3541
Founder of @osint_mindset / soxoj.com / @soxoj
Thursday OSINT memes!
A source: https://www.linkedin.com/feed/update/urn:li:activity:7272919131111215104/
#memes
🚨Investigation Insights: A comprehensive graph reveals known accounts, emails, and phone number linked to Luigi Mangione, recently arrested on suspicion of involvement in the tragic killing of UnitedHealthcare CEO Brian Thompson.
Data was collected from open sources using OSINT techniques.
Full size: https://imgur.com/a/jGufU76
Powered by SocialLinks Crimewall.
#OSINT #investigations #sociallinks #crimewall
Big updates are coming soon. Can you guess what they are?
Читать полностью…
🦄 Favicorn is now integrated into the search methods of usersearch.ai under the Websites Forensics category and is available online for free!
By the way, you can also use Maigret for username searches on the same platform 😉
👉 https://usersearch.ai/
#tools #cybersec #favicon #username #maigret
How can we beautifully and attractively visualize the search for negative content online?
I promise a gift to the person who gives with the most awesome idea.
👇Drop your suggestions in the comments!
A great post from my friend OSINT Tactical on the specifics of working with the ‘Last seen’ field, using Google accounts as an example.
Source (LinkedIn)
---
Let's talk about gathering #intelligence and solving important cases thanks to #Google accounts.
Many people actually don't know this, they think that to be able to have a Google Account & a GAIA ID, you would need to have a Gmail address.
Wrong, you can create a Google Account with any email address, which will provide a GAIA ID, a Google Maps account, and many other Google Services.
It gets interesting for us the analysts, because any modification done to a Google Account will trigger a recent activity, or "Last Seen".
See the screenshot below of my Google account, which is NOT a Gmail address, I made the change just before writing this post, see how accurate it is 💪
Keep in mind that Google operates with UTC, the time you will see is always UTC, and if you are writing a report for an individual believed to be in another state, you will have to calculate the time it was in that particular state. (Obviously, if you know the person didn't move around)
What did I do to trigger this last seen? I just made a minor change to my account settings (a privacy setting)
Whether you choose a free tool like #Ghunt made by the awesome Mxrch, or paid tools like OSINT Industries or Epieos, this is entirely your choice.
As an analyst, how can you use this last seen and for what types of cases?
I can think of so many reasons, and I use this a lot for Missing Persons cases, to know if the account is still active, to see if a person made any recent changes to their account (post-disappearance activity meaning the person may still be alive).
Now, there has been a lot of debate about the "Last Seen", sometimes being triggered without any modifications done by the user, and having talked to specialists about this, Google can apparently push new terms and conditions (forcefully), which would trigger a last seen .
But Google will obviously push this at the same date and time for all right? So it's easy to find out if it is a T&C update, or if it was the user, or someone else accessing the user's account.
Lastly, I recently found something of interest.
I had a complicated case:
1️⃣ One Gmail address used for criminal activity, with no traces left anywhere, but one highly probable suspect.
2️⃣ The real Gmail address of the suspect.
3️⃣ The real Gmail address of the suspect's partner.
Analysis was conducted on the 3 accounts, and the "Last Seen" was identical for all 3 Gmail accounts, identical in date & time, right down to the second!
I checked dozens of other gmail addresses, from the same country, and even the same state. It was not a Terms and Conditions push by Google.
As you couldn't possibly modify 3 accounts at the very same second, the only logical explanation I found for this is that the 3 Gmail accounts are linked, and probably on the same device, maybe a home computer, the change triggered a last seen on all 3 accounts at the same time.
If you have any thoughts on this, I would be happy to hear your input.
Free webinar Social Links x OSINT Industries: How to Optimize Investigations
It will be ultimately interesting, I promise. 🌝
Register 👉 sociallinks.io
#sociallinks #webinar
📍 Big update of GEWEL (GEoint Weaknesses Enumeration List) by Dukera
What's New:
❗ New techniques
✍️ Explanations, examples and useful tools
🔥 New classification: Use of GEWEL
As part of the new classification, two use cases that were presented at OSINTOMÁTICO Conference 2024 and KazHackStan 2024 conferences have been published. The examples contain a detailed analysis of cases using the GEWEL framework:
👉 UoG-1. Geolocating in a Suburban Area
👉 UoG-2. Getting Date and Time of Creation
No password is required to access the framework 🔓
Source: Telegram, LinkedIn
#community #geoint
The archived tool allowed to uncover a part of Instagram mutual followers: https://github.com/novitae/Tenai
It exploited the service information leak in API endpoint https://i.instagram.com/api/v1/fbsearch/accounts_recs/, which, for a few weeks, was returning some new parameters (Python-like values), such as “sources”:
- [11]: accounts following and being followed by the target account (mutuals)
- [20]: your personnal suggestions influenced by your activity
- [47]: 2 accounts or more you follow are following this user
At the time of active development of the tool, there were no additional categories, but now I see a few new ones. Considering the source numbering (up to 47 suggestion sources?), we can assume that Instagram was trying to collect accounts for suggestions using many algorithms and sources, and they are likely still testing other methods, so we may find unexpected correlations in the suggestions.
#instagram #tool
OK, let’s talk about method to extract followers from a private Instagram account.
TL;DR: Analyze the “Suggested for You” accounts related to the PoI account.
