Home Safety

If you have a Child in Public School, you’re sending them into a Warzone! Hate Crimes against White Students on the Rise

Hate Crimes against White Students ignored & covered up by the Media and the Public School Systems throughout the United States! […]

This Article If you have a Child in Public School, you’re sending them into a Warzone! Hate Crimes against White Students on the Rise is an original article from OFFGRID Survival If it is appearing on any other site but OFFGRID Survival, that site does not have our permission to use our copyrighted content!

On November 21, 1916, Britannic, the sister ship to the Titanic, sinks in the Aegean Sea, killing 30 people. In the wake of the Titanic disaster, the White Star line had made significant modifications to the design of the ship, but on its way to pick up wounded soldiers near the Gulf of Athens, it was rocked by an explosion causing even more damage than that which had sunk the Titanic. Many of the dead were from some of the crew who attempted to launch life boats while the Captain tried to run the ship aground. The life boats were …

The post Preparedness Notes for Thursday — November 21, 2019 appeared first on SurvivalBlog.com.

by Todd Walker

I couldn’t believe what a student told me in Science class a few years back!

“You grow meat in the ground.”

What!?

I fought back the urge to laugh. He was dead serious. Clearly, “No Child Left Behind” wasn’t working, or was it. We’re all ignorant on certain subjects, but growing meat in the ground?

This was not a joke or prank like asking a plumbing apprentice to fetch the pipe stretcher off the truck.

His alienation from the real world was all too evident, alarmingly so, as he truly believed what he believed. I dug deeper. He said, as if this was common knowledge, “They (rancher-farmer) buy meat, like rib eye, unwrap the plastic, and bury the steak in the ground like garden seeds. It grows and farmers pick it, re-wrap it in plastic and people buy it in the grocery store.”

Yup, this conversation happened. It felt like the scene from Neverland in the movie Hook. I was in the middle of a rainbow-colored food fight with the Lost Boys screaming BANGARANG!!

My ‘Lost Boy’ had never been to a farm. Ever. He’s not alone. The complete lack of hands-on experience with the real world, not the electronic variety, is at epic levels.

Students stitching bark baskets.

Our children have lost a vital, primal connection with nature, the real world. They suffer from a condition called Nature Deficit Disorder (NDD).

The term coined by Richard Louv in his book Last Child in the Woods, is a result of our plugged-in culture which keeps kids and adults indoors. On average, kids spend 1,200 hours per year staring at electronic screens. The disconnect from nature goes against what human brains are hard-wired to experience… the Great Outdoors!

Research shows that children who learn and play outdoors are enriched personally and academically in many ways:

• Improved attention spans
• Enhanced creativity
• Increased academic success
• Improved reading comprehension
• Higher levels of self-discipline, language and social skills

The cure for NDD is simple. Get outside.

“It is one of the blessings of wilderness life that it shows us how few things we need in order to be perfectly happy.” – HORACE KEPHART, Camping and Woodcraft, 1917

From personal experience with my oldest grandson, introducing him to woodcraft skills created a hunger to get outside. After his first hike to my fixed camp in the woods, he was noticeably anxious. Within 15 minutes of settling in, he turned to me and said, “Ya know Pops, I don’t feel so scared now.”

Professionally, I’ve witnessed transformations in students diagnosed with all sorts of three and four-letter ailments. This study reinforces my observations. Students who struggle to function inside the four-walled school-house seem to thrive outdoors. I’d argue that all students, especially those who willingly conform to the box-mentality, need to go wild.

The Hand-Brain Connection

Instead of swiping a finger over a pad, children need to touch dirt, clay, wood, leather, fibers, animals, hand tools, and day-old campfire charcoal. Using fingers and hands to manipulate tools to create useful things from nature’s resources builds the relationship with the real world. Hands-on learning with reflection on the act of doing the stuff gives a depth of experience no book or screen can offer. Experience is the rocket fuel for learning.

Cutting rounds for “burn and scrape” spoons and bowls.

Other research shows that working with our hands makes our brain happy. Cutting tree bark, boring holes with an awl, and stitching sides to make a berry basket develops dexterity, a physical skill lacking in our smart-phone culture. Looking at an actual physical thing you created with your hands has rewards beyond the crafted item. The importance is not so much the product but the active practice and engagement.

