OSIntOps News

14 Aug 2024 18:18

Week in OSINT #2024-29 - sector035 - urlDNA

Link
urldna/use-case-building-your-phishing-threat-hunting-query-library-with-urldna-io-0d86fc237bba">Blog

Last week I was notified by 0xtechrock about a new online service, called 'urlDNA'. It is an online platform is able to scan malicious or suspected phishing sites, and has a wide range of query options available. It can be used for brand monitoring, query on similar sites via favicons, screenshots, or infrastructure, and a lot more. It gives you an online sandbox and it can scrape new sites via their Python library. And the best part of all, it is all free!

OSIntOps News

13 Aug 2024 18:18

Week in OSINT #2024-29 - sector035 - Micah's Resources

Link

Staying on the topic of DNA, this man has OSINT embedded in it I think! He has been a mentor for a lot of people over the years, and many have seen him teach SANS classes, or are enjoying his current online content. Micah Hoffman has developed multiple tools and techniques over the years, and on this page he shares them with you. Pretty much all of his resources have been featured in WiO before already, but for some this might all be new. So go over, and check out the free content, and do make sure to check out his course material too!

OSIntOps News

12 Aug 2024 18:18

Week in OSINT #2024-29 - sector035 - OSINT4All

link

This StartMe page is several years old already, but it is almost impossible to collect them all! So here is another one for you to have a look at, and see what resources are available in there. It is still being updates, with the last update around 2 months ago at the time of writing, and contains loads of different categories for you to explore. It is still a mystery to me why it was never featured though, since it has been the most visited StartMe page several times in the last few years. Time to continue this I think

OSIntOps News

11 Aug 2024 18:18

Week in OSINT #2024-31 - sector035 - MEME

OSIntOps News

10 Aug 2024 18:17

Telegram Overseer
link
This tool is designed for easy data collection and analysis from Telegram. It's user-friendly for non-programmers, providing insights through various commands.

OSIntOps News

04 Aug 2024 13:13

Week in OSINT #2024-30 - sector035 - meme

OSIntOps News

03 Aug 2024 08:08

Week in OSINT #2024-30 - sector035 - Intelligence Disciplines

Link

Ritu Gill shared an article over at OSINT Team about all types of intelligence gathering, of which OSINT, or open source intelligence, is just one of the many. They explain different disciplines, and explain their use case, and have a short bit of history about each one. An interesting blog, for people that don't know about the different aspects of the intelligence community.

OSIntOps News

02 Aug 2024 08:08

Week in OSINT #2024-30 - sector035 - Mental Health

Link
For the first topic, I simply quote the author Jochen Spangenberg:

This paper deals with those working on the digital frontline, namely journalists, researchers and investigators who view, evaluate, and potentially use digital content such as eyewitness media for their reporting. Viewing such content often also means being exposed to gruesome or disturbing material of all types. This can take its toll on the mental wellbeing of investigators.

His research paper isn't that long, and is absolutely well worth a read, whether you are new to the field of open source intelligence, or a seasoned investigator already. In the less than 20 pages, filled with references, he talks about the different types of trauma that can occur when doing this job. He also talks about how to be prepared, or little tricks to help coping with sensitive material, and of course about seeking help if needed, or hos to spot signs of someone that might be struggling with vicarious or secondary trauma.

It doesn't always have to be a gruesome scene from a war scenario that is triggering, because from personal experiences I can say that sometimes even a heart breaking story with non-lethal impact can trigger emotional responses. Whatever your area of expertise is, and no matter the type of stories you investigate, it is always possible to have strong emotional reactions during an investigation. So read up on this research paper, and take your time for it. Talk about it with staff, colleagues or others close to you, and use the tips for your own benefit.

And I would like to close this section off, with Jochen's own closing remarks:

Finally, it is hoped that this contribution succeeded in raising further awareness for the topic and, ideally, can help to avoid ‘learning it the hard way’ by providing some useful tips, advice, and resources before the (mental) damage is done to those deal-ing with potentially disturbing digital content.

