OSIntOps News

02 May 2024 13:13

OSHIT: Seven Deadly Sins of Bad Open Source Research
link
When news breaks and the internet is aflutter with activity and speculation, many turn to open source accounts and experts to make sense of events. This is truly a sign that open source research — using resources like satellite images to flight tracking websites and footage recorded on the ground — is seen as credible and is increasingly sought after. It’s free, publicly available and anybody can do it.

But such success comes with drawbacks. In monitoring events from Iran and Ukraine, this surge in credibility allows the term ‘OSINT’ to be easily abused, either knowingly or unknowingly, by users who don’t actually follow the best practice of open source research methods. In fact, since the start of the war in Gaza in October 2023, there has been a spike in verified ‘OSINT’ Twitter accounts which create additional noise and confusion with poor open source analysis.

OSIntOps News

01 May 2024 18:18

Fast Google Dorks Scan
link
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.

OSIntOps News

30 Apr 2024 08:08

Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
link
Static web pages - HTML stuffed with juicy user data - belong to the past and web 1.0. JavaScript frameworks like Facebook's React has drastically changed the digital landscape OSINT practitioners meet today. Nowadays HTML is just a mere shell - a blueprint - which remains to be populated with data, fetched when needed, i.e. when a user scrolls, clicks or navigates around. A consequence of this - and probably also legislation like the GDPR - is that still less user data is actually present when we inspect the HTML source of a given page. Finding user ids, timestamps and other necessary pieces of information becomes still more difficult with the traditional, old-school methods. The data simply seems to be gone.

This, however, is just an illusion. The data is still there. It's simply just invisible. The same structured, raw JSON data that these frameworks fetch from their servers and use to build the page on scrolls are increasingly not being stored in plain sight in the HTML. Instead it's stored as properties on the HTML nodes themselves. This talk aims to open the doors to the OSINT method necessary to extract large amounts of raw structured data from social media platforms exploiting the same techniques that giants such as Facebook, Instagram and TikTok actually uses themselves to access this data - but also hide it from the users. Using TikTok as an example the presentation will demonstrate how to locate and extract invisible data using JavaScript. How do you find the right nodes, that contain the invisible digital gold? How do you dump the data? On TikTok, on Facebook, on Instagram, on Twitter? This talk will teach you the basics you need to know to start your journey into the new reality of modern web development. Step by step we will explore a TikTok profile, dig through the HTML nodes and excavate the huge amount of awesome raw JSON data that TikTok stores invisibly behind the scenes. We'll write the few lines of JavaScript required to empty this amazing digital gold mine. Step out of the past and enter the future.

SANS Open-Source Intelligence Summit 2024
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
Jan Lauridtsen, OSINT Investigator, SpecialCrimes Unit, Danish National Police

OSIntOps News

29 Apr 2024 08:08

Trailblazer: Piercing the Veil of Vehicle Secrets with OSINT Alchemy
link
In the intricate web of our digital cities, vehicles are not just modes of transport; they're anchors that can tether individuals to vast amounts of personal data. During this presentation, we will embark on an OSINT journey, starting with the ubiquitous presence of CCTV systems. These surveillance tools, while essential for public safety, can also be a gold mine for those aiming to trace a vehicle's whereabouts. Through our step-by-step process, we will demonstrate how to track and secure a clear image of a targeted vehicle.

Once we've captured this image, the true investigative work begins. We will employ different online tools to help us extract pivotal details, such as a vehicle's license plate or type of vehicle. We will then showcase how this license plate can be possibly correlated with its respective Vehicle Identification Number (VIN) using various databases. The VIN, unique to every vehicle, is more than just a serial number. Through it, we will unearth details ranging from the vehicle's history to specifics about its owner.

As we delve deeper using the VIN as our investigative compass, we'll demonstrate how to extract a wealth of personal information such as ownership records, insurance data, and much more. Our journey doesn’t stop there; leveraging obtained details, we can explore an individual's social media presence, discern patterns in their visits, and gain a glimpse into their personal life. The knowledge acquired from this level of detail can potentially be employed to craft sophisticated attacks, including highly targeted phishing schemes, underscoring the critical importance of safeguarding such information.

Thus, by the end of our investigative journey, we will illuminate the extensive reach and depth of OSINT techniques. Participants will not only gain an insight into the intricate methods and tools used in such investigations, but also acquire a profound understanding of the pivotal role vehicles play as digital anchors in today’s interconnected societies. The startling realization of the amount and depth of information that can be accessed from seemingly mundane vehicle data will serve as a wake-up call, emphasizing the urgent need for strengthened data protection measures to counter the potential misuse of personal information in our increasingly digitized world.