Junior high shop class supplemented the hands-on education I caught from helping my daddy in his plumbing and welding business. I use the term “caught” since that’s how Daddy passed on his trade skills. Mr. Johnson, our shop teacher, taught us how to use all the cool power tools in that dusty cinderblock classroom. And we made stuff, some of which I still have to this day. No bloody fingers were left on the table of that monstrous radial arm saw either. Helicopter parenting was not a thing during the Nixon Administration.

The tree stump in front of our single-wide trailer must have had a coffee can of nails sunk into it. I’d sit there and smash steel, and my thumb occasionally, into wood grain like it was my job. I was 8 or 9 at the time and content to “waste” nails. The repetitions served me well on a few tree houses in my youth, and the subfloor in our new house Daddy built in 1975.

There are still Lost Boys out there shouting BANGARANG!, out of touch with the real world. There was, and I still have hope that there can be, a generation of boys and girls who fixed their own flat bike tires, carried pocket knives to the woods, picked rows of butter beans, and were content to be swallowed up by nature.

What if we could grow bacon on vines? I digress.

Keep Doing the Stuff of Self-Reliance,

~ Todd

P.S. – You can also keep up with the Stuff we’re Doing on Twitter, Pinterest, YouTube, Instagram, and Facebook… and over at our Doing the Stuff Network.

P.P.S – If you find value in our blog, Dirt Road Girl and I would appreciate your vote on Top Prepper Sites! You can vote daily by clicking here or on the image below. Check out all the other value-adding sites while you’re there…

Thanks for Sharing the Stuff!

Copyright © by Survival Sherpa: Content on this site (unless the work of a third-party) may be shared freely in digital form, in part or whole, for non-commercial use with a link back to this site crediting the author. All links in articles must remain intact as originally posted in order to be republished. If you are interested a third-party article, please contact the author directly for republishing information.

Apex International Water Bottle Review

In the summer, we were contacted by the British start-up company Apex International which specializes in water bottles for outdoor sports. The company currently only offers one insulated water bottle (500 ml) in two different colors, but after checking technical specifications and product description we were excited to test the water bottle. Thus we got a sample in return for an unbiased review.

We received the Apex International water bottle at the end of the summer which was perfect because we were then able to test it in both warm and cold conditions. For the last couple of months, we’ve been using the Apex insulated water bottle on hikes, for everyday use and while travelling. We used it not only for water but also for tea, coffee, soup and other beverages. Below is what we learned about the Apex International insulated water bottle.

The Apex International water bottle is suitable for:

• Hiking
• Mountaineering
• Backpacking
• Travelling
• Everyday use

Materials

The Apex International water bottle is a so-called vacuum bottle (also called vacuum flask) which means that it consists of two bottles – one is placed within the other. The air in the gap between these two bottles is then extracted which creates vacuum. This minimizes heat transfer as vacuum is the world’s best insulator and if a vacuum bottle is constructed well (i.e. very little contact between the two bottles), it can keep beverages hot or cold for many hours.

When I unwrapped the package, I immediately noticed that the bottle is robust and made of high-quality materials. It performed well keeping cold drinks chilled in warm weather but I was really curious to see how it would work in colder weather. So, one evening when the temperature had dropped below 10° C, I poured boiling water into the bottle and left the bottle outside for 12 hours. The night temperatures were between 5° and 8° C and 12 hours later the water in the bottle was still very hot – actually the perfect temperature for drinking without burning your tongue. So, the bottle also passed being tested in colder weather.

I have used the water bottle on hiking trails, and I am satisfied with it in general. The bottle provides good insulation and it always kept my drinks hot/cold. Since it’s made of stainless steel, it doesn’t absorb flavor, so you can easily use it for coffee, soup and other beverages without re-tasting them the next time you use the bottle for a different beverage. Stainless steel bottles can be inconvenient for sports because they are slippery, especially when your hands are sweaty. However, the Apex International bottle features a rubber coating on the outside which provides good grip. I was very satisfied with this little detail as it makes handling the bottle much easier and safer.