OSIntOps News

05 Jul 2024 18:47

Image of Ritu Gill https://www.forensicosint.com/

OSIntOps News

23 Jun 2024 13:13

Week in OSINT #2024-22 - sector035 - This Week's Meme

OSIntOps News

21 Jun 2024 21:21

Week in OSINT #2024-21 - sector035 - This Week's Meme

OSIntOps News

21 Jun 2024 08:08

Week in OSINT #2024-21 - sector035 - I Seek You

This won't mean a lot to all the 'youngsters' reading my weekly articles, but on June 26, 2024 the good old messenger ICQ will stop working forever. When it was launched by Mirabilis back in November 1996, it pretty much became an instant hit, since it was the first centralized chat app that enabled one-on-one chats with people from all over the world. Several years after the launch, in 2001, it had over 100 million users, but after the acquisition of Mail.ru in 2010 the decline started. One of the reasons is probably the ever growing use of Telegram in Russian speaking territory, the popularity of WhatsApp, Messenger and other chat apps. During the last decade or so, the popularity went down even more, and from 42 million daily users in 2010, only 11 million monthly users were seen back in 2022. It was one of the first chat apps I used, besides MSN Messenger, and I still have some great memories of them. Thank you for some great times, ICQ. You will be missed...

OSIntOps News

20 Jun 2024 13:13

Week in OSINT #2024-21 - sector035 - SnapMap Archiver

Link

This tool is over three years old already, with its first commit on GitHub on January 28, 2021 by Miles Greenwark. It is a small Python tool that enables you to specify one of more locations, range or Snaps, and download a load of Snapchat videos posted on or around that particular location. I hadn't heard about the tool before, until GingerT notified me about it.

OSIntOps News

19 Jun 2024 18:18

Manifest V3 - sector035
link
This page contains a list of extensions, and their respective Manifest versions. In the previous post, the author wrote about the upcoming changes within the Chromium based browser extensions. This page contains a list of extensions that use the newer Manifest V3, and should be (somewhat) future proof.

OSIntOps News

19 Jun 2024 08:08

Week in OSINT #2024-22 - sector035 - Geolocating a Gang Leader

Link

Benjamin Strick has been scrutinizing a CCN interview with a Haitian gang leader, and has been able to find the exact location where the interview took place. Even though the location might have been known by law enforcement already, the article shows how he worked, step-by-step, to find the actual house. And since Haiti doesn't have street view, nor does it have a lot of third party captured imagery, most will have to be done via satellite imagery. Another great example how geolocation of video or images can be done, with some basic tools, and enough perseverance.

OSIntOps News

14 Aug 2024 13:13

Week in OSINT #2024-31 - sector035 - Phone Numbers

Link

Via a tweet by Cyb_detective, I discovered a page over on the web site of OH SHINT!. The page is dedicated to phone numbers, reverse searches, general phone books, and even has a few country phone books listed already. It is a work in progress, and this is something I have been wanting to do myself too some time ago. But when I still had my links on this website (no worries, they will come back!) I never was able to actually finish that section, dus to the sheer amount of online phone registers put there! Well done so far, and I am surely going to bookmark this link!

OSIntOps News

13 Aug 2024 13:13

Week in OSINT #2024-31 - sector035 - OSINTlytics

Chrome extension
Link

During my adventures on the internet, I discovered a new Chrome extension called 'OSINTlytics'. It adds a small context menu to your browser, that detects several different things, like:

IP addresses
MD5, SHA1, SHA256 hashes
Domain names and URLs
Windows error codes

OSIntOps News

12 Aug 2024 13:13

Streaming Overseer: A Telegram Monitoring Tool
https://github.com/afolivieri/streaming_overseer
This tool monitors specified Telegram channels for messages that contain certain keywords and forwards them to a private channel. It's built using Python and Telethon, a Telegram client library.

OSIntOps News

11 Aug 2024 17:54

Week in OSINT #2024-29 - sector035 - BigDomainData

Link

Everybody knows Whoxy, when it comes to retrieving historical Whois information. And until some time ago there was DomainBigData, but sadly that has stopped operating. But while I was doing a research project on my own, I actually found a similar site. With BigDomainData, you have a large database of historical Whois data to your disposal. And even though Whois records are mostly redacted due to GDPR laws, it can still give an indication whether a domain name has been transferred or not, since usually the city and country are still visible. So when a long running domain name hasn't moved from the location after being redacted, you may actually have an indicator who the current owner is. And with this site, it isn't just historical records, but they also offer a reverse search on all sorts of Whois records too.

