noticed odd things, such as mobile data and Wi-Fi being disabled, and apps draining excessive battery power. He used the Stay Free app to monitor the phone's usage, discovering that several apps had been active during the time his device was with police, suggesting malware had been installed.
The Amnesty International report also mentions that, together with Google researchers, they discovered a vulnerability in a wide range of Android phones that Cellebrite was exploiting. This vulnerability has since been patched by Qualcomm, the affected chipmaker, and Google has remotely removed the spyware from infected devices.
Cellebrite said it is investigating the allegations and is prepared to terminate relationships with any agency that has used its technology inappropriately.
As reported by TechCrunch:
🛡 Router Security Vulnerabilities.
➡️ https://modemly.com/m1/pulse is a useful resource that includes a list of vulnerabilities found in various routers. The guys have already analyzed more than 1000 models and provided the necessary information to eliminate security errors.
Bellingcat Challenges
A small selection of сhallenges (with the ability to check answers) to test #osint skills.
Real ID and/or Digital ID is the next immediate battlefront. Don't fall for the convenience.
Luigi 286 Code
>286 posts on his X
>Breloom Pokédex # is 286
>Insurance denial code 286
>Proverbs 28:6 reads, “Better is a poor man who walks in his integrity than a rich man who is crooked in his ways.”
And it keeps going…
THREAD: https://x.com/DiamondEyesFox/status/1866379807422107771
Find out the IP address through a call to Telegram
https://medium.com/@ibederov_en/find-out-the-ip-address-through-a-call-to-telegram-a899441b1bac
How to trace IP of someone's id in telegram using Golang!
Code:
package mai
import (
"fmt"
"log"
"os"
"os/exec"
"strings"
)
func main() {
const CAP_PATH = "/tmp/tg_cap.pcap" // Temporary path for pcap capture file
const CAP_TEXT = "/tmp/tg_text.txt" // Temporary path for text file with information
const CAP_DURATION = "5" // Capture duration in seconds
// Get the external IP address of the device
ipCmd := exec.Command("curl", "-s", "icanhazip.com")
ipOutput, err := ipCmd.Output()
if err != nil {
log.Fatal("Failed to get IP address:", err)
}
MY_IP := strings.TrimSpace(string(ipOutput))
// Check if Wireshark is installed
_, err = exec.LookPath("tshark")
if err != nil {
log.Println("[-] Wireshark not found. Try installing Wireshark first.")
log.Println("[+] Debian-based: sudo apt-get install -y tshark")
log.Println("[+] RedHat-based: sudo yum install -y tshark")
os.Exit(1)
}
fmt.Println("[+] Discovering User's IP Address on Telegram using Golang")
fmt.Println("[+] Starting traffic capture. Please wait for", CAP_DURATION, "seconds...")
// Start traffic capture with Wireshark
captureCmd := exec.Command("tshark", "-w", CAP_PATH, "-a", "duration:"+CAP_DURATION)
captureOutput, err := captureCmd.CombinedOutput()
if err != nil {
log.Fatal("Traffic capture error:", err)
}
fmt.Println("[+] Traffic captured.")
// Convert pcap file to readable text file
convertCmd := exec.Command("tshark", "-r", CAP_PATH)
convertOutput, err := convertCmd.Output()
if err != nil {
log.Fatal("Error converting pcap file to text:", err)
}
err = os.WriteFile(CAP_TEXT, convertOutput, 0644)
if err != nil {
log.Fatal("Error writing text file:", err)
}
fmt.Println("[+] Pcap file successfully converted to text.")
// Check if Telegram traffic is present in the text file
if strings.Contains(string(convertOutput), "STUN 106") {
fmt.Println("[+] Telegram traffic found.")
// Extract the IP address from the text
extractCmd := exec.Command("cat", CAP_TEXT, "|", "grep", "STUN 106", "|", "sed", "'s/^.*XOR-MAPPED-ADDRESS: //'", "|", "awk", "'{match($0,/[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | awk '!seen[$0]++'")
extractOutput, err := extractCmd.Output()
if err != nil {
log.Fatal("Error extracting IP address:", err)
}
TG_OUT := strings.TrimSpace(string(extractOutput))
IP_1 := strings.Fields(TG_OUT)[0]
IP_2 := strings.Fields(TG_OUT)[1]
var IP string
// Check if the IP address is ours or the recipient's
if MY_IP == IP_1 {
IP = IP_2
} else if MY_IP == IP_2 {
IP = IP_1
} else {
IP = "[-] Sorry. IP address not found."
os.Exit(1)
}
// Get host information for the IP address
hostCmd := exec.Command("host", IP)
hostOutput, err := hostCmd.Output()
if err != nil {
log.Fatal("Error getting host information:", err)
}
fmt.Println("[+]")
fmt.Println("[+] IP Address:", IP)
fmt.Println("[+] Host:", strings.TrimSpace(string(hostOutput)))
fmt.Println("[+]")
// Clean up temporary files
err = os.Remove(CAP_PATH)
if err != nil {
log.Fatal("Cleanup error:", err)
}
err = os.Remove(CAP_TEXT)
if err != nil {
log.Fatal("Cleanup error:", err)
}
fmt.Println("[+] Cleanup completed.")