The bottle cap is not attached to the bottle which I found a bit disappointing. On trails it’s easy to lose such a small item and if you lose it, you have no option but to buy a new bottle. Otherwise, the bottle cap is well-made, and I haven’t encountered any leaks during the testing period. In case I do in the future, I will of course update this article accordingly. I also missed the cap functioning as an integrated cup. Some insulated bottles come with a cup which is very convenient because you obviously can’t drink boiling hot beverages directly from the bottle. Nevertheless, you can simply put a recyclable cup into your backpack to solve this problem.

Functionality

The Apex International water bottle has a capacity of 500 milliliters, which I find perfect. The bottle is not too big for the side pocket of my Osprey Talon 22 daypack and it holds enough liquid to get a cup of warm tea during each pause on longer hikes. It weighs 290 grams which is very similar to the weight of competitive products of the same volume. Now, I’m into lightweight hiking and thus I typically use insulated water bottles only in very cold conditions. In warm and moderate conditions, I prefer to use my hydration bladder not only because it’s lighter, but also because it allows me to drink on the go.

Care

I was a bit disappointed when I read the instructions and noticed that the bottle should not go in the dishwasher. The bottle has a very narrow opening and thus it’s really hard to clean it on the inside – there is no way you’ll get a sponge in there. I did a bit of research and many competitive products are dishwasher safe which is a great advantage. I believe that the problem is in the rubber coating which would probably get damaged if exposed to high temperatures. Nevertheless, if that’s the case the opening should be wider for easier cleaning.

Verdict

So, let’s start with the good things. I was very satisfied with the quality of the bottle. During the testing period I haven’t noticed any leaks or other defects. The bottle provides good insulation and keeps drinks hot/cold for very long time. I was also very happy with the rubber coating which provides a good grip even if your hands are sweaty – nobody wants to drop their drinking bottle while standing on a steep mountain side. The biggest downside is that the bottle is very hard to clean. According to the instructions, you shouldn’t put it in the dishwasher and the opening is so narrow that you can’t reach more than a couple of centimeters into the bottle. Hence, cleaning is limited to pouring hot soapy water into the bottle, rinsing it and hoping you get everything out. Besides that I really liked the bottle and I will continue using it for hiking as well as everyday use.

If you have any questions about this product, drop me a line in the comments below.

Apex International Water Bottle – The capacity of 500 milliliters is perfect in terms of size and weight

Apex International Water Bottle – Rubber coating provides good grip

Apex International Water Bottle – Stainless steel does not absorb flavor

Apex International Water Bottle – The bottom of the bottle

Apex International Water Bottle – The bottle cap is not attached to the bottle and thus it’s easy to lose it

Apex International Water Bottle – The opening is too narrow for efficient cleaning

Rating

Quality
Functionality

About Rating

Pros:

• Quality
• Capacity
• Rubber coating
• Insulation

Cons:

• Hard to clean and not dishwasher safe
• The bottle cap is not attached

Where to buy?

Apex International Water Bottle
Buy from Apex International

{
“@context”: “http://schema.org”,
“@type”: “Product”,
“brand”: {
“@type”: “Organization”,
“name”: “Apex International”
},
“image”: “https://besthiking.net/wp-content/uploads/2019/11/Apex-International-Water-Bottle-Review.jpg”,
“name”: “Apex International Water Bottle “,
“review”: {
“@context”: “http://schema.org”,
“@type”: “Review”,
“author”: {
“@type”: “Person”,
“name”: “Blaz”
},
“creator”: {
“@type”: “Person”,
“name”: “Blaz”
},
“publisher”: {
“@type”: “Organization”,
“name”: “Best Hiking”
},
“reviewRating”: {
“@type”: “Rating”,
“ratingValue”: “4”,
“bestRating”: 5,
“worstRating”: 0
},
“datePublished”: “2019-11-19”,
“name”: “Apex International Water Bottle Review”,
“headline”: “Apex International Water Bottle Review”,
“itemReviewed”: {
“@type”: “Thing”,
“name”: “Apex International Water Bottle ”
}
}
}

You may also like…

[rpwe limit="10"]

The post Apex International Water Bottle Review appeared first on Best Hiking.