SANS Open-Source Intelligence Summit 2024
Trailblazer: Piercing the Veil of VehicleSecrets with OSINT Alchemy
Sagar Tiwari
Shubham Kumar, Senior InformationSecurity Analyst, Transunion LLC.

OSIntOps News

20 Apr 2024 19:19

AirChat, the buzzy new social app, could be great — or, it could succumb to the same fate as Clubhouse
https://techcrunch.com/2024/04/17/airchat-the-buzzy-new-social-app-could-be-great-or-it-could-succumb-to-the-same-fate-as-clubhouse/
Over the weekend, another social media platform exploded into the fray: AirChat. The app is like a combination of Twitter and Clubhouse. Instead of typing a post, you speak it. The app quickly transcribes what you say, and as your followers scroll through their feed, they’ll hear your voice alongside the transcription.

OSIntOps News

16 Apr 2024 08:08

Kinahan Cartel: Wanted Narco Boss Exposes Whereabouts by Posting Google Reviews
link
One of the world’s most wanted men, a notorious narco kingpin whose gang is implicated in multiple murders, has left a trail of Google reviews providing valuable new insights into his movements and whereabouts over the past five years.

OSIntOps News

15 Apr 2024 09:31

Telegram fixes Windows app zero-day used to launch Python scripts
link
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.

Over the past few days, rumors have been circulating on X and hacking forums about an alleged remote code execution vulnerability in Telegram for Windows.

While some of these posts claimed it was a zero-click flaw, the videos demonstrating the alleged security warning bypass and RCE vulnerability clearly show someone clicking on shared media to launch the Windows calculator.

OSIntOps News

13 Apr 2024 08:08

Week in OSINT #2024-14 - sector035 - MEME

OSIntOps News

09 Apr 2024 08:08

Week in OSINT #2024-14 - sector035 - Google Earth Grid

Link: 10x10 grid
Link: 15x15 grid

When I found myself searching for a very specific location somewhere in the world, I really could have used some kind of search grid to guide me. It is of course possible to create one in Google Earth, by drawing lines, but there is an even simpler way to do this. Within Google Earth you can add an 'Image Overlay', that will let you add any image to the current view. I created two search grids that you can import into Google Earth. One file is a 10x10 grid, and the other is a 15x15 grid. After some trial and error, I found myself using the bright yellow to be the easiest to see, in both rural as urban areas.
Using a search grid in Google Earth
Using a search grid in Google Earth

These are the steps to add them to your map in Google Earth Pro, the desktop app:

- Right click, and choose: Add - Image Overlay
- Give the layer a name, and directly under it, browse for a file next to Link
- Select the image you want to use as an overlay
- Adjust the slider to add some transparency if needed
- Click OK.

If you want to move the search grid slightly, or find yourself in need to make the search area larger, or smaller, then you can adjust the existing image overlay with a few easy steps:

- Right click the image overlay, and choose Get Info
- While the properties screen is open, move the map to a new location
- Within the properties screen, click on the submenu Location
- Click on the button Fit ro Screen to let the image overlay fit the current view

And that's it! Now you can systematically search with slightly more ease!

OSIntOps News

27 Mar 2024 11:40

Google: Google AI for Anyone| - 12 hours
https://www.edx.org/learn/artificial-intelligence/google-google-ai-for-anyone
We’ll take you through, from first principles what the fuss is all about, and you’ll get hands-on in playing with data to teach a computer how to recognize images, sounds and more.

As you explore how AI is used in the real world (recommender systems, computer vision, self-driving etc.) you will also begin to build an understanding of Neural networks and the types of machine learning including supervised, unsupervised, reinforcement etc. You will also see (and experience) what programming AI looks like and how it is applied.

From here you will be able to continue your journey through the emerging fields of AI and ML and related technologies. In so doing, you will formulate a basis to understand and discuss AI and ML related matters in your personal and professional life.

OSIntOps News

24 Mar 2024 08:08

Week in OSINT #2024-11 - sector035

OSIntOps News

23 Mar 2024 18:18

A beginner’s guide to making beautiful slides for your talks
https://ines.io/blog/beginners-guide-beautiful-slides-talks/
I’ve done quite a bit of conference speaking over the years, and I love designing slides and coming up with a new visual theme for each topic. It’s fun and keeps me motivated to put in the work and actually write my talks. People often ask me for tips and tooling recommendations, so in this guide, I’m sharing some of my not-so-secret secrets and three beginner-friendly steps for how you can up your slides game for the upcoming conference season!