} else {
fmt.Println("[-] Telegram traffic not found.")
fmt.Println("[!]")
fmt.Println("[!] Run this script only >>>AFTER<<< the response.")
fmt.Println("[!]")
os.Exit(1)
}
fmt.Println("[?]")
fmt.Print("[?] Run whois", IP, "? (Y/N): ")
// Check if the user wants to run the whois command
var answer string
fmt.Scanln(&answer)
if strings.ToUpper(answer) == "Y" {
whoisCmd := exec.Command("whois", IP)
whoisOutput, err := whoisCmd.Output()
if err != nil {
log.Fatal("Error running whois command:", err)
}
fmt.Println(string(whoisOutput))
} else {
fmt.Println("[+] Goodbye!")
os.Exit(0)
}
}
➡️ Telegram Maltego
a free set of Transforms for Maltego that enables OSINT investigations in the Telegram messenger.
Initially designed solely to simplify de-anonymization through stickers/emojis, it has since expanded far beyond its original functionality, allowing for more advanced investigations.
Features:
Getting Telegram profile by phone number
Getting a linked Telegram channel group
Getting a list of Telegram group administrators
Getting a list of authors of a Telegram channel
Collect all forwarded & similar channels by Channel
Search for deleted posts and generate links to view them
Indexing of all stickers/emoji in Telegram channel
Identification of the creator of a set of stickers/emoji
https://github.com/vognik/maltego-telegram
nostr:note1wl7gret2z6mggnk9auss7cn4zp0hgwtnaef4jkj2u7a9qw3lmrhsm5mx5w
Find out the IP address through a call to Telegram
https://medium.com/@ibederov_en/find-out-the-ip-address-through-a-call-to-telegram-a899441b1bac
📱 Mozilla Firefox has removed the "Do Not Track" option
The decision is based on the fact that many websites ignore this signal, rendering the feature ineffective in protecting users' privacy.
Firefox since version 135 no longer displays the option to send a "Do Not Track" request in its privacy preferences.
Instead, Mozilla recommends using the Global Privacy Control (GPC) as an alternative to prevent tracking, as GPC is more widely respected by websites and is backed by legislation in some regions.
It's unclear how this transition will be handled for users who already have DNT enabled, but Mozilla has updated its support page to inform about these changes as reported by Windows report
-Although it may seem like a negative thing, the "Do not track" option is something that was not only ignored by many pages, it also "marked" you for its little use, something to keep in mind when making this decision-
Go on a mental diet.
The news, social media, entertainment — all of these mediums try to fill you with limiting beliefs and specific worldviews.
Cut them out for a while and get to the core of who you are.
📱 More updates for the Pixel 6, 7 and Fold
As we already know, Google Pixels can become the most secure and private devices in the world thanks to GrapheneOS.
Well, we have good news, it turns out that the Pixel 6, 7 and Fold will receive 2 more years of operating system updates.
These 2 generations were supposed to have 3 years of OS updates and 5 years of security updates, but they have equalized them to 5 in both cases.
Google itself claims that it will end 5 years after the device is released in the US.
Something that will make getting a phone with GrapheneOS even more accessible, as they are becoming increasingly cheaper.
Could your coffee maker or microwave be spying on you?
Many smart devices in our homes are collecting excessive amounts of personal data beyond what’s needed for product functionality & sharing it with outside entities.
Read the article here: https://archive.ph/?run=1&url=https://www.tomsguide.com/computing/online-security/snooping-speakers-and-eavesdropping-airfryers-are-your-smart-devices-spying-on-you
Michael Saylor says he’s going to keep raising billions in cheap capital until MicroStrategy owns at least $3 trillion in #Bitcoin and has a market cap of $10 trillion dollars.
X's Grok AI Chatbot is now available to all users 🤖
Elon Musk's artificial intelligence chatbot Grok is now available to free users on the X platform , allowing them to send up to 10 messages every two hours.
Grok's expanded free access could make it a serious competitor to other chatbots like OpenAI ChatGPT
Elon Musk is also considering creating a standalone app for Grok
https://www.theverge.com/2024/12/6/24314860/x-grok-ai-chatbot-available-all-users