Deep Dive OSINT (Hacking, Shodan and more!)
People really do share too much information on social media (even on ships!). That's makes it too easy to find them and know what technology what they are using - don't overshare and don't use default passwords. Don't connect insecure systems to the Internet as tools such as Shodan make it easy to find them. This does affect ICS systems and other systems that control a ship.
Rae's book has been published since this interview:
Amazon.com: amzn.to/426Bd0F
Amazon.co.uk: amzn.to/41Md8fW
// Rae's Social //
Twitter: / wondersmith_rae
KZread: / @wondersmith_rae
Training Website: kasescenarios.com/
Website: www.raebaker.net/
// Micah Hoffman SOCIAL //
Twitter: / webbreacher
LinkedIn: / micahhoffman
Personal website: webbreacher.com
Micah's OSINT Training Courses: myosint.training
Micah's OSINT CTF Platform: osint.games
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZread: / davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// MENU //
00:00 - Intro
00:44 - Introductions // Rae Baker and Micah Hoffman
02:07 - Finding ships with OSINT
04:04 - How to find and track ships
14:13 - Using Twitter for maritime OSINT
16:21 - Security leaks on TikTok
18:32 - AIS systems on Shodan // Hacking vulnerable ships
24:33 - Cases of illegal activities
28:09 - Using satellite to find ships
35:53 - Finding the owner of a ship
40:58 - The complications of maritime OSINT
43:06 - Vulnerable technologies on ships // Hacking ships
44:40 - Spoofing of a US Navy ship in Crimea
46:51 - China's maritime militia
47:58 - Somali pirates
48:25 - Live Piracy Map
49:02 - Rae Baker socials
49:28 - Upcoming book
50:00 - Conclusion
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
osint
open-source intelligence
open source intelligence tools
geolocation
geolocation game
tiktok
facebook
instagram
geolocation google
geolocation bing
social media
warning about social media
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#osint #cyber #privacy
Пікірлер: 128
Rae's book has been published since this interview: Amazon.com: amzn.to/426Bd0F Amazon.co.uk: amzn.to/41Md8fW // Rae's Social // Twitter: twitter.com/wondersmith_rae www.youtube.com/@wondersmith_rae Training Website: kasescenarios.com/ Website: www.raebaker.net/ // Micah Hoffman SOCIAL // Twitter: twitter.com/webbreacher LinkedIn: www.linkedin.com/in/micahhoffman/ Personal website: webbreacher.com Micah's OSINT Training Courses: myosint.training Micah's OSINT CTF Platform: osint.games // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZread: kzread.info // MY STUFF // www.amazon.com/shop/davidbombal // MENU // 00:00 - Intro 00:44 - Introductions // Rae Baker and Micah Hoffman 02:07 - Finding ships with OSINT 04:04 - How to find and track ships 14:13 - Using Twitter for maritime OSINT 16:21 - Security leaks on TikTok 18:32 - AIS systems on Shodan // Hacking vulnerable ships 24:33 - Cases of illegal activities 28:09 - Using satellite to find ships 35:53 - Finding the owner of a ship 40:58 - The complications of maritime OSINT 43:06 - Vulnerable technologies on ships // Hacking ships 44:40 - Spoofing of a US Navy ship in Crimea 46:51 - China's maritime militia 47:58 - Somali pirates 48:25 - Live Piracy Map 49:02 - Rae Baker socials 49:28 - Upcoming book 50:00 - Conclusion // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #osint #cyber #privacy
@staciajohnson8958
Жыл бұрын
Turning you in trader
Oh, yes BABY! OSINT from Bombal. Perfect thing to watch instead of any tv shows tonight. My GF's going to be mad but I'm a man on a mission.
@davidbombal
Жыл бұрын
lol... you're got to watch what's important - right? 😀 But I don't want to start a war in your house! 😂
@zp5808
Жыл бұрын
@@davidbombal Absolutely. This is an investment, so she'll eventually understand, and accept it. And I'll also compensate her properly for letting me learn. 👌
How I love this man's work
@davidbombal
Жыл бұрын
Thank you very much!
@noirbl00d98
Жыл бұрын
Jj.