OSIntOps News

22 Mar 2024 13:13

AI and the Evolution of Social Media
https://www.schneier.com/blog/archives/2024/03/ai-and-the-evolution-of-social-media.html
Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022 survey, Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in partisan polarization.

OSIntOps News

20 Mar 2024 16:37

Using LLMs to Unredact Text
https://twitter.com/khoomeik/status/1765373683449893123
I spent the last few hours writing a character-count constrained decoding algorithm for Llama2-13B to de-redact Elon's email to Ilya from 2018.

Here's one of the completions it proposed that perfectly matches the length constraints of the redaction.
https://github.com/KhoomeiK/deredact

OSIntOps News

18 Mar 2024 08:08

Week in OSINT #2024-10 - IC OSINT Strategy

Link

Steven 'Nixintel' Harris shared an important document, that comes from the United Stated Intelligence Community. It is the OSINT strategy for 2024 to 2026, and highlights four strategic areas:

Coordinate Open Source Data Acquisition and Expand Sharing
Establish Integrated Open Source Collection Management
Drive OSINT Innovation To Deliver New Capabilities
Develop the Next-Generation OSINT Workforce and Tradecraft

This strategic report for the upcoming years shows how important open source information has become to generate intelligence. The professionalisation of this area within the intelligence community shows it has true value. And in his small thread, Steven sums up the key elements of the report, and closes off with an important element: Training.

OSIntOps News

02 May 2024 08:08

A View From the Trenches
link
Join us for some sanitized case studies of how OsInt has been used to further both commercial and criminal investigations. OsInt is a true game changer - it develops the skill and ability of the investigator without being reliant on expensive toolsets. Case studies help us to contextualize exactly how unstructured data can be the missing piece of the puzzle.

SANS Open-Source Intelligence Summit 2024
A View From the Trenches
Craig Pedersen, Director of Forensics, TCG Digital Forensics

OSIntOps News

01 May 2024 08:08

Breach Data Infrastructure
Link
There is a lot of discussion on the value of breach data, including the various pivot points it provides. However, there isn't too much discussion on how to create an environment where you can collect breach data and make the data easily accessible and usable for OSINT Analysts when they need the data available to parse through. Having a process for parsing breach data is essential as more and more breaches become prevalent.

My talk will discuss the following points:
1. The breach data lifecycle: Discussing what I consider to be the breach data lifecycle, based off of the intelligence lifecycle (Data breach event occurrence -> Obtaining breach data -> Processing the breach data -> Integrating the breach data -> Analysis and production of the data).
2. Considerations for building an environment for breach data: Virtualization, hardware, OS, and software considerations.
3. Indexing Data: How indexing data can be a game changer when the time comes to rely on the data.
4. Demo: Showing how a breach data environment looks like at multiple scales. Demo will be some recorded information and some live demos.

Actionable takeaways:
- Be able to build your own breach data environment
- Follow a lifecycle to expand the breach data environment over time
- Allow Analysts to quickly parse through breach data when investigation time arises

SANS Open-Source Intelligence Summit 2024
Breach Data Infrastructure
Haris Qazi, Analyst

OSIntOps News

29 Apr 2024 09:15

Enterprise Incident Response with Velociraptor: when tempo is all
https://osintops.com/enterprise-incident-response-with-velociraptor

A pochi giorni dal termine del Matera DigiSec 2024, il primo evento realizzato da ONIF a Matera sui temi legati alla "Digital Forensics e alla Cybersecurity per la protezione dei dati e dei diritti", in particolare in ambito aziendale, possiamo certamente dire che sia stato un grande successo, in termini di partecipazione ma anche in termine di qualità degli argomenti trattati (lascio qui un ottimo articolo, con commenti e alcune foto della giornata).

Sono davvero grato ad ONIF per l'invito a partecipare in maniera attiva a questo evento, e per l'occasione ho deciso di illustrare un tool ancora poco conosciuto (purtroppo!) ma che invece fa parte degli strumenti di molti team di Incident Response e che forse meriterebbe maggior rilievo.

Sto parlando del tool opensource Velociraptor, sul quale ho basato il mio breve intervento, dal titolo "Enterprise Incident Response with Velociraptor: when tempo is all".
Prima di essere assalito (giustamente) dai puristi della lingua, vorrei precisare che il termine tempo, come ho spiegato meglio durante l'intervento, è stato volutamente lasciato in italiano, poichè ne ho utilizzato l'accezione musicale del termine, universalmente riconosciuta, proprio perchè ho immaginato il responsabile della Incident Response come un direttore d'orchestra il quale, utilizzando sapientemente (ed in armonia, appunto) gli "strumenti" (tools) a disposizione, possa "condurre" ad una risoluzione dell'Incidente informatico.

