Intelligence X is a search engine and data archive. This account tweets announcements & status updates of the service. πŸ“’

Prague, Czech Republic
CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability #reverseengineering #ipv6 #cybersecurity
1
6
44
10,954
Replying to @vxunderground
The author writing the statement:
1
13
916
After tweeting in the United States v. Fitzpatrick (1:23-mj-00067) case, our previous Twitter handle @_IntelligenceX has been suspended. RIP. Our official response to the suspension: Β―\_(ツ)_/Β― #BreachForums #pompompurin
5
10
8,718
πŸ’₯ We added a powerful new feature to the Identity Portal: Reverse Lookup You can now search for a domain or URL and get all leaked accounts for a particular service. ➑️ Read more at blog.intelx.io/2025/01/03/ne…
4
11
3,346
IPv4 accessibility is currently impaired. We are working on a fix.
2
9
2,410
Earliest mention of CIA's onion site ciadotgov4sjwlzihbbgxnqg3xiy… is in 2019 in our dataset:
NEW: Another @CIA video on social media/#darkweb asking #Russia|ns to reach out to the US This one titled, "Why I made contact with the CIA: For my own sake" piped.video/watch?v=FJYy8MMW…
1
1
7
2,970
We are officially an SSD only shop! πŸ«±πŸ»β€πŸ«²πŸ» Syncing the data took more than 1 year. Our current highest capacity SSDs are 13.9 TB each, although the alphabet is still a limitation. πŸ§΅β¬‡οΈ We used to have these old monsters storing the data. They have space for 60 HDDs:
1
14
2,843
We are just finishing the work on one of our most powerful and important new features. It will be available to users with an Identity Portal license and in the beginning upon invitation only.
3
9
2,196
Replying to @NikitaTarakanov
Related, previous DoS around the same callstack exploiting CVE-2021-24086: bbs.kanxue.com/thread-266955…
3
6
897
Registration is disabled to delete spam accounts. People are still trying to sign up with thousands of spam accounts to evade limits of our Phonebook API. It would be much easier to just pay for a license! Β―\_(ツ)_/Β―
1
4
1,144
We are decommissioning our oldest server still in use - from 2014, back then used at our previous startup Virus Tracker. That server still holds up well (6 core 3.5 GHz, 128 GB RAM). The reason for its departure is consolidation.
1
4
856
We are performing server maintenance this week. πŸ—οΈ Outages are not expected, but if that changes we will post the maintenance message on the website.
1
5
819
On Feb 26, 2022 we announced our support to the #Ukrainian people and government. This was 2 days after Russia's all-out war on #Ukraine. πŸ‡ΊπŸ‡¦ We proudly continue our support of the Ukrainian government. We commend the bravery of their soldiers.
1
6
2,178
Major usability update in our Export Leaked Accounts section: πŸ”Ή CSV results can be now downloaded at anytime during the search. πŸ’Ύ πŸ”Ή Live count of records shown This is useful in investigation cases that involve large datasets and many search results.
6
1,805
We are adding support for 18 TLDs, increasing our support to 574 TLDs: - ad - bs - cv - cw - gf - gn - gw - gy - hospital - ht - iq - krd - mr - mw - om - study - tl - tt
2
1
5
1,248
🫑
We have uncovered a pro-Russian network that was developing an operation to spread Russian influence and undermine security across Europe. Therefore we added two individuals and one legal entity to the sanctions list. Domestic authorities subsequently seized their assets. The Czech Republic was at the beginning of this whole operation. Our work and efforts are leading to other countries in Europe investigating the activities of pro-Russian spy networks and gradually coming to more serious conclusions. One of them was revealed by Poland today for example. Actions in other countries will follow. These are sensitive matters, surely, you will understand that I cannot share too many details. But I want to emphasise one thing. The actions we have taken in the last two days are the result of international cooperation, which we started and which we are successfully coordinating. I am proud that it is we who have shown the strength and the ability to make timely and good decisions. We do what it takes.
