OSIntOps News

26 May 2024 13:13

Week in OSINT #2024-18 - sector035 - Collection of CSEs

link

While strolling around the internet, I stumbled upon a huge list of Google CSEs! Looking at the rest of the repositories, these CSEs seem to be scraped from Start.me pages, and collected for the ongoing project "OSINT Buddy", an open source, self hosted platform. But no matter what the reason is, a staggering 871 lines with URLs are listed in this repository, and a quick count gave me well over 600 unique CSE IDs.So if you don't want to host the full OSINT Buddy platform yourself, you can simply scroll through the list, and pick a custom search engine you might need for your research. Be aware, not all of them are still online, so make sure to go over them and create your own personal collection, before you actually need some.

OSIntOps News

25 May 2024 18:18

Week in OSINT #2024-18 - sector035 - OSINT Methodology

Link

Aaron 'CTI' Roberts wrote an article on his personal blog, explaining what his basic steps are for doing OSINT research. This is a great guide for people that can us a little bit of help starting up, since he gives great examples on the so called 'pivot points' that are out there for you to use. And I was very happy when Aaron, next to all the different tools he mentioned, he wrote the next line:

While I love SocialNet, I do still find myself doing manual OSINT on social media profiles as I find it more intuitive personally.

Because no matter what tool you use in your research, it will never give you any context when you look at the information that the account shared. A username can be unique, but more than once, a specific username can have different 'owners' on different platforms. So read the article, know about the tools and know what they can help you with, and do a lot of manual work to make sure you connect the right dots.

OSIntOps News

25 May 2024 08:08

Week in OSINT #2024-20 - sector035 - OldTweetDeck
link

I have mentioned this extension for Chrome and Firefox before, and I still use it because it is so powerful. The old Tweetdeck, that is part of the paid subscription called "X Pro", can be recreated with a simple extension. It has all the old features, and it will save you paying several dollars a month for roughly the same experience. And since I've been using it extensively in the last few weeks, I thought it was worth another mention. They also updated the extension last week due to the fact that the 'twitter.com' domain is slowly being moved towards 'x.com'.

OSIntOps News

24 May 2024 13:13

Week in OSINT #2024-19 - sector035 - OSINT Methodology

link

Another entry where I tag GingerT, because e wrote a blog post about OSINT methodology. After other similar blog posts that were featured in Week in #OSINT, he decided to share his own thoughts on his thought process, and steps he takes. I love that 'Ginger' also does a lot of manual work, and rather spends time on thinking were to find information, than simply firing off tools to gather as much information as possible.

OSIntOps News

23 May 2024 18:18

Week in OSINT #2024-18 - sector035 - Telegram Web

Earlier, the Telegram web app started showing a 'nag screen' when trying to translate a message in a different language than your default one. Because earlier this year Telegram added a Premium feature, that will give you the option to translate texts automatically.

After some testing, I found out that this only happens in the "K version" of the web application. If you see such a nag screen, there are several options to still use translations:

Use any of the official desktop applications for Linux, MacOS or Windows
Use a mobile app, since single message translations still work there
Switch to the "A version" in the web app, by clicking in the hamburger menu in the top left

If you do switch to the "A version", the layout will be slightly different, but all features should be there. If you don't have a translation option, then do check your settings under language, since this option is set separate for each version.

OSIntOps News

23 May 2024 08:08

Week in OSINT #2024-20 - sector035 - Newsletters

link

Maciej Makowski, better known under the handle 'osintme', has curated a list of OSINT newsletters. He isn't very active on social media any more, but do keep an eye out for his blog posts, like this one. It contains pretty much all news sources that collect and share news from the open source investigation and intelligence world, and I recommend going over all of them if you want to stay up-to-date.

OSIntOps News

22 May 2024 13:13

Week in OSINT #2024-19 - sector035 - Mirror Mobile Phone
link
In this tutorial by LifeWire, it is explained what options there are to mirror the screen of a mobile phone. I really like the option to share a screen on my laptop, because it gives me the opportunity to create screenshots directly, and save them with other evidence. Especially screenshots, or video recordings, of Snapchat content is something that can be tricky, due to the fact that the official ap detects screenshots made by the phone, and the fact they notify the party involved. Another nice tip, shared by GingerT.

OSIntOps News

21 May 2024 18:18

Embracing failure: The Importance of making mistakes in OSINT
link
The OSINT community is full of extremely talented people. There is an almost daily supply of jaw dropping investigations, deep analysis of very complex topics, and coordinates of photos or videos which, at first glance, appeared untraceable.

