OSIntOps News

18 Jun 2024 13:13

Week in OSINT #2024-22 - sector035 - Sofia Santos' #27

Link

Sofia Santos created yet another OSINT exercise, and it is number 27 already! This one is for the beginners within the field of open source investigations, and can be solved rather easily with the right searches. What I love about these exercises, is that she mentions how difficult the questions are for beginners, and for seasoned investigators. And to check your findings, she also posts a 'walkthrough' on YouTube right away, explaining how it can be solved. This way you learn how the thought process within open source investigations work, and can learn how to pivot from one finding to another.

OSIntOps News

17 Jun 2024 18:18

Week in OSINT #2024-23 - sector035 - ShadowFinder

Link
Video

Galen Reich and Gabòr Friesen created a tool over at the Bellingcat GitHub, that can help find a possible location, by using date and time information, together with a measured shadow. Rummaging through my personal photos, I found one and made an educated estimate of the length of the shadow, to give it a test drive myself too. After filling in all the details in the Google Colab project, like the exact date and time, and the object height and shadow length, it will give you all locations where the information provided could exist. This tool has a very specific 'niche', but there are absolutely circumstances where it can come in very handy. And to show how the tool works, they chatted with Georainbolt, to hear what he thinks.

OSIntOps News

17 Jun 2024 08:08

Week in OSINT #2024-23 - sector035 - Sofia's Stage Talk

link

This week, Bellingcat is featured twice, but Sofia Santos also makes two appearances in this week's Week in #OSINT! This time with an interview over at Bellingcat's Stage talk. She talks about how she got into OSINT, how she found a job at CIR and of course about the importance of mental health. A great interview with Sofia, who is mostly known for her challenges, but also does an awesome job combatting crimes against humanity.

OSIntOps News

16 Jun 2024 16:01

Week in OSINT #2024-23 - sector035 - Google UDM

link

Two weeks ago, I wrote about the discovery of the udm=14 parameter value within the Google searches, and how it can be used to strip the AI generated content, and Google adds. Some time after, Irina Shamaeva took it upon her to play around with other possible values, and it seems there are more options available for this parameter.

And looking at the discovery that the URL parameter udm=7 is for videos, and is actually redirecting to tbm=vid, I had a look at that new parameter myself. After I did some testing, I found an old thread over at Stackexchange, listing a lot of options. of which the following ones are still working today:
Parameter Result
tbm=bks Books
tbm=isch Google images (redirect to udm=2)
tbm=nws Google news
tbm=pts Google Patents
tbm=shop Shopping
tbm=vid Videos
tbm=fin Financial
tbm=map Downloads Google Maps JSON

These parameters can be used to search Google directly, for instance: https://www.google.com/search?tbm=fin&q=facebook This link will direct you to the current price of Meta Platforms Inc over at Nasdaq, powered by Google Finance.

Of course the question is: What else is there to discover? What other parameters are out there? And are there any that can help create more targeted searches, and therefore maybe create better search results? I know these options have been around for quite some time, but it is always great to explore.

OSIntOps News

14 Jun 2024 13:13

ChatGPT for OSINT Analysts: Your AI-Powered Assistant for Organizing Collected Intelligence
link
Overwhelmed by intel data? OSINT analysts can use ChatGPT to automate organization, tagging, and retrieval. Learn the structured prompts for efficient intel management and faster decision-making.

OSIntOps News

13 Jun 2024 13:12

Open Source Investigations in the Age of Google
Abstract

How did a journalist find out who was responsible for bombing hospitals in Syria from his desk in New York? How can South Sudanese monitors safely track and detail the weapons in their communities and make sure that global audiences take notice? How do researchers in London coordinate worldwide work uncovering global corruption? What are policy-makers, lawyers, and intelligence agencies doing to keep up with and make use of these activities?

In the age of Google, threats to human security are being tracked in completely new ways. Human rights abuses, political violence, nuclear weapons, corruption, radicalization, and conflict are all being monitored, analyzed, and documented. Although open source investigations are neither easy to conduct nor straightforward to apply, with diligence and effort, societies, agencies, and individuals have the potential to use them to strengthen security.