5
5,091
We have corrected the name of the bucket "Russia" to "Ukraine". It contains websites from the TLDs UA, KZ and RU. We started crawling those in 2019. Intelligence X stands 100% behind Ukraine. πŸ‡ΊπŸ‡¦
1
1
4
2,299
We are considering to add support for these internal TLDs that are often used in internal networks: intranet internal private home corp
4
5
1,968
Congratulations to @cahlberg and the @RecordedFuture @Mastercard teams on the acquisition! Well done. πŸ‘πŸ»
I am thrilled to announce that @Mastercard is acquiring @recordedfuture for $2.65B. It has been an incredible journey, starting in 2007 when we wrote down the patent application for what became the Recorded Future Intelligence Platform.
1
5
2,604
Happy New Year 2️⃣0️⃣2️⃣4️⃣! πŸ₯‚πŸŽ‰πŸŽ† Our New Year's Special is live: ➑️ 1 month full access for 100 € ➑️ Order now: intelx.io/order πŸ‘πŸ’Έ This offer is only available for 1 week.
4
1
5
1,326
πŸ‘‹πŸ»
1
3
1,931
This account tweets announcements & status updates of our service. ✍🏻 Our official channels are linked here: intelx.io/about
3
1,774
Windows Server 2019, tcpip!Ipv6pProcessOptions unpatched (build 6054) vs patched (build 6189) πŸ‘€:
1
3
1,154
Screenshot of the forum post. It mentions the SQL table columns "username,password,salt,loginkey,email,postnum,threadnum,avatar" among others:
3
1,109
We just updated our Leaks API (used by the Identity Portal) to detect another format of leaked accounts. This means the Export Leaked Accounts function will provide more results.
1
3
938
Replying to @twit_roshthakur
We will resume the URL phonebook search by end of this week.
1
3
386
Replying to @nikitabier
Data, if done right, absolutely has value. It's the precursor to information, which is the precursor to intelligence. And then actionable intelligence. Oversimplifying this into "data has no value" leads to the contentious discussion in your thread. Data absolutely has value.
1
3
153
We are adding support for the following TLDs for searching (domains, emails, URLs): πŸ”Ή .auto πŸ”Ή.bank πŸ”Ή.bh πŸ”Ή.bn πŸ”Ή.jo πŸ”Ή.kw πŸ”Ή.lb πŸ”Ή.sd πŸ”Ή.mc Reindexing existing data will take time.
3
1,282
Replying to @bigmeatmarcus92
We can neither confirm nor deny a certain 'Special' on December 23, 2024 🎁
2
2
210
This site has a good list of lesser known #ChatGPT competitors. gnod.com/search/ai We added it to our tools section. #OSINT #AI
1
2
3
1,348
Ok maybe we should retire this HDD? Been running for more than 8 years. We are in the process of becoming an SSD only shop, although hardware supplier delays are throwing a wrench in our plans. πŸ”§
1
3
889
In the last 3 weeks newly added items in the "Stealer Logs" category were not searchable. They are being indexed now and will be searchable by end of the day.
3
2
3,609
We will be making changes to the phonebook.cz licensing due to constant abuse from spam accounts.
1
4
1,809
Since that announcement we have replaced the whitelisting of domains method.
3
1,721
What is the advantage for the end user, you? Speed! Data of search results load much faster from SSDs than HDDs.
5
1,681
Replying to @hush_skit
Send us an email!
2
143
IPv4 access was restored. IPv6 connectivity was not impacted.
4
2,057
We are currently handling an IPv4 upstream issue. This affects our Leaks API users. IPv6 connectivity is not affected.
1
1
2
1,394
The New Year's Special is over! Thank you πŸ™πŸ»
1
2
645
This year we have been busy becoming an SSD-only shop. We will publish soon a blogpost about that journey. We just bought a lot of 16 TB SSDs, some for 2000 EUR a piece. We tested Kioxia SSDs, but they are not as good as the Samsung and UltraStar ones.