Very cool to pair ship tracking and OSINT. Every time I visit my parents-in-law, I always make a "command central" in their living room, so I can track ships (with AIS catcher and OpenCPN) and air planes (Dump1090). They live on a larger island in an archipelago, so there is a lot of opportunity to track yachts during the summer. This video really inspire me to do OSINT when I'm tracking ships.
@davidbombal
Жыл бұрын
Glad you enjoyed the video Boris!
Thank you for all the work you do! The content you make is fantastic and you always have interesting guests
Another great video David!! I'm currently halfway through Rae's book; I expected a lot more technical stuff but I can also appreciate how beginner friendly it is!
A new video full of wonderful and important information. Thank you, our dear teacher, for this wonderful effort
definitely buying your book Rae Thanks David for this great episode too, I enjoyed every minute
🙏🙏🙏You are still showing us every system can be hacked... Much more love ❤❤
Great video David, havent seen anything posted on maritine tracking and OSINT before. Very cool.
you know , i like the way how you are thinking out of the box .these kind of interview really awesome , i had a project in my mind to build a customized tool to track cargo ships around the world with live data feed ,it will be very useful in my work, still gathering information to complete the puzzle , this video is jumping step to mine , thanks a lot .
Great and informative. This may have opened a new hobby for me.
Best cybersecurity video are available here and best teacher also❤️
@davidbombal
Жыл бұрын
Thank you. You are very kind. So many amazing people in the community :)
Thanks for sharing, OSINT is always an amazing topic to dive deep into.
Very informative presentation, thanks for the knowledge transfer. Watching this the day after the Sig was hit by Ukraine after multiple earlier attempts on its trip back from Syyria makes this particular episode quire spicy. 👍
Hi David, love this and every other video you make, outstanding stuff. Saw you mentioned South Africa and Durban my home town. When you popping into SA for a visit?
amazing video, I had no idea how OSINT would work in this field.
I did an OP for a contractor on subs. Really fun. Subs are fun because you can't contact it all the time. So it's only "connected" for a few minutes at a time or even longer. So if you want to get something done, you have to do it quick before you lose connection.
as someone who has been doing OSINT for 15 years now, I am no longer surprised by what people share online and what kind of things you might find hiding in plain sight.
David, Rae, this was interesting. Thanks for posting. Too bad the SS Minnow didn't have this technology. :)
YESSSSSSSS a new video!!!!! Great topic!
veru verry intersting woow Big thx Mr Bombal you are offering so much informations for free God Bless u
This is great! I loved the video!
This info & knowledge is key in stopping human trafficking
Me encanto el video, herramientas nuevas que no conocía. 🌄🌠🇨🇴🇨🇴
I'm just starting the video and I can tell that I'm going to love this. This is some scary stuff for real if you take security seriously.
@Freakazoid12345
Жыл бұрын
I knew somebody who was being stalked, had their driver's license stolen, personally information posted online and everybody at that address ended up dead a few months later. So I take this stuff VERY seriously.
Really interesting stuff and a very informative analysis. I also really enjoyed the animation at your intro. Could you give me more info, what tool did you use and how could I do the same?
Great video David, Rae and Micah. Definitely more OSINT content please. Would recommend getting Benjamin Strick on your channel (aka Bendobrown). He has an excellent OSINT KZread series with a geolocation focus. Would be interesting to get him on to distil his knowledge and for him to provide some guidance to OSINT beginners on where they can provide assistance with OSINT investigations.
This was an interesting video. A cool use of OSINT.
Its funny how much information people are willing to put on the internet about themselves. "Once on the internet, forever on the internet."
@davidbombal
Жыл бұрын
Exactly. Way too much information available online!
Amazing work you're doing Rae 😊 Hope to see next time air OSINT, like private jets, airforce, etc... it would be sea and sky OSINT research
@wondersmith_rae
Жыл бұрын
Check out my book! I do a whole section each on trains, planes, cars, and ships :)
@sk9la
Жыл бұрын
@@wondersmith_rae Nice, thanks rae I'll definitely check it
I was just watching deadliest catch, and now we talking about ships and boats osint
@davidbombal
Жыл бұрын
lol... I hope you enjoy the video!