It is nearly impossible to not be in awe of these people. How can any of us mortals even hope to reach their level? Surely they were just born brilliant. But they did not. At some point they were just getting started. And they failed. A lot. They still do. And that is what makes them great.

Small amounts of failure in the OSINT field are inevitable, and somewhat expected. Perhaps an investigation that never saw the light of day because a crucial piece of evidence was missing, maybe an image or video never geolocated, or an identity never unveiled. You gave it your best, but your best was not enough, and that is ok (for now). It is easy to fall prey to feelings of inadequacy, frustration and, on occasion, self pity. But that won’t help you.

So let’s look at some ways in which acknowledging and facing your own shortcomings can, and will, help you become a better OSINT analyst / investigator.

Click here to watch and listen to the video version of this blog entry.

OSIntOps News

13 May 2024 08:08

From the Public Archive to the Wayback Machine: Thinking Like a Historian for OSINT Practitioners
link
Arguing that “thinking like a historian” will benefit OSINT newcomers and veterans alike, this presentation examines the relationship between academic historical research methods and OSINT investigative techniques. In each of the four subsections, I establish key features shared by OSINT research and the research performed in the humanities and social sciences. I then detail practical and methodological lessons for OSINT practitioners going forward. First, I discuss two practical takeaways from historical research: I highlight underutilized resources and digital archives that can be useful for OSINT researchers, and I argue for the importance of building our own research archives by saving and indexing our sources. Second, I discuss methodological lessons from historical research. I argue for the need to think critically about how archives and the sources within them shape our findings, and that interpreting our sources requires time and effort, as well as flexible, analytical thinking. We need to interrogate both what is being said and what is not being said, and to be ready to read sources “against the grain.” I conclude with lessons from the academic discipline for the ways that we, as OSINT researchers, document, support, frame, and articulate our findings for our chosen audiences.

SANS Open-Source Intelligence Summit 2024
From the Public Archive to the Wayback Machine: Thinking Like a Historian for OSINT Practitioners
Stephen Silver, Senior Investigator, Brown Rudnick

OSIntOps News

11 May 2024 08:08

OSINT Psychology: Understanding the Human Element of Intelligence Gathering
link
Although OSINT is a useful tool, it's important to keep in mind that humans are ultimately responsible for producing the information. As a result, OSINT investigators must be cognisant of the human biases and cognitive distortions that might influence OSINT data collection, analysis, and interpretation.

This presentation will provide OSINT investigators with a deeper understanding of the human biases and cognitive distortions that can influence their work.

Participants will learn practical strategies for mitigating these biases and distortions, as well as defending against social engineering attacks.

SANS Open-Source Intelligence Summit 2024
OSINT Psychology: Understanding theHuman Element of Intelligence Gathering
Sharon Knowles, CEO, Da VinciCybersecurity & Digital Forensics

OSIntOps News

09 May 2024 08:08

Maximizing Social Media Data Extraction: Dumping and Preserving Content for OSINT
link
In today's digital age, social media platforms serve as vast repositories of personal and historical data, each click and post chronicling our lives in the digital ether. The urgency to preserve this invaluable digital footprint is essential for a multitude of reasons, including legal compliance, personal memory preservation, and conducting historical research. This presentation offers an opportunity to delve into the critical skill of gathering and capturing information from social media pages efficiently, reducing exposure, and ensuring the preservation of all necessary metadata. Further, these crucial techniques should be accessible to all, not limited by financial constraints which is why all tools shown will be free of cost. The speaker will introduce a structured methodology for dumping and preserving the content of social media accounts, ensuring that critical information, posts, and media are archived effectively, and with no cost.

The methodology that will be proposed is in three phases:
1. Data Collection
2. Automated Download
3. Data Preservation

By the end of this presentation, participants will gain:
A structured methodology for dumping and preserving social media content.
In-depth knowledge of free tools and resources for data collection and automation.
Expertise in data preservation techniques that ensure the longevity of archives.
A strong foundation for leveraging OSINT for a wide range of applications, from investigations to research.

This presentation is a must-attend for anyone involved in Open Source Intelligence (OSINT), whether a seasoned investigator, researcher, or novice looking to harness the power of social media data. The practical approach to using free tools levels the playing field, making OSINT accessible to all.

SANS Open-Source Intelligence Summit 2024
Maximizing Social Media Data Extraction: Dumping and Preserving Content for OSINT
Megan Munoz, Founder, DataPoint Intelligence Training & Solutions

OSIntOps News

08 May 2024 08:08

Stunt OSINT: AI and Content Networking Display
link
Using OSINT and AI, we can find details and connections from public content like podcasts, youtube etc. We will walk through the process and see how we can use it for other source information as well.

