Vandalize old emails by taking over images that point to unclaimed resources, kind of like an NFT that's easy to prove ownership of.
Checkout this full blog post to understand what's happening: https://trufflesecurity.com/blog/email-graffiti
Start by downloading the email you want to check in mbox format. In Gmail you can do that here
Note: It's super sketchy to run someone's random skript on all your old email, so maybe review the code first ;)
Place your export in your current working directory.
docker run --rm -it -v $PWD/:/pwd trufflesecurity/email-graffiti pwd/mail.mbox
You should start seeing some images you can take over in your email :)
Now that you've got the image and the service, you can go to that service and register the image as your own!
For example, for S3 buckets, here's the name of the bucket:
https://s3-us-west-2.amazonaws.com/**bucketname**/imagename.jpg
Head on over to the AWS console, and register that bucket name:
Then just upload an image into the bucket that has the same name as the image found in your email. That's it!
Did you know if Chrome recieves a GIF from the server, it doesn't matter if the extension is .jpeg
? You can name any animated GIF after the png, jpeg or jpg of your choosing. Try it out!