Please make more OSINT, pentesting, career help etc. Thank you
Hello again David, I'd say I'm really good at OSINT and hacking compared to my age, which is 16, I love OSINT and I can track pople and create a dox of them with emails, addresses and passwords, etc etc. I also have been hacking on HackTheBox and picoCTF for 4 years, I also code in Python, HTML/CSS/JS, C and a bit of Golang. I'd like do ask do you have any tips where I could work maybe for free for practice in the summer. And btw nice video again, like always, keep it up! 🤙
Love those osint videos ❤
Love your content 💓
2 topic ideas I am interested in: Linux networking processes (ssh, ssl, nc) and the differences in security job roles and relate that to entry levels
Hey David, great show and contents as always. My background is in Identity Access Management as an IAM/PAM Analyst in CANADA. I am considering switching fields to something more challenging and interesting (kind bored in my current field) like Penetration testing/hacking Red team /or defensive Blue team, not sure how to go about it? I don't know where to start, don't know what sort of training/or skill or certifications would I need. Currently I have: Microsoft MCP, CompTIA A+, CompTIA Security +. No Networking certification yet (might think about it) and No University Degree either. Any advice, directions ,training, or certifications to consider is greatly appreciated.
This was awesome!
It is fantastic 😀
I just wait for the this channel's notification
@davidbombal
Жыл бұрын
Thank you! I really appreciate your spot!
This is so good
Love how Nick is watching over her shoulder.
I had installed new systems on VLCC tankers, it is like “black box” on airplanes. Connected to every system and equipment of ship to provide shipowners with online status of whole ship. And it is connected to internet through VSAT but not SAILOR. They use Sailor as backup system. Of cause there is firewall :) so it is not so easy for intruder to hack.
SOUNDS INTERESTING.
Thank you for the video, can you do OSINT cybersecurity about air planes?
Thanks a lot
The shipping industry can be a lucrative and often overlooked career choice. However, while there are certainly opportunities to earn a substantial income, the industry's outdated practices may lead to monotony and boredom. The absence of modern technology in my former position as a cost estimator at a dry dock for Navy and Coast Guard vessels was the main factor for my lack of motivation. There are definitely weaknesses in their cyber security systems and I would always use social media and marine traffic to see where ships would be stationed to figure out if the competition would have a better chance of winning contracts. I have noticed some new technologies, such as digital twins, being used in the shipping industry. However, I'm concerned that these technologies could become a cyber security risk in the future. It may take a while before most dry docks start using them.
OSINT with BOMBAL is as always❤🔥🔥
@davidbombal
Жыл бұрын
Glad you to hear that Vignesh!
Hey could this possibly be used to track find a submersible
Real nice
@davidbombal
Жыл бұрын
Thank you!
Interesting about some subs not being able to be tracked. Perhaps you could employ Time Domain Reflectometry or something similar to track the object?
@davidbombal thank you for the time lists on your videos! Keep up the good work! Much appreciated!
I think this could actually be usefull for locating missing at see vessels like the Titan submersible that is missing right now
isnt there api data that can be checked for new behaviors ?
Anyone know where I can find content regarding that ship/ boat that was supposedly hacked, I think it had a Taiwanese man onboard who told the story. I watched the video on here but unable to find no.
The only weak point is if someone just sitting and waiting to capture handshake in the moment when shore staff connecting to system ( every day).
I’m a marine officer by profession, trust me she has no idea about IT tech onboard. Most of the companies has very strict IT policies and we have separate networks for everything network. OT part is not even connected to internet or onboard server. AIS tracking is like flight-radar24, there is no secret tracking or magic there.
@dataolle
Жыл бұрын
Shodan / censys shows that she has some data backing up what she is saying. Just because there are policys in place does not mean that it is always followed.
@gwebocelestron9194
Ай бұрын
@@dataolle Agree. 32 year cyber security pro here - wrote many policies over those years. Policies are just a written document - sometimes read, most of the time ignored. They are in no way security controls.
Are there free resources where we can practice osint ctfs for free ?
I want to be able to Acess my network remotely without netcat or reverse shell. Like when I login my router remotely from a open port typing in address bar. I haven’t come across anyone on KZread doing that with kali remotely.
