My Authors
Read all threads
1/13 Nothing can absolutely go wrong with privacy or people abusing this.. Oh wait. Lets do some OSINT. Maybe we can uncover some stuff for Maryland to show how unsolicited phone calls/mails/texts can be made more legit if you just were more.. official.
2/13 According to this FOX Baltimore article.. "..The innovative COVID Link platform uses medical data from the Chesapeake Regional Information System for our Patients (CRISP) and incorporates it into Salesforce" foxbaltimore.com/news/local/hog…
3/13 So what is CRISP? Simple google search should suffice. This landed me on crisphealth.org, with this picture as the landing page. lets poke around!
4/13 Login Redirects to ulp.crisphealth.org. Quick dig and ipinfo call gives me some info on the host. Shodan shows 80 & 443 open, thankfully nothing exposed (so far) shodan.io/host/206.41.20…
5/13 Whats that wee little button at the top? user guide? Sure lets do it. Could be some useful stuff in here. Shows Amazon IP, check shodan. 22, 80 & 443 Open. Shodan reports a bunch of vulns on the Apache version, but those can be spotty. Let's keep moving
6/13 Alright, userguide doesnt look that good on my monitor. But theres a lot of interesting pages here. "User Access & Onboarding", "Points of Contacts" at the top, and "Documents" at the bottom. Internal docs can be used as a great pretext when you are phishing. Builds rapport
7/13 Access & Onboarding. Great info if I want to go after CRISP directly.. Lots of this info can convince a health employee of this DB that Im legit. Lets keep moving
8/13 "Data Types" page. Looks like a reduced version of a SQL DB/Relational DB. Always good to understand what to target if you have an internal doc explaining all the components of your system :)
9/13 Connected sites to CRISP. Even better for targeting and pretext. Now my target list has expanded out to all these participants! I even have a handy-dandy excel sheet download at the bottom.
10/13 A userguide available to the whole public on how to use a health record db.. probably not good. User Guides should be gated
11/13 Ha, training videos. They even have one on cybersecurity. I have a cardinal rule for security presentations: 1 meme per presentation or it diminishes the value. Looks like they used a meme on the title :)
12/13 Ugh. I hate this page the most! These are all word docs and forms with official letterhead. These are AWESOME to use to send out to people if you want to spearphish or attack. Embed with a macro using many open source tools, download a dropper and install your malware
13/13 Overall, Im supportive of doing things right during COVID-19. But these findings took me 30 mins to compile. If a motivated attacker wanted to go after MD citizens or connected hospitals.. they can enumerate ALL of this to get some great pretext resources.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with techy

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!