The leaves fall and the weather turns frightful outside but we still have to head out in it. It might only be for a few minutes at a time but no one likes being cold and wet. A high-quality survival … Continued

While homeowners consider wireless cameras as a way to protect their homes and loved ones, one of the many ironies is that these cameras can be less secure and used …

The post How to Prevent Security Camera Hacking of Your Cameras was written and published on 24/7 Home Security.

Note: This is part 3 of our three-part series on Civil War Preparedness. Click here to read part one, or click here to read part two. Cities are taking over the world, so to speak. More people live in them than ever and more of them are popping up all over the world. Learning to […]

The post Civil War Preparedness – Part 3: Protecting Yourself appeared first on Urban Survival Site.

Since 2009, Lisa at The Survival Mom has been one of the most read and respected voices in the prepping community. We are excited to be sharing some of her most popular articles right here on Survival Life. Check back every week so you never miss any of Lisa’s expert knowledge!

With all the talk about food storage and growing our own food, I did a little digging around to find out what some people ate during America’s Great Depression of the 1930’s.  Surprisingly, a few of these were made by my mother and grandmother, traditions, I’m sure, from a more frugal era.  I still have a soft spot for Chipped Beef on Toast!  How many of these are familiar to you, and do you have any others to add to the list?

• Milk toast
• Chipped beef on toast
• Cucumber and mustard sandwiches
• Mayonnaise sandwiches
• Ketchup sandwiches
• Hot milk and rice
• Turtle/tortoise
• Gopher
• Potato soup – water base, not milk
• Dandelion salad
• Lard sandwiches
• Bacon grease sandwiches
• Sugar sandwiches
• Hot dogs and baked beans
• Road kill
• One eyed Sam – piece of bread with an easy over egg in the center
• Oatmeal mixed with lard
• Fried potatoes and hot dogs
• Onion sandwich – slices of onion between bread
• Tomato gravy and biscuits
• Deep fried chicken skin
• Cornbread in milk
• Gravy and bread – as a main dish
• Toast with mashed potatoes on top with gravy
• Creamed corn on toast
• Corn mush with milk for breakfast, fried corn mush for dinner
• Squirrel
• Rice in milk with some sugar
• Beans
• Fried potato peel sandwiches
• Banana slices with powdered sugar and milk
• Boiled cabbage
• Hamburger mixed with oatmeal
• American cheese sandwich: ‘American’ cheese was invented because it was cheap to make, and didn’t require refrigeration that many people who lived during this era didn’t have.
• Tomato gravy on rice
• Toast with milk gravy
• Water fried pancakes
• Chicken feet in broth
• Fried bologna
• Warm canned tomatoes with bread
• Butter and sugar sandwiches
• Fried potato and bread cubes
• Bean soup
• Runny eggs with grits
• Butter and grits with sugar and milk
• Baked apples
• Sliced boiled pork liver on buttered toast (slice liver with potato peeler)
• Corn meal mush
• Spaghetti with tomato juice and navy beans
• Whatever fish or game you could catch/hunt
• Tomato sandwiches
• Hard boiled eggs in white sauce over rice
• Spam and noodles with cream of mushroom soup
• Rag soup: spinach, broth and lots of macaroni
• Garbanzo beans fried in chicken fat or lard, salted, and eaten cold
• Popcorn with milk and sugar – ate it like cereal

Lessons learned from this list?  Stock up on ingredients for bread, including buckets of wheat.  Bread, in some form, is one of the main ingredients for many of these meals.  Second, know how to make different types of bread.  Next, have chickens around as a source for meat and eggs, and if possible, have a cow or goat for milk.  Know how to make many different foods from scratch.

Another lesson is to have a garden that will provide at least some fresh produce, and plant fruit trees and bushes. You may be interested in this article with tips for Planning an Edible Landscape. Finally, don’t waste anything, even chicken feet!

Read the original article here.

Click here to learn more about life in the Great Depression.

The secret to keeping your feet & toes warm is not only about cold weather boot socks, but it’s largely to do with how your boots fit! Here’s what I mean…

Original source: Cold Weather Boot Socks Need Wiggle Room | Size Boots Accordingly

I was fortunate enough to present a talk at the Layer8 OSINT and Social Engineering conference in June 2019. Below are the notes to the demo I executed during that talk so that you can follow along.