SANS Open-Source Intelligence Summit 2024
Stunt OSINT: AI and ContentNetworking Display
Michael James, Sr. Security OSINT Architect, National Indemnity

OSIntOps News

07 May 2024 08:08

Oh My Stars! Using Astronavigation Techniques to Do Image Geo-Positioning
link
Stars, planets, and the moon can help you find out when and where a photo was taken.

In this talk, Mick will share how to use navigation techniques to locate where and when a picture was taken. Best of all, no sextants or astronomy is needed to apply these techniques yourself!

SANS Open-Source Intelligence Summit 2024
Oh My Stars! Using Astronavigation Techniques to Do Image Geo-Positioning
Mick Douglas, Principal Instructor, SANS Institute

OSIntOps News

05 May 2024 08:08

Humans Are More Important Than Hardware
link
People - not technology - make the critical difference. The right people, highly trained and working as a team, will accomplish the mission with the tech available. On the other hand, the best tech in the world cannot compensate for a lack of the right people. OSINT professionals outfitted with the latest technology may at first gain a slight advantage, but they will soon fall behind any cohesive team that is focused and well trained. Humans with a strong sense of purpose and passion can work tirelessly, and their innate longing for justice and freedom can never be matched by a machine.

SANS Open-Source Intelligence Summit 2024
Keynote | Humans Are More Important Than Hardware
Jeff Tiegs, President, Skull Games

OSIntOps News

03 May 2024 08:08

toADS: Hunting Online Advertisements
link
Email Protection and Security Awareness Programs have raised the bar to make more difficult for offenders to cheat users on clicking over phishing or scam links. Some alternative techniques have arisen such as sending them through Direct Messages in Social Media networks. A remarkable technique is being profited to reach them directly thanks to a paid feature, advertisements.

AdTech stack is a complex and dynamic environment composed by providers, brokers, and publishers. Transparency regulations have forced providers to share information about advertisements running across their platforms in a database known as AdsLibrary, providing information about their audience target, impact, and requestor.

This talk describes how to collect information about online ads using APIs facing well-known AdsLibraries from Meta, Bing, and Google combined with live data collection using scrapping techniques. A new open-source OSINT tool (in beta stage) named “toADS” to support the collection and analysis of online ads for hunting and investigative purposes.

SANS Open-Source Intelligence Summit 2024
toADS: Hunting Online Advertisements
Carlos Fragoso, Associate Instructor

OSIntOps News

26 May 2024 08:08

Week in OSINT #2024-20 - sector035 - This Week's Meme

OSIntOps News

25 May 2024 13:13

Week in OSINT #2024-19 - sector035 - Telegram Phone Checker

link

I have been investigating Telegram users for quite some time already, and I love to use tools that can check whether a phone number has an active account connected to it or not. A few months ago, Bellingcat made some changes in their Telegram phone number checker, and I gave it a small test run. The Python tool can check one or more phone numbers at once, and after it finishes within a second, it stores the information in a JSON file for further analysis. Thanks Jake Creps for sharing this in your OSINT Newsletter!

OSIntOps News

24 May 2024 18:18

How to Leverage OSINT for Brand Intelligence

by Alex Lozano

OSIntOps News

24 May 2024 08:08

Week in OSINT #2024-20 - sector035 - The Dark Web

link

Ritu Gill shared this older article the other week, that goes over some of the basics when it comes to browsing the dark web. It explains some important things, like the importance of staying safe, using VPN's or proxies to disconnect yourself from your corporate network, and other tips. It is mostly a commercial post for Silo for Research, which is a cloud based platform for researching, by Authentic8, but the tips within this article, are for everyone.

Within the article, there are several other links that lead to more blog posts by Authentic8. They feature articles about how to really blend in while researching, some more basic information on the several 'nets' out there, and more. So do click along, and read up about some basic tips and tricks to stay somewhat safe, on this darker side of the internet highway.

OSIntOps News

23 May 2024 13:13

Week in OSINT #2024-19 - sector035 - User-Agent Switchers

I like the idea of switching to a specific User-Agent, whenever there is a particular need for it. For instance, when you want to retrieve JSON data from the Instagram API, it can easily be done in a web browser, but you need to trick the backend by spoofing the request as coming from a mobile app.