1
3
1,537
Another fun fact is that the old HDD servers can weigh more than 70 kg. πŸ‹πŸ»β€β™‚οΈ SSDs are good, but far from perfect: πŸ”Ή A few failed immediately, and needed immediate replacement πŸ”ΉCrazy performance drop off after bombarding 13.9 TB disks with 99% data, 1/2
1
2
368
We are adding support for #Monero (#XMR) addresses! This is the first Monero address in our search index: intelx.io/?s=46thSVXSPNhJkCg… πŸ”’ #OSINT #cryptocurrency
2
2
1,541
We lied - indexing the backlog takes a few more days. 2 billion records have been added in the last 3 days (our servers are on fire πŸ”₯) and counting.

ALT This Fine GIF

2
2,397
This is the second indexed Monero address, on an I2P site: intelx.io/?s=4AdkPJoxn7JCvAb… πŸ”’
2
1,227
Indexing is now ~20x faster in the Bot Logs category. πŸ”₯
1
2
828
Good data has value. Information more. Intelligence even more. Intelligence X πŸ€―πŸ‘ŠπŸ»
The greatest lie told to the public is that people make apps to sell data. Data has no valueβ€”you can buy a complete data set on the entire US population for under $10,000. In reality, we actually do it to sell engagement. Attention is more valuable than a spreadsheet. And you only capture people’s attention by creating valuable & novel experiences. This misconception has made people fear trying new products, which has hampered innovation in how we communicate and entrenched the positions of incumbent companies. And it has also narrowed the audiences who developers can build for. So when you ask why there are so many silly teen apps, it’s because it’s one of the few audiences that haven’t been deluded by the narrative yet.
2
1,190
This change is live. Daily search credits are now hard limits enforced by the Leaks API. Previously they were soft limits. We will work with customers on a case-by-case basis if additional search credits are needed.
1
1,043
Happy to answer! "Why pay 2k" ➑️ βœ… Receive a legitimate key, the one you quote was a free account which anyone can sign up for βœ… Paid users allow us to provide some data/services for free On our end: βœ… Server costs (hardware, electricity, peering, etc) βœ… Humans need food too
1
1
963
It will take some time for new (and old) data to be searchable under these added TLDs.
2
830
This will have interesting implications - apparently the #RaidForums database has been leaked on the new Exposed forum:
1
2
1
2,501
We added a new date filter to the Identity Portal. The filters have been improved.
4
1,520
Tomorrow we will add a new tab to our Identity Portal "API status". It will list the daily credits available in the Leaks API, which strictly enforces the license assigned to the API key moving forward.
3
1
2
1,621
We are changing the API instance for all free users! New: free.intelx.io The legacy API instances will stop working within 24 hours. You can always view your API details here: intelx.io/account?tab=develo… πŸ”’ A blog post with all details follows.
1
3
2,350
We just pushed another update of the Identity Portal (version 8.1) that includes new algorithms to detect leaked accounts in multiline formats. πŸ” This is especially useful for the 'Bot Logs' category which stores records in multiple lines.
1
663
We are installing the latest Windows Update (lol).
1
2
980
Why would we keep such an old disk with little capacity (500 GB) you may ask? So far there was no reason to retire it. We handle redundancy on application level (not on hardware level), protecting against any cause and source of fault.
1
1
865
essentially blocking all read/write. We do not know the exact cause, but for these high capacity SSDs at 1.2% remaining space they tend to completely start blocking. Perhaps manufactures reserve a crazy amount of space for garbage collection?
2
1
330
The issue has been resolved.
