Cyber_detective
2.05K subscribers
487 photos
3 files
514 links
Every day I write about open data intelligence tools and techniques. Also a little bit about forensics, hacking, and cybersecurity. @cyb_detective
Download Telegram
to view and join the conversation
August 23
August 23
August 23
August 25
Cyber_detective
How do I get a complete list of pages saved in Waybackmachine? Just paste the link to it into the search form and add an asterisk to it. #osint #internetarchive #littletrick
August 25
August 25
August 25
August 25
August 25
August 25
"Buckets" are containers for storing data in cloud storage.

It often happens that, due to inattention of the owners, "buckets" that contain personal data end up in the public domain.

Examples, tools for finding "sensitive data" and security tips in this thread Thread

In March 2021 Daniel Niv published a study that Azure cloud servers hold millions of files with "sensitive data" that their owners made public by accident.
https://cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files
The research team scanned 200 million storage accounts and found 100K, which contain sensitive data

In particular, they found:

2,5 millions records of Personally Identifiable Info
Personal Health Info (2,300 files)
Financial Data (2000 files)
Invoices (1 million)
Agreements, Contracts, and Assets Structure Plans (more than 1 million)
Log Files
Encryption Keys and Passwords

The above-mentioned article recommends using the #opensource tool https://github.com/securing/DumpsterDiver for search volumes of data from cloud storages to check if it includes secrets in it.

Also researches recommend use their own tool https://github.com/cyberark/BlobHunter for checking specifically Azure Cloud Storages.

Online tools can also be used to search for sensitive data in the buckets. Here's a link for Amazon AWS:
http://buckets.grayhatwarfare.com (creator
@grayhatwarfare
)

The picture 1 shows an example of private data found by the "Invoice" query

And here is a service for searching Microsoft Azure files:

http://osint.sh/buckets

The picture 2 shows an example of the found list of users of the service by the query "users/csv"

There used to be a similar tool for Google buckets called DataDrifter.

But today it no longer works (perhaps temporarily)

For Google Storage research it's possible to reccomend GCPBucketBrute (script to enumerate buckets, determine what access you have to them, and determine if they can be privilege escalated).

Sensitive data in the bucket can also be searched using Google Dorks. For example:

"site:http://s3.amazonaws.com filetype:xls password"

This topic is covered in more detail in the article:

https://justhackerthings.com/post/hunting-for-insecure-amazon-s3-buckets/


And finally, links to pages in the documentation where you can find out how to check if your cloud storage contain public buckets:

Amazon —https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
Google — https://cloud.google.com/storage/docs/access-public-data
August 26
August 26
August 26
August 27
August 27
August 27
August 28
August 28
August 28
August 28
August 28
August 29
August 29
August 29
August 29
August 30
August 30
August 30
August 30
August 31
August 31
August 31
Cyber_detective
noxinfluencer.com/youtube/channel-compare Compare 2 or 3 #YouTube channels by following indicators: Channel Crowth Updated Frequency Video Perfomance Engagement Social Media World Rank Followers Daily Followers Total Views Data can be compared over time…
August 31
August 31
August 31
August 31
September 1
September 2
September 2
September 2
September 2
September 2
September 3
September 3
September 3
September 3
September 3
September 3
September 3
September 4
September 4
September 4
September 5
September 5
September 5
September 5
September 5
September 5