User-Agent Switcher: Chrome extension
For this, a User-Agent switcher that can automatically change the 'request headers' so it appears it comes from an app, is very useful! And there are a few of these extensions. As can be seen in this screenshot, it is possible to set a custom User-Agent for a very specific URL.
Different extensions, have different options. As can be seen in the screenshot above, it is possible to set a User-Agent for a very specific subdomain, and even a path! This helps me to only spoof a request when I browse to the Instagram API, but nothing else.

User-Agent Switcher and Manager: Chrome extension
The second extension, has a different feature that can be really nice: It can select a random user-agent, by providing it a set of possible options. This way, every time you visit the specific domain or subdomain, there will be a different device that is being spoofed.

These are not the only two extensions that have this ability, and there are pros and cons to each. So you will have to do some research on your own, and see what suits you best. I also only added two Chrome extensions, for the purpose of sharing this tip, but of course there are options out there for non-Chromium based browsers, like Firefox and Safari.

OSIntOps News

22 May 2024 18:18

16 network visualization tools that you should know!

vespinozag/16-network-visualization-tools-that-you-should-know-2c26957b707e">link

In this story, I share 16 tools for network visualization. Each tool offers different functions, so the choice of tool will depend on your research needs.
There are undoubtedly other visualization tools, but the goal of this story is to share with you the ones I have used. In fact, for some of the 16 tools, I have already previously written a story, so I am also happy to share it with you.

The poster I present on the cover of this story is the second version of a poster I previously published on Twitter and LinkedIn. In this second version of the poster I updated some networks, additionally I have added more visualization tools and I wrote this story on Medium where I describe each tool.

For each tool you will find:

- A brief description of the tool.
- The link for a story I wrote about that tool (if applicable).
- A link to the tool’s website to learn more.
- A screenshot of an example of a network.

OSIntOps News

22 May 2024 08:08

Week in OSINT #2024-20 - sector035 - Street View
Wikipedia

Last week Cyb_detective shared a tip about Bing 'Steetside'. A lot of people know Google Street View, Apple Look Around, or maybe even Kart View. But Microsoft also has a really good coverage with Streetside. It is not as up-to-date as Google, but it never hurt to try and find a different source, if Google can't help out.

And in case Bing doesn't have the answer, it might be good to know there are several other street view providers out there, depending on the country you are investigating, all mentioned on a Wikipedia page.

OSIntOps News

15 May 2024 10:07

VMware giving away Workstation Pro, Fusion Pro free for personal use

https://www.theregister.com/2024/05/14/vmware_workstation_pro_fusion_pro/

VMware has made another small but notable post-merger concession to users: the Workstation Pro and Fusion Pro desktop hypervisor products will now be free for personal use.

The cloud and virtualization biz, now a Broadcom subsidiary, has announced that its Pro apps will be available under two license models: a "Free Personal Use" or a "Paid Commercial Use" subscription for organizations.

Workstation Pro is available for PC users running Windows or Linux, while Fusion Pro is available for Mac systems with either Intel CPUs or Apple's own processors.

OSIntOps News

12 May 2024 08:08

Telegram 101 to 401
link
This presentation will introduce Telegram as a messaging app and social network and how the analyst/investigator can incorporate Telegram into their open-source investigations. The listener will be taken through the basics of what is Telegram (101), how to access Telegram safely (201), what information can be extracted and how to extract it from the platform (301), and how to process the information into a visual format to derive social network insights (401). To make the presentation actionable, the cases and tutorials presented will be in the lens of the Russian invasion of Ukraine and the Hamas attack on Israel, and how Telegram was used in both events by the attackers and defenders for their respective purposes.

SANS Open-Source Intelligence Summit 2024
Telegram 101 to 401
Stephen Lerner, Intelligence Analyst Team Leader, Cobwebs Technologies

OSIntOps News

10 May 2024 08:08

A Practical Guide To OSINT On the Russian Internet
link
his presentation will focus on practical tips and techniques for conducting OSINT in the Russian information space. The information will be accessible to beginners but also to more experienced professionals. Attendees will be able to immediately apply the techniques covered in this talk and be ready to conduct their own research on the Russian internet.

The talk will cover:
1) Overview of key Russian platforms (VK, OK, Telegram, etc)
2) How to create, register, and maintain sock puppets on Russian platforms.
3) VPNs and phone number issues.
4) Specific tools for researching Russian people and businesses.
5) Additional resources to help with intelligence collection.

Each section will be illustrated with real-world examples.

SANS Open-Source Intelligence Summit 2024
A Practical Guide To OSINT On the Russian Internet
Steven Harris, SANS Instructor Candidate, SANS Institute

OSIntOps News

08 May 2024 13:13

wayback-keyword-search
link
This tools downloads each page from the Wayback Machine for a specific input domain and saves each page as a local .txt file, so that you can later search for keyword matches within the saved files.

