Find Confidential Data in China's Cloud

Disclaimer: This article does not endorse actions of hacking, any active operations, or anything unlawful; it only discusses open source intelligence, information publicly available and unconventional approaches to acquiring information online without barriers.

What makes COSINTI offering unique and stand out in the market today is that we not only equip you with skills that you can take with yourself to further develop your abilities and grow in your career, but also develop your mindset of how you approach information gathering and looking at information collection from a not so typical 'intelligence analyst' perspective, that is because throughout the course in some of the domains we cover, we add methods that we take from the world of penetration testing and recon that is different from recon used for classic OSINT work.

So in this one, we will keep it brief, this post's purpose is not to be a tutorial but more a piece of information that will spark something in your mind and get you thinking.. information is everywhere, and where and how to obtain it are two very important questions, especially concerning foreign and complex ecosystems such as China.

Typically from a pen-testing perspective when looking at a company's comprehensive recon profile, we also explore the possible cloud services that are being used by a target, so in context of China and for Western investigators we apply the same logic and explore cross-domain information gathering either on a specific company, person, entity online to create a fuller profile.

In the West we would explore services publicly like poorly configured AWS S3 buckets or other relevant infrastructure. In China, we have Aliyun OSS, Tencent Cloud COS, Huawei Cloud (HuaWei Cloud OBS). Here is our previous article on a similar topic

Now for the sake of this being passive blog post, we are not searching for specific company names but let me give you couple case scenarios and how to think creatively here:

1. Search English company name

2. Search Chinese company name (the real Chinese company name)

3. Pair either of the names with keywords like "机密" or "机密文件" (Secret / Confidential Document) e,g., these may be written in different variations.

Keep in mind that's only one example of how to creatively utilize Chinese websites into sources of information, so now you can add to your checklist or workflows in OSINT within China's ecosystem or on Chinese companies.

To learn more advanced real life scenarios and skills to OSINT anything or anyone in China's internet check COSINTI offering, how it fits your learning and development, career goals, and professional growth.

Of course there might be some more complex scenarios that require more research, technical skills and creative thinking, this is simple case study for the Western investigators out there. You can apply that to other sources China offers.

If you want to learn more, really stand out in how you think, search and navigate China's ecosystem in OSINT? Explore our unique COSINTI offering.

Click on image to be redirected to download the syllabus of 2024.