Talk title: Getting the Good Stuff: Understanding the Web to Achieve Your OSINT Goals

Abstract: As OSINTers we need to look beyond what is rendered in a web browser. Much like an ocean, the web pages we visit contain a wealth of data under the surface. If you understand how to access that information, you can find pivot points to continue your research.

Come and learn how to decode web traffic using simple tools, to retrieve Google Analytics codes and social media IDs from web content, and how to interact with APIs (Application Programming Interfaces) to grab your OSINT data. This will not be a “use this tool and it’ll do all the hard work” talk but instead, will give you the confidence and understanding of how the web works so that you can develop your own techniques to harvest OSINT data.

I’ve made 10 minute tips of each of the sections below and posted them on the https://osintcurio.us/10-minute-tips/ web site’s YouTube channel.

You take the red pill—you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember: all I’m offering is the truth. Nothing more.

Morpheus, The Matrix

Most of us have seen or at least heard of the quote above from The Matrix movie. It holds true within our OSINT work as well as the fictional dystopia of that movie. We can look at what appears on our screens, in our web browsers, and smile and nod to ourselves that that is all the data about a person or from a site or we can choose to look beyond what is rendered in our browsers and seek other sources of data.

This talk is about being OSINT Curious and breaking free from the rendered world.

Live demo

HTML Source Code Data Harvesting

Sometimes we can find interesting information inside the HTML source code that is sent to our web browsers. Remember that only some of that code gets rendered in the web browser that you look at while other content helps load additional page content or has comments that may be interesting to you as an OSINTer. Let’s take a look at a couple of HTML pages with fun things in their source code.

• In a browser, go to view-source:https://www.smule.com/ and examine the HTML comments (see the ASCII art?)
• In a browser, go to view-source:https://keybase.io and examine the HTML comments (there is a note to you in there…see it?)-
• In a browser, go to view-source:https://www.flickr.com/ and examine the HTML comments. Flickr also has ASCII art but a message “You’re reading. We’re Hiring.” Let’s see if other sites have that message in their pages. Perhaps we can connect multiple web sites using this string?
• For more efficient searching of source code, use https://censys.io
  • To find other sites with the same Flickr.com HTML comments: https://censys.io/domain?q=%22You%27re+reading+We%27re+hiring%22
  • Do you see that several other sites have that content? Looks like some other Flickr sites and then one called permission.io. Load that web site and look at the source code for the string “You’re reading”.
  • Find same string in there? Yeah…it is there but a little different format (comma instead of period). These strings can sometimes be used to find links between seemingly-distinct websites.
  • Look at the source code for permission.io again. Right below the string you searched for above is a section that has a “<!–” that starts it. This code is commented out and will not render in your browser and yet we see it references the forum.permission.io site.
  • Go back to the main permission.io page…this subdomain for “forum” is not referenced. We discovered it through using the HTML source code
• Analytics and Tracking Codes
  • Tracking and analytics codes can help us show the relationships between seemingly unrelated domains and web sites.
  • In a browser, go to view-source:https://ge.com
  • Search for and extract the Google Analytics code: UA-10221857 from the source of the page
  • Go back to Censys.io and look for other sites with that same code: https://censys.io/domain?q=%22UA-10221857%22
    • I found 2 sites: ge.com and gecompany.com which I can understand how they are related.
  • Try SpyOnWeb: http://spyonweb.com/ua-10221857
    • I found 7 sites this time with some domains that are no longer active and with interesting names.
  • Now visit the https://builtwith.com/relationships/ge.com site
    • Huge number of related sites based on Google Analytics code but also other trackers, tags, and IP addresses
    • Has a dynamically generated graphic showing the time when each other domain used the trackers or had a similar IP address

• Summary HTML Source Code for OSINT
  • Find hidden content not referenced in the rendered web page
  • Pivot on content discovered to find other hosts/web sites with it
  • Find commented-out or deprecated references to pages that are still live

XHR (XMLHttpRequests) and JSON

Sometimes web pages load a main portion, the HTML, and then use JavaScript within your web browser to make successive calls to web sites to pull data that is used in your browser. Developers can use an XMLHTTPRequest (XHR) to make these additional requests from your browser.