OSIntOps News

05 Aug 2024 08:08

Week in OSINT #2024-30 - sector035 - Jason and Dragons

Link
Site

Carey Parker from the Podcast "Firewalls Don't Stop Dragons Podcast" talked with Jason Edison about open source intelligence, doxing, privacy and more. This is an interesting podcast that wasn't on my radar yet, focussed on security and privacy for 'non-techies', as Carey describes it.

OSIntOps News

04 Aug 2024 08:08

Week in OSINT #2024-30 - sector035 - Breadcrumbs.app

Link

There are several tools out there that offer apps to do crypto analysis, and most of them are extremely expensive then it comes to licensing. But now there is an alternative, and even in the higher price range it is still cheaper than some of its competitors: Breadcrumbs. The nice thing is, that even with the free version you are able to visualize actions on the blockchain, and still gives you a very nifty tool with lots of options for manual editing.

OSIntOps News

02 Aug 2024 13:13

Week in OSINT #2024-30 - sector035 - Search Grid

Link

Galen Reich created something I needed some time ago, but where I created a transparent image with a search grid as an image overlay, he created an online tool for it that can generate a custom grid in a KML file. It consists of loads of small squares you can click to go to, but that you can also colour to highlight certain search areas. An awesome addition to Google Earth Pro, and highly recommended. Thank you for this Galen!

OSIntOps News

17 Jul 2024 20:35

⚠️ I am looking for OSINT investigators interested in using SL Crimewall for their daily tasks.

🤝Just DM me!

#community #crimewall #sociallinks

OSIntOps News

05 Jul 2024 15:12

Using OSINT to identify AI-generated content
https://www.authentic8.com/blog/osint-ai-generated-content
15 techniques plus tons of tools to spot AI-generated text, videos, images and audio in OSINT investigations.

After the public release of ChatGPT, the adoption of generative AI technology has witnessed a tremendous boost. Individuals and organizations began using it widely in various contexts, such as customizing customers' experiences and increasing employees' productivity. Nevertheless, there are numerous cases where generative AI can be adopted in the dark side. Generating fake content is among the top threats of this technology.

When discussing OSINT challenges from the online investigators' perspective, the most prominent two challenges appear in the sheer volume of public data and their trustworthiness. The generative AI technology can contribute to increasing both challenges: generating massive amounts of content at little cost — which could be fake!

In this guide, I will discuss how OSINT investigators can use various methods, tools and techniques to spot fake content spread across the web. However, before I begin, let me briefly discuss why threat actors spread phony content.

OSIntOps News

22 Jun 2024 08:07

Information Laundromat

https://informationlaundromat.com/

The Information Laundromat is a lead generation tool used to determine if and how websites share architecture and content. It provides two core functions: content similarity and domain forensics matching.


Investigate Content Laundering

Use the Laundromat to uncover websites republishing content from Russian state media. This function highlights articles that closely resemble the original sources, enabling analysis of content laundering at a large scale. A detailed report of the network involved is available below.

Uncover RT's Mirror Networks

The Institute for Strategic Dialogue has identified domains that are mirror images of RT websites, down to branding and code. Utilize the Laundromat's Metadata Similarity tool to detect common features across these mirrors.

Generate Open Source Intelligence Leads

The Laundromat is also instrumental in producing OSINT leads regarding the construction, sponsorship, and social media linkages of websites, regardless of their content's provenance.

OSIntOps News

21 Jun 2024 13:13

Week in OSINT #2024-21 - sector035 - Layer 8 with Hervé

link

Layer 8 Podcast published another podcast, and this time my old friend Hpiedcoq is a guest. He is one of the founders of the French organisation OpenFacto, where they train journalists and citizens in the art of open source investigations. He talks about his past, the trainings he gives, operational security and more.

OSIntOps News

20 Jun 2024 18:18

Week in OSINT #2024-21 - sector035 - Open Source Journalism

Link

Aware Online shared a link to a BBC video in his Dutch newsletter last week. Over at BBC World Service Presents, Daniel Adamson talked about the history of open source investigations. From the rise of smart phones, and the start of Bellingcat, to how the BBC started to focus on open source journalism. For me, BBC Africa Eye will always have a special place in my heart, since it was an important part of my personal carrier, and I encourage anyone to view the video that showcase some amazing investigations.

