SOCMINT for Hackers

Dear readers, 

Spring is here for good and so is the newest issue of Hakin9 Magazine! This month we prepared for you various guides and introductions dedicated to one of your favourite topics - OSINT for Social Media. Let’s take a look at what's inside!

If you are just starting your adventure with OSINT, we recommend you take a look at Beginner’s Friendly Guide to OSINT, in which you will learn the basics of information mining and some of the most useful OSINT tools. 

Then we move to a more advanced topic with Retrieving OSINT from Social Media Platforms Online; a Detailed Guide and Analysis, and as the title says, the author will guide you through gathering information on social media platforms, such as Facebook, Twitter, and LinkedIn. 

Next, we have OSINT - Social Media. Gathering Data From Large Social Networks in which the author presents the use of various OSINT tools on selected examples. Then we drift off to Twitter OSINT Using Tinfoleak and Reverse Imaging.

Later on we have Lightning Fast Profile Lookups Using NExfil - an introduction to NExfil, a new open source profile lookup that will help you quickly fetch accurate results, with low amount of false positives in a short time. This article is written by the tool creator themselves, Lohitya Pushkar. Then we move to Mining Information with SpiderFoot - a detailed guide to SpiderFoot, in which the author presents use cases with hands-on examples. 

In OSINT - Challenges the author discusses challenges related to OSINT, such as information overload, data rejections, conflicting data, mosaic effect, etc. This article may help those of you that have to face those challenges in your everyday life. 

We also prepared articles on other interesting topics that will make your work as an ethical hacker a little bit easier. You may want to take a look at Majestic Meterpreter - a research paper in which the authors explain ways and techniques of attack using Meterpreter - or at Bypass Endpoint Protection of Various Vendors Using TrevorC2 - a guide that demonstrates the bypass to Trend Micro, Sophos, and McAfee endpoint security. 

And if you liked our Android Hacking issue, we suggest you take a look at Extremely Vulnerable Android Labs (EVABS) Application: Study Reviews - an article that will help you understand the basics and fundamentals on how the android vulnerabilities can be analysed and exploited.

As you can see, this month’s issue is packed with guides and tools that may come in handy in your everyday work. We hope you’ll find something that suits your needs best! We would also like to send gratitude to our contributors, reviewers and proofreaders, who helped us create this issue! 

Stay safe and enjoy!

Hakin9 Editorial Team

Table of Contents

Beginner's Friendly Guide to OSINT

Aarohi Mangal

The full form of OSINT is Open Source Intelligence. Here, we will discuss a web-based tool called OSINT framework. OSINT framework is not a tool to perform OSINT, rather it is a very useful tool to get all the websites, resources or tools that are freely available and can help us to gather information about our target. Initially, the aim of this web application was focused on IT security, but later with time, it has evolved and updated its data to provide other kinds of information from other industries as well.

Retrieving OSINT from Social Media Platforms Online; a Detailed Guide and Analysis

by Lochana Koralage

Social media plays a key role in today’s world, with respect to all aspects including business intelligence, data analytics, social statistics, behavioral analysis and many more, especially, when it comes to security related aspects, national security, spread of news and fake news, politics, and political campaigns, etc. Social media plays a game-changing role in the current world. Therefore, effective and useful exploitation of such data is a much-needed skill related to social media intelligence. So, through this article, a basic understanding of surfing through bulks of available data in social media platforms is provided to the readers. There are different tools and techniques that can be used in the process, especially related to more important data sources including Facebook, Twitter, and LinkedIn. 

OSINT - Social Media. Gathering Data from Large Social Networks

by Atlas Stark

The Social Network is comprised of a wide variety of social media platforms and obviously there are a few very large entities that sit at the top - you guessed it, Facebook, Twitter, Instagram and a few others are at the top of the social heap. For this article, however, we are going to focus on tools and techniques that are used to extract data from one of the three mentioned.  Let’s get started!

Twitter OSINT Using Tinfoleak and Reverse Imaging

by Jeff Minakata

In this article, we will be talking about using OSINT for our Twitter investigations. We will be breaking this up into two sections, the first section is information collection on Twitter and the second part is verification of that information. To follow along with this article, you will need a web browser and an internet connection. We will be using browser based tools for this tutorial. The goal of this article is to understand how we can leverage online tools to collect information on Twitter users and also some tips on analyzing a post that may be misleading.

Lightning Fast Profile Lookups Using NExfil

by Lohitya Pushkar

If you have performed profile lookups before then I am sure you will be aware of some existing tools for the same. NExfil is a new free and open source profile lookup tool written in Python. The goal of NExfil is to fetch accurate results quickly, which means low amounts of false positives in a short amount of time. It comes loaded with over 350 social media platforms, which can be expanded. Most of the popular social media platforms have been added and tested for accurate results.

Mining Information Using SpiderFoot

by Mayukh Paul 

In this era of social media, information is openly available everywhere. Open-source intelligence is the collection and analysis of publicly available data. OSINT tools are used during the reconnaissance phase to gather as much information as possible about the target from the internet. SpiderFoot is a reconnaissance tool that spontaneously inquires over 100 data sources available in public to gather intelligence on IP addresses, social media influence, email addresses, and more. The data collected from the scan reveals a lot of information about the target, providing insight on vulnerabilities and possible data leaks. In this article you will find use cases of SpiderFoot on various examples. 

OSINT – Challenges

by Syed Peer

As we entered into a new 21^st century over two decades ago, we were unknowingly at the cusp of a digital tsunami headed our way that would redefine our understanding of War and Peace and Friend or Foe. New “virtual threats” arose more dangerous than the physical ones that we were ill prepared for, having practiced for generations to rebuff physical brute force attacks with military, navy and air defenses. To face the modern threats, we have had to re-engineer and re-invent our intelligence services themselves by taking advantage of open sources of data and information.

Majestic Meterpreter

by dr. Akashdeep Bhardwaj, Keshav Kaushik, Varun Sapra

This research initially gains backdoor sessions in Windows OS, and then disables the antivirus protection on the victim system. Using custom developed and designed Ruby scripts, grab the victim’s webcam images, videos and voice secretly. The authors also configure an invisible Keylogger on the victim machine to grab the victim’s text. All this can be performed using Meterpreter without generating any alerts or warning to the victims. This research is based on the use of the exploit tool that is Metasploit’s most powerful feature – Meterpreter scripting environment. The authors display exploitation by executing multiple custom developed Ruby scripts on unpatched Windows OS.

Bypass Endpoint Protection of Various Vendors Using TrevorC2

by Marlon Fabro

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. This document demonstrates the bypass in Deep Security by Trend Micro, Sophos Endpoint Security and McAfee Endpoint Security protection products.

Extremely Vulnerable Android Labs (EVABS) Application: Study Reviews

by Alif Erfan

The purpose of this document is to review and understand risks and threats that may be found in common Android mobile applications that we use in daily life. By reviewing these applications, we can understand how Android mobile application risks generally work, operate, and are executed in our mobile devices. This study review will help us understand the basics and fundamentals on how the risks are analysed and can be exploited.