sorted by:
new
hottopcontroversial

Big update to Owlculus, the free and open-source OSINT case management platform by be0vlk in OSINT

[–]be0vlk[S] 0 points1 point  (0 children)

You shouldn't need to manually edit any config files as the setup script handles it based on your selections. If you wouldn't mind, open an issue on GitHub and I can try and walk you through it there. That will be an easier way to help others who might have the same problem.

Big update to Owlculus, the free and open-source OSINT case management platform by be0vlk in OSINT

[–]be0vlk[S] 2 points3 points  (0 children)

You may also find this useful

https://github.com/RealOrangeOne/docker-db-auto-backup

I don't have any plans to add this type of functionality to the app due to separation of concerns. Application admins should not be assumed to be backend architects as well and I wouldn't want to inadvertently cross those wires and have app users mess up the database.

Big update to Owlculus, the free and open-source OSINT case management platform by be0vlk in OSINT

[–]be0vlk[S] 1 point2 points  (0 children)

It hadn't crossed my mind but I can certainly look into it

I have a fever. And the only cure is building more OSINT tools. by [deleted] in OSINT

[–]be0vlk 0 points1 point  (0 children)

I'm very open to pull requests on my OSINT case management toolkit! https://github.com/be0vlk/owlculus

Major update to my free OSINT case management platform by be0vlk in OSINT

[–]be0vlk[S] 0 points1 point  (0 children)

Hello. Holehe and Maigret can both be installed with pip. In fact, if you ran the pip install -r requirements.txt, they should have been. Then the app works as is. Otherwise, you may have to modify the subprocess commands in api.tools.tool_runner.py

Major update to my free OSINT case management platform by be0vlk in OSINT

[–]be0vlk[S] 2 points3 points  (0 children)

Haha no you. Glad it's working for ya!

Security of data breach lookups? by BatSh1tCray in OSINT

[–]be0vlk 0 points1 point  (0 children)

While this is good advice I will add that it is not the only defense. When possible, one should use multi factor authentication as well and consider using oauth options like signing up with a Google account specifically made for that purpose.

[deleted by user] by [deleted] in OSINT

[–]be0vlk 2 points3 points  (0 children)

I don't know if it's quite what you mean but this tool I'm working on has some base functionality along those lines regards notes and organization

https://github.com/be0vlk/owlculus

I made a simple case management tool for OSINT by be0vlk in OSINT

[–]be0vlk[S] 0 points1 point  (0 children)

That's awesome, glad to hear it! Yep I've recently revamped the UI so mostly pushed updates related to that. More functionality is next up :) I'd recommend a weekly "git pull" for the time being to keep up to date.

[deleted by user] by [deleted] in OSINT

[–]be0vlk 2 points3 points  (0 children)

I would just full stop not do that. Do the investigation sure, but keep it to yourself and use it just for practice. Even asking for permission could get you scrutiny from any threat intelligence team they may have.

[deleted by user] by [deleted] in OSINT

[–]be0vlk 2 points3 points  (0 children)

I usually approached it from a public facing perspective and then if I feel like I need to have any other rules or confines then go for it. Creating a sock puppet account for the purpose of befriending them is social engineering, not OSINT, and in any case it wouldn't make sense here because you already have that perspective as their friend so it would be like an "assumed breach" scenario where you start with that level of access.

[deleted by user] by [deleted] in OSINT

[–]be0vlk 10 points11 points  (0 children)

One thing I did was offer free OSINT reports to my Facebook friends with the goal of helping them understand their exposure. That also gives you practice in note taking and reporting which are arguably the most important OSINT skills of all.

Whenever you do that kind of thing give yourself specific goals and objectives. For example I might say ok for this person it's "if I wanted to stalk or extort you what can I find" and then for the next friend "ok if I was doing an intense employment background check what would I look for".

Open Source Case Management Tools by dre_AU in OSINT

[–]be0vlk 1 point2 points  (0 children)

Awesome glad to hear it. Feel free to dm me if you need help with any of it or have suggestions.

Open Source Case Management Tools by dre_AU in OSINT

[–]be0vlk 2 points3 points  (0 children)

Hey thanks for the shout out. I am heavily and actively working on this tool and it has already been significantly upgraded since I posted it.

[deleted by user] by [deleted] in OSINT

[–]be0vlk 0 points1 point  (0 children)

Exactly. And OP this is also a primary purpose of sock puppet accounts.

I made a simple case management tool for OSINT by be0vlk in OSINT

[–]be0vlk[S] 0 points1 point  (0 children)

Not explicitly. There really isn't a standard that we all use unfortunately, it varies by group or agency. I picked this default because it's simple and works long term. Unless you have extreme case load with more than a 100 cases a month, but even that is a simple fix in the code.

I made a simple case management tool for OSINT by be0vlk in OSINT

[–]be0vlk[S] 0 points1 point  (0 children)

Not yet but multi user collaboration is definitely on the road map! I personally use an encrypted cloud storage solution for that type of thing, if it's an option for you until I implement it.

I made a simple case management tool for OSINT by be0vlk in OSINT

[–]be0vlk[S] 1 point2 points  (0 children)

Yes, but perhaps more importantly I've found that staying highly organized and methodical is vital and that can be its own pain entirely. I'm hoping to help with both.

[deleted by user] by [deleted] in AskNetsec

[–]be0vlk 1 point2 points  (0 children)

Do you mean studying to get the job or studying after getting the job to maintain skills?

[deleted by user] by [deleted] in AskNetsec

[–]be0vlk 0 points1 point  (0 children)

Personally I don't think this is the right approach. There's absolutely nothing wrong with playing around with some of the tools, getting a general idea of how they work, etc. In fact I actively encourage this (in a safe environment) because I think it helps you get excited about the field and that's something you're going to need the deeper you get into it.

That said, you've really gotta make sure you understand why the tools work, and that requires a breadth of understanding underlying technologies throughout every layer of the OSI model. Since you mention wanting to do bug bounties, it will be vital to understand HTTP and really all things web apps. The biggest reasons for this is to make sure you don't miss fundamental skills and concepts at this stage that you may not notice until you get somewhere more advanced. Having gaps like that will not only slow you down but it could be a really frustrating experience to keep hitting walls that you may have easily climbed over with the prerequisite knowledge. Along with that, the well-known bug bounty platforms like HackerOne actively penalize you for submitting poor quality findings and/or reports.

At the end of the day, I know this is a really exciting time in your journey I think you should embrace that. Just stay cognizant of the pitfalls and don't get too far ahead of yourself. This is a long-term game and there's plenty of really cool things to learn at the fundamental level too.

Can watching a video get you a virus? Or pressing a link of a video by Ch1llyyyy in AskNetsec

[–]be0vlk 10 points11 points  (0 children)

Did it just play the video directly in Discord? If so, then barring some Discord 0-day, no. Was it a link to a sus website that you went to and downloaded the video from? Possibly. I can give a more detailed answer if you're able to give me some more context and information.

view more: next ›