OSIntOps News

28 Apr 2024 21:33

The Impact of AI with OSINT
https://www.youtube.com/watch?v=zgIteU4jEZs&list=PLs4eo9Tja8bi1RZyKT_HlN48QLIRW6HhG&index=2

This presentation will explore the emerging impact of artificial intelligence, including generative AI, on open-source intelligence (OSINT) workflows. We will explore the evolution of AI as it relates to OSINT, and look at the future for how practitioners can do more with less using Gen AI techniques for tasks such as image analysis, creating your own OSINT tools, geo-spatial processing, and reporting. Analysts are more important than ever, and this talk will highlight the critical requirement for analysts to verify & validate information, whilst creating efficiencies with emerging technologies that will change how they interact with data in the future. Finally, this talk will explore bad actors & the evolution of disinformation in a deep-fake world with voice cloning, video & image generation along with tonally & grammatically accurate text-based replication.

SANS Open-Source Intelligence Summit 2024
The Impact of AI with OSINT
Chris Poulter, Founder & CEO, OSINT Combine

OSIntOps News

16 Apr 2024 13:13

Cartel King Kinahan's Google Reviews Expose Travel Partners
link
Bellingcat and the Sunday Times reported that wanted cartel boss Christopher Kinahan Sr. had exposed his movements and whereabouts by posting Google reviews for a variety of restaurants, hotels and other expensive establishments using his alias “Christopher Vincent”.

The “Dapper Don” detailed trips to Zimbabwe, South Africa, Spain, Portugal, Turkey, the Netherlands and Egypt. However, there appeared to be no reviews for trips outside of his base in the United Arab Emirates since the US Treasury announced a collective $15 million bounty for information leading to the financial disruption or arrest of Kinahan Sr and his two sons (Daniel and Christopher Jr) in April 2022.

Kinahan Sr inadvertently captured his own reflection in mirrors and windows in some images posted alongside the reviews, helping Bellingcat and The Sunday Times prove the account was his.

But that wasn’t all he appears to have unintentionally depicted in his posts.

Further analysis reveals new details about some of those Kinahan Sr travelled with, dined with and interacted with in recent years.

OSIntOps News

15 Apr 2024 13:13

Identifying Daesh-Related Propaganda Using OSINT and Clustering Analysis
link
The development of the digital society has substantially altered the conditions under which conflicts occur. Emerging threats are characterized by their asymmetry, diversity, and constant change; rapid transmission over the network; near-immediate nature; possibility for unrestricted access; and swift ability to alter the behaviour of individuals. This paradox is an example of cognitive warfare, which employs both traditional and novel information, cyber, and psychological warfare techniques. The self-proclaimed Islamic State engages in a unique type of disruptive cyber cognitive-intelligence activity utilizing cyberspace. We now refer to the Weaponization of Media Narratives: the struggle of narratives has overtaken the relevance of traditional military and physical Jihad. Jihadist activities consist of sending threatening messages to Western nations and promoting online propaganda in order to recruit new members and instil terror in individuals. Daesh’s propaganda output is so extensive that it is practically impossible for humans to analyse it. Thus, it is crucial to establish and implement cyber defence strategies to prevent, identify, and deter jihadist Internet activity. Law Enforcement, Intelligence, and other organizations are constantly devising new tools to prevent, identify, and restrict terrorist operations over the Internet. The collection and analysis of information from a vast array of sources can give intelligence analysts with useful insights by revealing previously concealed but logically sound patterns and connections. Beginning with a review of Al-Naba’s propaganda materials, this study seeks to construct an automated model that would aid in detecting and identifying the online locations of Daesh. We looked at Al-Naba’ magazine instead of another newspaper because it has only been published in Arabic. Other magazines have been published in other languages and have been looked at in a lot of community identification and Social Network propaganda analysis studies in the past. Therefore, the purpose of our study was to discover if it is possible to employ computer assistance to evaluate Jihadist tales in order to identify any (thematic) similarities across various propaganda sources. One of the specific goals was to evaluate whether or not there are tweets with a direct connection to Al-Naba’ magazine. We wanted to make sure that the tweets were coded in a way that was consistent with the Twitter data—collected from Kaggle—we used as a training set. This was important because tweets could be put into different groups. This was done to see if the tweets were correctly put into their own groups based on information from Al-Naba’s writings. So, the number of times each group shows up depends on how often it shows up in more than 1% of the texts in each cluster.