This interdisciplinary book presents 18 original chapters by prize-winning practitioners, experts, and rising stars, detailing what open source investigations are and how they are carried out, and examining the opportunities and challenges they present to global transparency, accountability and justice. It is essential reading for current and future digital investigators, journalists, and scholars of global governance, international relations and humanitarian law, as well as anyone interested in the possibilities and dangers of this new field.

OSIntOps News

09 Jun 2024 08:08

Week in OSINT #2024-17 - sector035 - This Week's Meme

OSIntOps News

02 Jun 2024 08:08

Week in OSINT #2024-18 - sector035 - This Week's Meme

OSIntOps News

31 May 2024 18:18

Week in OSINT #2024-18 - sector035 - 10 Steps to OSINT Mastery

Link

Talking about sharing knowledge and connecting with the community, over at Authentic8, Micah Hofmann shared his wisdom in a blog post. In his 10-steps to OSINT mastery, he gives valuable tips on the vary basics of doing open source research. And even though I've been doing open source research for quite some time now, I still love to read such lists, because they are small reminders of the core steps that you need to be aware of, if you want to excel in this field.

OSIntOps News

30 May 2024 23:53

Disrupting deceptive uses of AI by covert influence operations
Link
OpenAI is committed to enforcing policies that prevent abuse and to improving transparency around AI-generated content. That is especially true with respect to detecting and disrupting covert influence operations (IO), which attempt to manipulate public opinion or influence political outcomes without revealing the true identity or intentions of the actors behind them.

In the last three months, we have disrupted five covert IO that sought to use our models in support of deceptive activity across the internet. As of May 2024, these campaigns do not appear to have meaningfully increased their audience engagement or reach as a result of our services.

This blog describes the threat actors we disrupted, attacker trends we identified, and important defensive trends - including how designing AI models with safety in mind in many cases prevented the threat actors from generating the content they desired, and how AI tools have made our own investigations more efficient. Alongside this blog, we are publishing a trend analysis that describes the behavior of these malicious actors in detail.

OSIntOps News

30 May 2024 13:13

Week in OSINT #2024-17 - sector035 - Elevation

link

GingerT shared a cool article written by LifeWire about how to view elevation lines in Google Maps. Of course there are many tools for that, but when you are browsing around in maps and want to have a quick idea how high a certain location might be, then turning on the "terrain" view, and zooming in a little bit, isn't such a bad idea! Thanks for this useful tip!
Viewing elevation lines in Google Maps

OSIntOps News

29 May 2024 13:13

Why a Non-Technical Background Does Not Prevent You from Succeeding in Cyber Threat Intelligence
orojcik/why-a-non-technical-background-does-not-prevent-you-from-succeeding-in-cyber-threat-intelligence-09b41194ee8c">link
Intrusions, cyber attacks and adversarial operations are often seen as technical events best described by the deployed malware, leveraged C2 domains, connected IP addresses, hash values of files and multiple other indicators. However, these activities are not mere spontaneously occurring technical phenomena, a misconception held by many outside of Cyber Threat Intelligence (CTI) and Information Security. The Diamond Model, a fundamental framework in CTI, highlights the human element in these activities: threat actors with their motivations and objectives, and victims with their vulnerabilities and impact.

OSIntOps News

28 May 2024 18:18

Week in OSINT #2024-18 - sector035 - Ritu Gill on PI-Perspectives

link

Ritu Gill was a guest over at the PI-Perspectives podcast. She talks about the OSINT community, sharing her knowledge and learning from others, careers and tools, and of course about her tool Forensic OSINT.