These XHRs usually use a data format called JSON (JavaScript Object Notation) which is easy for JavaScript and other programming languages to parse. Let’s see an example.

• In a browser, go to http://technisette.com
• This should redirect your browser to the StartMe page at https://start.me/p/m6XQ08/osint
• Select some content that is displayed on that page such as “Select a category” and copy it.
• Right click on the page and view page source
• Look for that string you copied in the page source. You see it? Nope? Let’s look for an XHR.
• Launch the developer tools (press F12 on most modern browsers)
• Press the Network tab in the developer tools window
• Reload the page (using F5 or the reload/refresh button)
• Look at all the resources that are loading in the network pane. To filter for the XHR, just click on the “XHR” option in the filter bar. This should leave you with 2 entries…one named m6XQ08.json and settings.
• Look at the information in the https://start.me/p/m6XQ08.json file by bringing it up in your web browser
  • WARNING: While Firefox has a built-in JSON decoder, Chrome does not. If using Chrome, there are Extensions like JSON Viewer that can “prettify” the JSON.
• Look for that string you copied in the page source. You see it? Yes! It is there. The developers of the start.me pages use JSON files (called via XHR) to retrieve additional data for the pages.
• Do you see data in the JSON file that is not present in the web page when it is rendered?
  • Technisette’s email address?
  • The unique “owner id” for her account
  • Timestamps for page creation and modification

Neat example…but how would we use these for OSINT? OK, let’s go to the social media platform called TikTok.com.

Putting It Together: TikTok

The social media site TikTok (https://www.tiktok.com/en/) allows users to post short videos on its site. Other users can comment on those videos. Let’s examine how it all works to cement our understand of looking in the source code, examining XHRs, and decoding JSON.

• Let’s find a user’s profile to examine. Go to https://www.tiktok.com/en/trending in your web browser and click on a video.
• In the upper right of the video page is the poster of the video. Click on that person’s profile pic.
• I chose the random user profile https://www.tiktok.com/share/user/10778167?langCountry=en for my work.
• Look at the number of followers that you person has. In the case of the above user, in June 2019 they had “2.3k following, 507.8k fans, 6.9m hearts”. See how these values are rounded? Let’s see if we can get more details.
• TikTok embeds JSON data in the profile page. View the page source for your profile or use the one I’m doing view-source:https://www.tiktok.com/share/user/10778167?langCountry=en
• There is a lot of source code in there. Search for “INIT_PROPS”.
• Select and copy from the {“ to the immediate right of the INIT_PROPS all the way down to the first }]}]}} to the left of the first </script> tag.
• Visit the CyberChef page to decode this JSON.
• Paste the JSON you copied into the Input field on the right.
• On the left, in the Operations panel, type: “json” (no quotes) in the Search… field.
• Click and drag the JSON Beautify operation from the blue section under the search field to the Recipe pane in the middle. Drop it in there by letting go of the mouse button.
• Once you do that, JavaScript in your browser performs the JSON decoding of the input and places content in the Output pane. This should be human-readable. If not, you may be copied too many characters or not enough.
• Scroll down in the output pane until you see the “userData” item. That has the data about the user. Scroll down a little further and you will see the exact number of followers, fans, and hearts instead of the rounded numbers we saw earlier.

So, we have some detailed profile data. Now let’s switch to a TikTok video and harvest the JSON data.

• I’ve clicked on a random video from the user above: https://www.tiktok.com/share/video/6698401324473519366?langCountry=en
• Looking at the comments for the video, we see “Can u sing without me by Harley“. Let’s look for that in the view-source:https://www.tiktok.com/share/video/6698401324473519366?langCountry=en
• It is not there….is it? Let’s launch our Developer Tools (F12) and see if this site uses XHRs.
• Go back to the regular video page and press F12 then reload the page.
• Select the XHR filter (if it is not already selected). You should see a bunch of XHR requests. Two of them are probably for the list?id=6698401324473519366 resources. We want the one that has the count right after the id. Right click on that entry and Open in New Tab (works in Firefox and Chrome)
• Now search for the “Can u sing without me by Harley” string. You find it? Yup. This JSON page has ALL the video comments along with who made them, profile IDs, date and time stamps (in UNIX/Epoch time), and more! OSINTing!

