top of page
  • Writer's pictureEPCYBER

OSINT Chinese Companies With Hacking & Breached Data

Updated: Sep 1, 2023

Image Credit: Noah Wright

Disclaimer: This article does not endorse hacking, any active operations, or anything unlawful; it only discusses open source intelligence, information publicly available and unconventional approaches to acquiring information online.

Let's get to the point - How open minded are you?

When you think of finding information - do you think that it is only held in "expected" "OSINT" resources?

Or could it be available in places where an OSINT analyst is less likely, if at all, to check?

When I think of 'Open Source Intelligence', data, or finding information in general, I think that my hands-on experience from other lines of work such as Penetration Testing has definitely given me another look at where information may be sitting, waiting for you to find it, giving you that golden insights and boosting your classic intel findings to a new level.

In recent years, some seasoned OSINT professionals are starting to understand that hacking tools are not only for hackers.. (although truth be told, tools are not -the- solution to all our problems, you gotta have that curiosity, that mindset as well, your brain always has to ask yourself questions of e.g., 'well, what happens if i click here, or what info can i find if i check here, or how this actually works behind the scenes, does it send any other info when I query user ID, any profile metadata" etc).

Briefly why its the best Chinese osint course on the market:

- You learn penetration testing techniques and methods of transforming simple Chinese websites into actual, valuable sources of information (see practical example here.)

- You learn and build the critical skill of source development in Chinese - I teach you methods, tools, strategies to enrich your sources. e.g., Understanding how to pivot from one source to many. No course really does teach you SD methods that in depth, if at all, as this one.

- You are receiving new editions of the resource book for a period of up to 6 months from the moment of purchase - this keeps the relevancy element so you're working with new information, sources in Chinese.

- With this course you're able to find more information than a typical intelligence analyst, get comfortable around 'breaking the barriers' of linguistics, research, analysis of information in Chinese.

Listen, read, understand where the value at, see how its applicable to your interests or line of work.

Now, back to where we were

What do I mean when I say hacking? -

When speaking passively it either means google dorking (from a hacker pov), or using sources of information, enumeration or analysis tools that are not for typical purposes of OSINT on individuals or companies.

Case Scenario 1: Identify if a Chinese company is blacklisted, illegal operations, etc.

Google Dorking: One approach here is not doing a simple search, but rather understanding that where data like this would most likely be held (either gov or designated websites), doing your "customized" search from there using google dorking that would make life much easier finding data.

Also by playing around with the keywords of what you're looking for e.g., blacklist + "search" parameter OR "search" parameter literally in the inURL.

Using these creative dorks and especially if you have some technical understand of web applications and how they serve content, web servers, how they work, you may even go as far as finding open portals that maybe some don't have login required "indirectly", maybe some allow to conduct that search if you're testing different approaches, trying different search strategies and not only from a typical OSINT mindset, you're actually maximizing the likelihood of finding more results.

Case Scenario 2 : Finding leaked data on Chinese companies

Data Breaches: Just like we are familiar in the West we know there are various sources for finding "breached data" or "leaked data". We know we have various "types of sources" from the pentester and CTI & OSINT practitioner perspective, such as:

- Chinese Hacker forums are a FANTASTIC source of data for OSINT on companies (example or more modern ones like CSDN).

Investigating into chatter, active discussions, tools, search engines, domestic developments made by Chinese hackers - the cherry on top of data search (the reference here is not for classic IT boards as sources of info, but actual, hacker forums - either on the DW or CW).

- Chinese Data Leaks Aggregators (DBs that have search engine interface) - right after hacker forums, another highly recommended source of information for focus on Chinese companies.

Screenshot 1

Screenshot 2

Or tools that are mixed with Western DB's for OSINT on companies like this project right here:

Case Scenario 2A : Finding leaked data on Chinese companies (other methods)

- Chinese "Drop" websites like documents, uploads, files shares, etc.

As you can see in this example we use penetration testing methods to identify how a Chinese Document Sharing Platform serving files to the end user, by identifying the parameters and file ID, manipulating that and using this for Google Dorking, we then can leverage and utilize the

customized dork for indexing specific company related data like so.

Some other ideas:

- Chinese cloud sources or private storage with misconfigurations of access. - Western & Chinese Communication channels private or public e.g., (qq, tg, etc). - Highly recommend as this type of source of info.

- Services as source of information - in China there are various "Dark Private Investigator" types of services that for a payment will even go as far as giving you the actual location of the individual or OSINT on Chinese companies, I DO NOT ENDORSE THIS because this MAY BE OR MAY NOT BE OSINT but from a curiosity and interest POV, check what these post, see what methods they apply, tools, scripts, what's the hidden gems they're using to get that data (is it open source using some sophisticated method perhaps?)

All of these types of sources mentioned above are just some example of where data could be, data could also come from misconfigured portals (passively discovering portals or interfaces that may in some reverse search give you data), or portals that require VIP or payment but on another look still give you the data for free.

What is the point of this blog post = open your horizons, understand that information is everywhere and there are many types of sources where it can be and how it can be enumerated, extracted, discovered passively. :) Some OSINT for thought, hope you find this type of content interesting.


Related Posts

See All


bottom of page