OSIntOps News

27 May 2024 18:18

Week in OSINT #2024-18 - sector035 - Close-Circuit Telegram Vision

Link

Only a few days ago a brand new tool was released, created by Ivan Glinkin. It is a similar tool as the Telegram Nearby Map, that I mentioned in this episode, but instead of a NodeJS based solution, this is a Python script that will run once, and save all the collected information in an HTML file that will open. Besides that, it will also create a JSON file for you, with all the details that are available. It will take some time to run, depending on your settings, but a 500m radius and a 30-second waiting time for testing, took about a minute to run. Do be aware though, that some experience with using a Telegram API is recommended! Because it is very easy to be temp-banned on Telegram, for abusing the API.

OSIntOps News

27 May 2024 08:08

Week in OSINT #2024-19 - sector035 - meme

OSIntOps News

18 Jun 2024 08:08

Week in OSINT #2024-23 - sector035 - Finding Sofia

Link

And what a treat I have for you this week! Because both Georainbolt and Sofia Santos are featured again! And this time Trevor is solving exercise number 19, that only consists of text! Great to see his thought process, and how he takes notes, while going over the different clues. If you want to have a crack at it yourself, then I would suggest you do that. I can absolutely be solved, even after being online for about a year.

OSIntOps News

17 Jun 2024 13:13

Week in OSINT #2024-23 - sector035 -Backrooms

link

On the internet people are known to leave images or messages, that start to lead their own life, of which some turn into a creepypasta. Once in a while something is posted that has an impact, and have people stunned for years on end, not knowing what to do with it. It becomes a meme within its own right, until someone steps up and solves the riddle. This is such a story, the story of the so called backrooms. And while the original image was found in 2019 already, by Twitter user rkfg_me, it stayed unnoticed until Farrell McGuire posted a video on YouTube about it. An interesting search, that solves on of the many mysteries that exist on the internet. Thank you, Ben Heubl for the tip!

OSIntOps News

16 Jun 2024 18:18

Week in OSINT #2024-23 - sector035 - This Week's Meme

OSIntOps News

14 Jun 2024 18:18

Automate OSINT Report Writing with ChatGPT | Intel Assistant Agent
link
Streamline OSINT report writing with ChatGPT’s Intel Assistant Agent. Learn how to create impactful intel briefs. Agent link included.

OSIntOps News

14 Jun 2024 08:07

Types of Cyber attacks - Master Guide
Brij Kishore Pandey

OSIntOps News

12 Jun 2024 09:14

S3E72 | Word up: learning foreign languages for OSINT with Skip Schiphorst
link
Language can limit or expand your worldview. That’s important to remember in OSINT where what you’re able to find and analyze can greatly affect the intelligence you build. Skip Schiphorst, OSINT instructor at i-Intelligence, shares his expertise on why even baseline knowledge of a foreign language is important in a world flush with translation services; how foreign language content can counteract bias; and tips for verifying automated translations.
Key takeaways

- You can find a lot more online than you may think by using foreign languages — even those using non-Latin characters
- You don’t need to be a ninja with years of training to find foreign content online, or outsource everything to language experts
- Know the basics of OSINT, be critical and be patient when searching online in a foreign language

OSIntOps News

02 Jun 2024 18:18

Week in OSINT #2024-17 - sector035 - Kirbstr's CSE's

Link
Blog

Kirby Plessas created several custom Google searches, and she decided to share them over at Plessas.net. Besides that, she also wrote a blog post on how to create your own Google search engine. Kirby explains how she uses Similarweb and the extension "Instant Data Scraper" to create a list of useful sites, and build a custom search engine from scratch. Since Google, and the use of it for conducting research, can be very helpful, this tutorial is great for people who haven't played with this yet.

OSIntOps News

01 Jun 2024 13:13

Week in OSINT #2024-17 - sector035 - Open Secret

link

A few days ago I learned about a brand new podcast that started earlier this month, and this one is by OSINT Combine. Hosts Kylie Pert and Jane van Tienen talk to several guest, and the first six episodes are online already! If you are looking for a new listen with some interesting people and stories, then this one is for you!

OSIntOps News

31 May 2024 13:13

Week in OSINT #2024-17 - sector035 - 7 Deadly Sins

link

Bellingcat published an article about what not to do when it comes to open source investigations. I have touched on the subject before in some episodes of Week in OSINT, and this list should be a must-read for anyone that is working in this field of work. They describe some of the bad practice, and explain why it is important to watch out for these rules to become a better investigator.