Downloading is done with the "download" file; and searching with the "search" file.

You can download pages saved in specific years (i.e.: 2020), or years and months (i.e.: 202001), or years and months and days (i.e: 20200101), just specifying the date format in the prompt. If you want to download everything in the 2000's or 19**'s regardless the saved date, just type "2" (for the pages saved past 2000) or "1" (for the pages saved in the XXth century) in the prompt, and the tool will save each page matching that criteria. So, if you want to download a website that has been archived across 1999 and 2000, you will need to run the tool twice.

If you need to download big websites (thousands of saved pages), it may require quite a long time now. Still better than nothing. I advice using a VPN with auto switch, changing IP address every 30 minutes to avoid blocking.

Sometimes, when the Wayback API is down, you cannot fetch the entire list of URLs it has archived (this happens quite often based on recent experience); so be patient and retry.

There is a Python3 version and a Go version.

OSIntOps News

07 May 2024 13:10

FRAVIA: The Art of Searching
📚 Meet the e-book with selected writings of Fravia: a philosopher, a reverse engineer, and a master of search.

https://soxoj.substack.com/p/book-fravia-the-art-of-searching

A medievalist and informatician-linguist, shifted from the cracking topic to search lessons. He pioneered internet search 25 years ago; he explored propaganda a decade before Bellingcat began. I'd like to rediscover it for OSINT specialists and a wide audience.

Enjoy reading!
by Soxsoj

OSIntOps News

06 May 2024 08:08

Every Contact Leaves a Trace
link
The Internet now touches and intrudes on almost every aspect of our lives. There is a flood of data available that identifies individuals at our fingertips, sometimes apparent, but more often hidden. Conducting investigations in this new world has provided new opportunities as well as technical challenges, and has raised legal and ethical issues along the way. Now with the smallest piece of information, we can uncover crimes and corruption. Still, these same techniques can be used by malicious actors, authoritarian states, and even corporations for unethical and even nefarious purposes. In this presentation, Ken Westin will discuss real investigations and techniques he has used to track and unveil organized crime groups, white-collar cybercriminals, and disinformation and how these same techniques can be used against the innocent. Ken will also discuss why this Pandora's Box will continue to bring challenges to privacy, truth, and human rights and how we as a community can help to protect all three.

SANS Open-Source Intelligence Summit 2024
Every Contact Leaves a Trace
Ken Westin, Field CISO, Panther

OSIntOps News

04 May 2024 08:08

Identifying the Secret Military Helicopters of Washington, D.C.
link
Since 2020 Helicopters of DC has been revealing Washington, D.C.’s helicopters to residents using crowd-sourced and open-source data. This talk will start by briefly outlining the Twitter data submission system we designed to track D.C.'s helicopters, before explaining how Musk's changes to the platform invalidated it (some reasons, like dropping FourSquare API, might surprise you). We dive deep into the Telegram bot we designed with a free low/no code platform Make.com that allows residents to submit "helicopter spots" and returns them instant answers from ADS-B and computer vision analysis of their photos. I'll demonstrate how set up your own computer vision program with a free Roboflow account. This platform helps you manage enormous datasets of photos, and collaboratively annotate, train, and deploy models to infer on their hardware without a line of code. Last we will look at ATC radio, and how we are remotely collecting it with a waterproof Raspberry Pi, an RTL-SDR, and open-source RTL-SDR Airband software. Helicopter radio shares a channel with Washington National Airport's ground traffic (responsible for some 5 million transmissions a month). I will show the audience how despite aviation-specific terminology we are using OpenAI-Whisper to filter these transmissions for helicopter-specific keywords. Finally we will look at how our Telegram users can review the relevant radio transmissions for accuracy, and tag them with terms to build an annotated map with attached audio that is shared with the public.

SANS Open-Source Intelligence Summit 2024
Identifying the Secret Military Helicopters of Washington, D.C.
Andrew Logan, Investigative Developer, Helicopters of DC

OSIntOps News

02 May 2024 20:47

Online Cryptography Course
link
Instructor: Dan Boneh, Stanford University

Online cryptography course preview: This page contains all the lectures in the free cryptography course. To officially take the course, including homeworks, projects, and final exam, please visit the course page at Coursera.

Textbook: The following is a free textbook for the course. The book goes into more depth, including security proofs, and many exercises.

A Graduate Course in Applied Cryptography by D. Boneh and V. Shoup (free)