OSIntOps News

13 Apr 2024 13:13

Week in OSINT #2024-14 - sector035 - OSINT Ambition

Link

I am not the only one providing an overview of OSINT news, and since last week another one has popped up! This time it is OSINT Ambition who started the 'Wednesday Updates', with a lot of links to interesting information. From articles and videos, to changes within OSINT tools, events and a lot more! Do keep an eye for those links, because it will give you another source of important news!

OSIntOps News

10 Apr 2024 08:08

Week in OSINT #2024-14 - sector035 - CashApp Profile Photos

LINK

I read a new blog by Griffin Glynn, where he dove into the source code of CashApp pages. It seems that the mobile version of the page hides a profile image, that can easily be extracted. In his blog post, he explains how anyone can reveal a 'hidden' profile photo of a CashApp user, if the user has uploaded one of course. Thanks for the tip Griffin!

OSIntOps News

08 Apr 2024 19:26

Week in OSINT #2024-14 - sector035 - Google Maps Tools

Link

Some time ago I was searching for a location, and I was looking up some information when I stumbled upon this lovely website. It has several useful tools for Google Maps, like finding postal codes, add a radius, distance calculator and an area calculator. A lot of these things are also available in Google Maps itself, but there are some cool features that I found, like the elevation calculator. Not all tools are working, due to some changes made by Google a few years ago, but there is probably a need for something like this for someone out there!

OSIntOps News

25 Mar 2024 18:13

npx lumentis
https://github.com/hrishioa/lumentis
Generate beautiful docs from your transcripts and unstructured information with a single command.
A simple way to generate comprehensive, easy-to-skim docs from your meeting transcripts and large documents.

OSIntOps News

23 Mar 2024 18:23

We finally released AnuBitux 3.0! https://anubitux.org/anubitux-30-is-out/ Come and check it out!
Download page: https://anubitux.org/download-anubitux/
Changelog: https://anubitux.org/changelog/

OSIntOps News

23 Mar 2024 08:08

Week in OSINT #2024-11 - sector035 - Google Changes

Last week I talked about how the social media landscape constantly changes, and this week I have another great example of this. What I started as an investigation back in 2018 and 2019 into Google's so-called "obfuscated GAIA ID", turned into constant evolving tools like GHunt and Epieos. Every so often Google changes privacy settings, turns off features, changes API outputs and so on. Sylvain Hajri is doing a great job to make sure both tools stay up to date, but it shows that tools used for gathering social media information are constantly changing.

OSIntOps News

21 Mar 2024 08:08

Week in OSINT #2024-11 - sector035 - NeedleStack and Justin Seitz

Podcast
Story

Several days ago another podcast by NeedleStack was published online, featuring nobody else than Justin Seitz. Justin is not only known for being the inventor of Hunchly, but at the end of 2023 he also started a different website, called Bullsh*t Hunting where he dives into 'bullshit' that he encounters in real-world cases. In this episode of NeedleStack, he talks about his series 'The Hunt', dealing with a criminal case in Canada where he found flaws in the evidence. It isn't so much all OSINT, but it does talk about research in general, including document requests. So grab a drink, sit tight and listen. Or click on the link, to read up on the whole story yourself.

OSIntOps News

20 Mar 2024 13:12

Week in OSINT #2024-11 - sector035 - Trial by TikTok
Link
Last week I watched the BBC3 documentary "The Idaho Murders: Trial by TikTok", in which Zara McDermott travels to the United States to investigate the turmoil on social media, following the murder of four students. When I started watching, I had the notion she would embark on investigating the killings herself, but the story took an unexpected turn. The documentary focusses on how wanna-be sleuths are trying to cover every angle of the ongoing investigation. She interviews several people, and in between snippets of TikTok and YouTube videos are shown, where the online community don't always adhere to the 'innocent until proven guilty' rule of the justice system.

The result is that innocent people are being harassed and even threatened, wild theories are being spread online, and people that are officially cleared by police investigators keep being mentioned as 'suspicious'. The whole documentary showed what kind of world there is created , all due to the power of social media, and the hunger for clicks, views and likes. The good news is, that despite all the interference of the online community, the police did apprehend a prime suspect that will face trial later this year.

For anyone that is new to online investigations, this documentary shows it isn't simply a game of collecting likes and views for you social media account. It can genuinely affect innocent people. People that follow my Week in #OSINT, know that I am a firm believer of "verification is everything". And even I once in a while have made mistakes in fact-checking unimportant pieces of information, but I will never put someone's life or future at risk.

If you would like to see the documentary, and have access to BBC1 or BBC3, I can tell you it will be aired again on Monday the 18th and Tuesday the 19th of March (schedule in UK local time here).

OSIntOps News

17 Mar 2024 13:13

Week in OSINT #2024-10 - This Week's Meme