OSIntOps News

30 May 2024 18:18

Week in OSINT #2024-18 - sector035 - Non-Free Email

link

Some platforms make it more difficult to register when using a free email account, but with the latest blogpost of Matt Edmondson at hand, that too won't be a problem. He explains how easy it is to register a new domain, and what steps need to be taken to get your personal email up and running. And with some domain registrars offering free domain privacy protection, by acting as a 'proxy' to hide your real identity, you are ready to take on the world with some new research accounts!

OSIntOps News

29 May 2024 18:18

Geolocating a Gang Leader Wanted by the FBI: An OSINT Explainer
bendobrown/geolocating-a-gang-lord-wanted-by-the-fbi-an-osint-explainer-68f9b2f020be">link
This report shows how OSINT techniques were used to find the ‘home’ of a gang leader on FBI’s Te Most Wanted Fugitives list with a bounty of up to $2 million dollars.

OSIntOps News

29 May 2024 10:35

Open Source Intelligence Strategy — on the heels of the IC's OSINT Strategy
by Josh Lefkowitz
👉 Today State Department's Bureau of Intelligence and Research (INR) released its Open Source Intelligence Strategy — on the heels of the IC's OSINT Strategy.

The INR OSINT strategy states:

1️⃣ "In INR, open source information is an invaluable resource—enriching analytic assessments, driving intelligence diplomacy, and giving U.S. diplomats worldwide greater access to INR products at lower classification levels."

2️⃣ "The demand for INR products and services at the unclassified level will only grow in the coming years, as commercial technologies generate more open source data and as the United States seeks to share more information with traditional and non-traditional partners to support and enable U.S. diplomacy."

The INR OSINT Strategy lays out 4 strategic goals:
1️⃣ Establish Governance and Policy for OSINT Use
2️⃣ Invest in OSINT Capabilities
3️⃣ Strengthen OSINT Training and Tradecraft
4️⃣ Deepen Collaboration with Allies, Partners, Industry, Academia, and Other Nongovernmental Entities

OSIntOps News

28 May 2024 13:13

Week in OSINT #2024-17 - sector035 - Cruismapper

While diving into the world of tools, cheat sheets and websites that could be helpful for online research, I went over some of my old links that I used to have on my site. A lot of those links were dead now, so I went hunting down some interesting new ones. And one of them is CruiseMapper. Not only is it a great replacement for the now defunct "Life Cruise Ship Tracker" , but it also features lots of great information! Ever wanted to check out the deck plans of the MS Deutschland or MS Amadea, for some TV research? Or did you hear about a cybersecurity officer of the 'Harmony Of The Seas' that was apprehended on May 6, 2023 and want to find out what happened? Then do check out all the information that is available on this awesome site!

OSIntOps News

27 May 2024 13:13

Trace Labs OSINT Field Manual
https://github.com/tracelabs/tofm/blob/main/tofm.md
This manual is meant to serve as a companion document to our OSINT VM, Ongoing Ops and Search Party CTFs. Think of this as the printed version of one of our in-person workshops. All techniques and considerations put forth in this manual will fall within the guidelines of the Search Party Rules of Engagement (ROE). Techniques will be passive in nature and every effort will be made to protect the participants, the subjects of the investigation and the investigation itself.

This manual focuses on people-centric OSINT investigations. Expect to find discussion around social media and geolocation investigative techniques, but don’t be surprised by the absence of things like network infrastructure techniques or other non-people focused investigations.

OSIntOps News

26 May 2024 18:18

Pompompurin and BreachForums
link

Something more than a year has passed since Pompompurin was detained by the FBI. I did this investigation on him when it happened, and now after some time, I’ve decided to make it public here.
The goal of the investigation was simple, I just wanted to find who pompompurin was, how he became the creator of BF (BreachForums) and how he ended up detained (bad OPSEC as usual :)). Keep in mind that everything you are about to see is Open Source.