Today friends, we will learn about google dorks.
Dorks are common parameters that can be used to quickly locate things that should not be on the internet.
And if google dorks aren’t interesting enough, because google does not index enough public buckets for you, then we get to learn about gray hat warfare too :)
Allow me to introduce the often abused Computer Fraud and Misuse act: https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
If you’d like to lose the ability to use ANY sort of technology for decades if not indefinitely, go ahead with the greyhat stuff.
The sector of lawfully using your knowledge for good is ever expanding and pays well. I’d strongly advise using your powers for good and dodge any unnecessary risk if you enjoy doing what you do.
9/10 times, it ain’t worth the risk. Being strategic and thinking things over carefully (err on the side of least action) is going to benefit you
My apologies, allow me to elaborate - grayhatwarfare.com is a cybersecurity company that crawls and indexes publicly-available blob stores, like s3 buckets, azure storage accounts, digital ocean spaces, and google cloud object stores. They offer limited search capabilities for free, no account-wall.
They are a legitimate cybersecurity company, despite their name.
My employer is working on a sensitive data scanning service, to alert clients in case their information surfaces in these buckets (even if they do not own the bucket), leveraging the grayhatwarfare api. In short, allowing us to detect and remediate the problem, which I hope you will agree is a white-hat activity :)
I do not publicly condone breaking the law. I reserve the right to criticize the DMCA tho ;)
This is a honeypot, stop it.
Those aren’t what classified markings look like. It’s fake.
WHY ISN’T OUR GOVERNMENT SELF HOSTING THIS SHIT
Has anyone read the document? It doesn’t actually look legitimate.
Yeah especially the acronyms, JEDI, LEBRON, JORDAN c’mon one. Even astrophysicists aren’t that bad
A lot of them look legit, mostly because they are boring. I scanned a few, it’s stuff like the air force’s memo on how to deal with press, or a memo alleging a number of Russian cybersecurity attacks on U.S. assets.
If someone was going to fake releasing stuff like this, they probably wouldn’t do it with such boring documents, they’d put some shit about aliens in there.
Mmm. So I agree with your initial assessment, but the later rationale not so much
Disinformation is the tool used by war today. Russia is doing A LOT of it as of late coming up on this election cycle and could easily push propaganda and fake news via channels like this.
Similarly, and on the other side of this coin, the US could also do this to push propaganda. You cannot trust things for face value on the internet.
Again, if it was propoganda I think it would be more incendiary. You’re free to go through the information if you wish, and there probably are some juicy secrets somewhere in the mess of files, but my spotcheck made me yawn. If you don’t want to live in a world with no truth, you have to start thinking about the intent of the author. If the intent of the author here was to plant misinformation, or to sow division, then they did a terrible job at it. What little I read gave me no interest in reading more.