1
1
1,084
Firefox users: We have been affected by a recently introduced freak bug in Go [1] which prevented search results from being displayed properly. πŸ‘ŽπŸ» It is now fixed. This bug was active for 4 weeks. [1] github.com/golang/go/issues/…
3
1
1,144
This is a bit of a wild πŸͺΏ goose chase. Best guess: The vulnerability was around the IPv6 Jumbo Payload parsing. See rfc-editor.org/rfc/rfc2675.h…
1
1
728
But we finally made the decision to become an SSD only shop, due to speed and reliability. Current SSDs have 8 TB capacity which makes this feasible.
1
775
Replying to @sherlocksecure
We will think about it. The results shown are just meant as preview. The end product is the CSV file which can be filtered and sorted client-side. The CSV file includes the Date field.
1
612
Either way the solution is on application layer to deal with these problems.
1
3
1,749
Today we are deploying internal updates to increase capacity. πŸ—οΈ Recently there was a perfect storm of increased API usage and increased indexing activity (especially in the "Bot Logs" category).
2
1
1,035
Replying to @Naina___Malik
We can neither confirm nor deny a certain 'Special' on December 23, 2024 🎁
1
1
187
We are dedicating resources to improve our product Identity Portal. In the next few weeks there will be several releases to: πŸ”Ή Improve parsing of "Bot Logs" data leading to more leaked accounts πŸ”Ή Add date filters to UI πŸ”Ή Inline view of files
3
1
1,566
We will terminate any account that violates our Terms of Service. Using our product for cybercrime in any way is a violation of our Terms of Service.
I must bring the attention of @Info_IntelX to the fact that cybercriminals access their Identity Portal and conduct searches there. This enables another set of cybercriminals who commit ATO using the data they discover with IntelX.
1
1,444
Replying to @DogusBitcoinus
It is, we are working daily on it. Most of the behind the scenes tech updates and improvements are not sexy enough to write blog posts about, although we'll soon publish some of the work done in the last few months. We'll get to update the tool section soon.
1
1
98
The alphabet is still a major limiting factor. Disks can be mounted as folder paths but that's less convenient to manage. The alphabet essentially only allows net 24 disks per server + system disk + spare letter needed for temporary disks.
2
1
432
Earlier this night we had another IPv4 interruption. While the issue is resolved for now, we are going to upgrade our BGP router and keep a spare.
1
980
A couple of months ago someone was actually selling counterfeit intelx API keys. At the time it included manipulated screenshots. In this case the key is counterfeit too, there is no such thing as an "Intelx Admin API Key".
1
1,002
The error handling code has been changed. It calls EvaluateCurrentState prior to calling either IppSendError or IppSendErrorList. Was there an unverified assumption in previous error handling code?
2
1
1,690
Denial of Service bug found by @RobelCampbell. Fuzzing arbitrary IPv6 packets should be fun.
Regarding CVE-2024-38063 IPV6 RCE in Windows... After reading RFCs about optional headers in IPv6 packets, I managed to create POC to cause a crash. The bug check in this case isn't too detailed, but essentially the underflow creates a large value used in a loop which eventually write data out of bounds and causes a crash. I imagine this can be weaponized using heap massaging techniques and corrupting adjacent objects in the heap. As many have already stated before, this can easily be mitigated by applying the latest patches or disabling IPv6 (which is enabled by default).
2
1,625
Replying to @vxunderground
Your quote: "The jury are debating whether or not Kurtaj had criminal intent" vs "The jury were asked to determine whether or not he did the acts alleged - not if he did it with criminal intent" Source: bbc.com/news/technology-6654…
1
1
197
Replying to @robertgraham
It is a good idea. It would prevent leaking internal network names to the outside world.
184
Although our initial assumptions in 2018 were incorrect. We never completely filled up these beasts. HDD size per disk at scale grew quicker than our initial data growth.
1
1
419
But what about datacenter real estate? We have excess spare capacity in our 60-disk servers, and because we always buy the highest tier (currently 22 TB) for new disks, we ain't running out of physical space anytime soon.
1
1
833