APIs (Application Programming Interfaces)

We now understand that this JSON and XHR data can have vast quantities of data we want for our OSINTing. Let’s shift to another place that has JSON, APIs.

We may have already introduced APIs to you in the TikTok example above as there is most likely an API or Application Programming Interface) that services the TikTok XHR requests. In other words, when programs (think mobile devices and scripts like Python) make requests for data to web sites, they often make these requests to APIs so that they get data returned in a format that is easily digestible by the script or app. Inside of this data can be content that is not found in the comparable web page that you’d see in your web browser.

Want an example? OK. Let’s use the OpenCorporates.com site:

• Normal web page: https://opencorporates.com/companies/de/M1203_HRB2408
• JSON API page: https://api.opencorporates.com/companies/de/M1203_HRB2408

Did you see the extra information in the JSON data from the API? Lesson here is always check for an API and compare the data in it to what is rendered in your browser. Look for the word JSON or API in the web site.

In fact, the word JSON appears at the bottom of the regular web page. If you were OSINTCurious and clicked it, you would have been rewarded with this extra data in the JSON API!

Unlinked Web Files

When some people use a search engine like DuckDuckGo, Google, or Yandex, they might think that these applications will show them any file that exists on a crawled web site. That simply is not true. Web site owners can tell search engines to ignore certain files or directories by putting those forbidden resources in a file called robots.txt and placing it at the root of their domain. For more info about this file, visit http://www.robotstxt.org/robotstxt.html.

Let’s look at some of these robots.txt files as they reveal directories and files that, as OSINTers, we may WANT to visit and that are not indexed by search engines.

• Retailers: https://www.amazon.com/robots.txt
• Governments: https://www.gov.uk/robots.txt
• NSFW resources a site doesn’t want to have associated with their site on a search engine: http://www.authorstream.com/robots.txt
• Learning sites where we can find beta releases of their content: https://www.codecademy.com/robots.txt
• Even the search engine web sites have robots.txt files: https://www.google.com/robots.txt
• People blocking other people’s content from being indexed: https://www.codementor.io/robots.txt
  • This one is interesting. The robots.txt file prevents search engines from indexing the romaincayzac directory. Can we find other people from this site by Googling them? Let’s try https://www.google.com/search?q=site%3Acodementor.io+”ricardo+murillo”
  • Yup. We get Ricardo Murillo’s profile as the first result (https://www.codementor.io/rcjmurillo). This then takes us to his profile on the CodeMentors site.
  • Let’s use the same Google Dork with Romain Cayzac’s name and see if he is in the results: https://www.google.com/search?q=site%3Acodementor.io+”romain+cayzac”
  • Turns out he IS in the results, but his profile page is not! Google indexes places where he is noted on the site and we see his profile is found but not indexed (https://www.google.com/search?q=inurl%3Acodementor.io%2Fromaincayzac)
• Check out the http://www.dailymotion.com/robots.txt page and see how each search engine “bot/crawler” has different content that the site allows it to index. What would your OSINT investigation look like if you only used one of these engines? The word “incomplete” comes to mind.

So why does this matter? Web site owners can prevent search engines from indexing certain resources. When you search on specific term, pages that are available on these sites will not come up because of the robots.txt files. A gentle reminder that search engines don’t index the entire internet!

Wrapping It Up

This blog post and companion conference talk are meant to show:

1. As OSINTers, the more we understand about platforms, web applications, and how they work, the greater our collection opportunities.
2. We should not rely solely on what we see rendered in our web browsers.
3. Diving deeper into source code, APIs, and XHRs help us gather more data in an easy to understand/parse format (JSON).
4. OSINT can be REALLY fun! There are “Easter Eggs” (surprise gifts) in many of the sites you might use daily.
5. Be OSINT Curious and click on things, look for and use APIs, and examine source code!
6. Seek to understand the platforms you are using…not just harvest data from them.
7. Now that you know these places are out there and have valuable OSINT data, you will never be able to go back. Welcome to the “OSINT Matrix”.