Interesting video. So next video will be osint an AI ? Maritime militia were sweeping southamerica seas and pacific ocean last year
4:18 You should resee Trainspotting (1996) :D
I had no idea AIS systems tracked vessel weight? Any more info on that? Cant find any
@wondersmith_rae
11 ай бұрын
Many things are reported through AIS including weight, draft, and speed. That said, AIS can be manipulated.
@Ai-vq8rj
10 ай бұрын
it can be estimated by the declared draft. And also some ports or coastguards require extra details to be included for vessel reporting system.
🖤
Sir my jarsigner file unable to open what can I do
Nice
@davidbombal
Жыл бұрын
:)
@user-rk5tk5ui9l
Жыл бұрын
@@davidbombal You're welcome❤️
I love thid ❤❤❤❤
🏆💎
Outweight important , goat it !
What about OSINT on social media and how people disclose too much information. Ive seen quite regularly how people will post their flight tickets, luxury goods, hotels, etc on social. There is a great story about tue forme4 Australian PM posting a flight ticket and a white hack showing how the flight company website was holding his ID, house address, cellphone number, etc.
Has osint ever used facial recognition to help find people?
Sir I need your help. My windows PC has 2 account, 1st is main with Administrator permission and has a Password & 2nd is like guest account. Now my 1st account faced black screen issue and 2nd was working good but the thing is, I have Drive which can be only accessed by 1st account because only 1st account only has that permission and to resolve that black screen issue I tried to uninstall update with the help of advanced option but when I select that option it shows that there is no Administrator Account on this PC. I tried to access that Drive with my another HDD(HDD2) running Windows 10 but it also doesn't have access to that Drive even with Administrator Account from HDD2. Q.1- Can I access the drive with another operating system like Linux?? Q.2- What if I reinstall Windows 10 again on HDD1?? This method is bit scary so I am asking you PLEASE HELP ME SIR!!! OR PLEASE TELL ME HOW TO GET ACCESS TO DRIVE WITHOUT PERMISSION, I HAVE MY WHOLE DATA IN THAT DRIVE. PLEASE SIR!!!! I just want backup that data.
The 1 and only George Hotz as a guest plz.... THX
I'm just transfixed by Nicolas Cage's icy gaze over her shoulder
@wondersmith_rae
Жыл бұрын
He is always watching
Finally a job made for my interesting investigation mind😂
Hello, I hope you are well. I hope that you will help me. You explained in a previous video on the path of (root android) kail. It is a video, but in making a root for the Samsung s, thank you Mr.david
Sir , in what time I would become professional hacker able to hack every every gadget. If you would tech me sir than what I will have to do for that. Kindly tell me. I hv only 3 months can I learn all this . I did MCA .
@samuelhulme8347
Жыл бұрын
From what I know I would say it would take many years to learn how to have everything. Even the most powerful hackers don’t know how to hack everything. It will take a lot of time at practice. There are lots of good videos of KZread which could help.
David sir plzz darweb osint and darkweb related crimes love ur channel from india
First time I'm not first!
@davidbombal
Жыл бұрын
lol.... close!
Well let’s do API’S security in this 2023
be critical to the information she give.
!!!
Deep Dive in the title and talking about submarines??? There's a pun in here somewhere....
@davidbombal
Жыл бұрын
Deep, deep dive into the ocean 😂
Subs are not tracked
Darkweb osint would be nice
Vsat is not AIS
@leonredbon
Жыл бұрын
AIS is a VHF transceiver and not connected to VSAT equipment.
first
@davidbombal
Жыл бұрын
Thank you for your support!
first :>
@davidbombal
Жыл бұрын
Very close!
@syanhnguyen2233
Жыл бұрын
@@davidbombal thank you.
Https websites can be hacked
@samuelhulme8347
Жыл бұрын
So can everything else.
شكله من هذا الفيديو الحوثيين تعلموا شلون يحصلون على معلومات السفن الاسرائيليه
Free kidies cannot use it
@David bombal let me remind you . Now There is no somali pyrites But there's another people who's using our name 😤😤😤
All of your vedios are consist of paid tools and devices. u never made free tool vedio
Ellingson corp. take note.
Well why allow illegal ports close them down so this is a lie and with tik tok they will be denied on web3 Wich means soon it will be forced by the creator and computer and code for the new internet
Dark web osint would be nice