This video contains graphic images that may be disturbing to some viewers.

OSIntOps News

20 Jun 2024 08:08

Week in OSINT #2024-21 - sector035 - Old Google

UDM14 Script
Google Pagination

Over at X, I received a notification from Roland Vergeer, about the announcement by Google that they will be adding AI powered answers to your search results, whether you want it or not. If you are in the business of finding information, like us, and don't want AI-enriched responses to questions you never asked, then you should read this. Last week Ernie Smith wrote an article about how to remove this unneeded nonsense. By simply adding the parameter &udm=14 to the URL with your Google search results, you can remove all Ai generated answers, and it even removes adds. One way of solving it, is by creating a custom link within your browser settings, so it fires it up when you use your default search engine.

A different way, is by using a GreaseMonkey script, that changes the behaviour of the interaction with Google all together. A small and simple script that automatically adds this parameter into the URL, is already available. And while you're busy with installing GreaseMonkey scripts, you might also want to add pagination back to Google! Because that is an option I still miss, because I simple hate the perpetual scrolling that I can't seem to turn off in my settings.

OSIntOps News

19 Jun 2024 13:13

Week in OSINT #2024-22 - sector035 - Phase-out of Manifest V2

List with extensions
Link

An important change within Chromium based browsers is about to start very soon, the phase-out of the so-called "Manifest V2" extensions. A manifest is a framework for extensions, and has been in use for many years already, despite some official.boomconsole/manifest-v2-vs-manifest-v3-in-browser-extensions-1779c6902da6">security issues that could occur due to its nature. The V3 is already active, and is in use by a lot of extensions already, but this might change very soon. One of the biggest changes could be that ad-blockers won't be as effective, due to the fact that updates in the list of domains will go through the Chrome web store, and have to be approved first, while it now is done by the extension itself in the background, sometimes several times a day. But there are also other

Examples of Chromium based extensions that still use Manifest 2, and that I have installed myself, are:

- GHunt Companion
- JSON Viewer
- Map Switcher
- OldTweetdeck
- Tampermonkey
- uBlock Origin
- User-Agent Switcher and Manager

As you can see, there are some well known extensions on that list, and it is very well possible that certain extensions will stop working all together in the near future. This means that new extensions will have to be developed, workarounds need to be found, or maybe even switch to a different browser. One possibility is to test out Thorium. There has been requests to keep the support for Manifest V2 for several years within the Thorium community, and the developer has mentioned more than once he will do his best to delay the phase-out as long as possible, until the code is fully removed from Chromium.

Brave Browser isn't a solution either, since they will also start implementing the change very soon. The only advantage with the Brave Browser is, that they have their built-in Ad Blocker. But if blocking advertisements is your only concern, you might as well look at completely different options, in my opinion!

So what will this mean for open source investigators, that rely heavily on extensions within their browser? Well, you can always switch to Firefox, because after some quick searching, I have found no mention of Firefox dropping the support of Manifest V2. The only problem is, that Hunchly will not work in Firefox, so if you really need Hunchly, you are out of luck and might need to use two separate browsers, and only capture half the pages you visit.

While writing this section, I did some checking, but life of course take unexpected turns, so I spent half a day cleaning up the kitchen after a blocked drain. But when I went over some notes, I did find some positive news after all. Because it seems that the beta version of Tampermonkey runs okay with some user scripts that I have installed. And within the release notes of Chrome 124 Enterprise and Education, I read that another beta version, of a User-Agent Switcher, is also update to Manifest V3. It is still possible that certain extensions will break, or stop working, but

For now, I will be actively looking for solutions, or replacement extensions, to fill certain gaps. Do feel free to share good alternatives for browsers, or extensions, with the community so we can help each other out!

OSIntOps News

18 Jun 2024 18:18

Week in OSINT #2024-22 - sector035 - Hunted's Hickman

link

The show Hunted has been running for several years in the UK and other countries. Even though a lot of the techniques used are sped up for the show, all required legal paperwork is removed, and based on the Dutch episodes I saw some years ago, legal warrants are given fairly easily. But still, a lot of the techniques portrayed in the show are real. In that way, it does give a good insight in how law enforcement, or investigative bureaus work. In this interview, Daisy Hickman is being interviewed on Baker's Chatcast about her career, and her experiences in Hunted.