This section consists of accounts from several categories:
- Followers of the PoI account
- Accounts connected to followers of the PoI account
- Accounts related to your followers/followees
- Accounts that have your phone number in their contact list (😳)
- Others maybe this group is even more interesting
I conducted a small research and found that this list can include up to 20 followers of the PoI account. The total amount of suggested accounts is usually around 70-80.
This is particularly useful when you have no information about the PoI connections: with this feature you can simply start investigating their network, while it is supposed to be hidden. 🤷♂️
The challenge is the mixing of different categories of accounts. However, by gathering multiple “Suggested for you” lists for random accounts, you can create a blacklists helping you to filter useless suggestions.
Oh yes, how can you confirm if an account is a follower of the PoI? You need just to check if they follow or are followed by the PoI account. This process is time-consuming and may not work for every account, but it does work. 👍
PRIVACY TIP: None. It’s impossible to get suggestions for certain accounts, though I’m unsure why. If you have any insights, feel free to reach out.
BONUS: How to extract a list of IG URLs after clicking "See all" in Developer Tools (see picture):
$$("._ap3a._aaco._aacw._aacx._aad7._aade").map(el => "https://www.instagram.com/"+el.innerText);
OSINT mindset speakers at KazHackStan 2024! 🔥
Our speakers are back in Kazakhstan at the largest cybersecurity conference in Central Asia — KazHackStan 2024. Here is the schedule of talks:
📍Sept. 11
OSINT Track
[11:00-11:45] Dukera — GEWEL: A structural approach to GEOINT
[11:45-12:30] Soxoj — The Art of Digital
Investigations: The SOWEL Framework
[14:00-15:00] Vitaly Perov — OSINT: Underestimated Dork requests
[15:00-15:50] Pandora — Social graphs against cybercrime
[15:50-16:35] Pritchard — Obsidian as a support in OSINT investigations
📍Sept. 12
Information Security
[12:00-13:00] Gospodin Sobaka — DeFi Exploits and Hacks: Reversing Blockchain Exploits
Main Stage
[14:00-14:40] Pandora — Not tracing alone: investigating modern cryptocurrency wallet attacks
[15:10-15:50] Katya Turing — Preventing internal data leaks
[15:50-16:30] Artyom Semenov — How to protect your MlOps pipeline and model code from fears, hatred and vulnerabilities?
📍Sept. 13
Main Stage
[15:05-15:35] Adk — RedTeam: Abusing Google to fight Google
We wish our guys a successful performance and look forward to seeing everyone! 🧡
🌐Site | 💬 Forum | 🔍 Family |▶osint_mindset">YT
OSINT: Perception, Challenges, Impact, Sources
My colleagues at Social Links have compiled fascinating insights from across the OSINT industry!
Our comprehensive survey explores how organizations implement OSINT, the value they perceive, the challenges they face, and emerging trends. This report is essential for anyone in government or corporate sectors looking to optimize their open-source intelligence strategies.
Download the full report here.
#sociallinks #osint
It's possible to show accounts' profiles for messages in channels after the last Telegram release.
A new OSINT vector! 🌚
🚀 TraceLabs Bronze Medal 🥉/ mini write-up 👇
Last weekend, I was honored to participate in the Trace Labs OSINT CTF competition alongside the amazing 𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝, UnShelledSec and Stray.
This was my first experience (much to my shame), and the cases we worked on were quite challenging. I am very pleased to have helped gather diverse clues that could shed light on the whereabouts of missing persons and assist law enforcement in tracking and supporting the families of these individuals.
⚠️ Each real case is an opportunity to use #OSINT4good and advance the industry: methods, approaches, and search tools. As you may know, discovering useful new approaches and tools for investigation is my passion, so I’m excited to share some insights about what proved useful:
1️⃣ Search by Face and Name/Alias: This feature is amazing for finding social media accounts in seconds, allowing immediate evidence collection 🔥. Thanks to Social Links for this fantastic feature in Crimewall and SL Pro!
2️⃣ Search in Leaks and Stealer Logs: An excellent toolset for confirming connections and finding additional clues, digital identifiers of missing persons, or even some evidence. Huge thanks to Constella Intelligence and Social Links for this!
3️⃣ OSINT Industries: An ABSOLUTE must-have for finding accounts of missing persons that no one else might find (possibly even the owners themselves!).
🙏 Some of my other insights, I hope, will materialize into publicly available useful tools for the community or at least a couple of additional posts about methods helping to search for missing persons.
I look forward to the next competitions with great anticipation. A big thank you to Trace Labs for organizing, to all Search Party participants, and 𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝 for inviting me. Together, we can make a big impact! 🤝
OSINTerdam #8 summary 👇
Thanks again to everyone who attended the amazing meetup last weekend! 🕵♂️
Despite the exceptionally hot weather in Amsterdam, we once again gathered a unique audience of OSINT professionals and specialists from various industries and countries! 💪
Jörn Weber showed us how to use professional tools and how he structured his investigations to make them as quick and cost-efficient as possible. He has also allowed us to share a small mindmap with you: attached to this post! The recording of the talk and additional materials will be available for participants ✅
Tactical OSINT Analyst presented a practical case on using facial recognition tools, demonstrating how to combine them, utilize AI for complex cases, and follow the principles to solve a case – insights from the multiple award winner of Trace Labs! ✌️
A part of the event comparable in importance was the amazing networking at the afterparty – thanks to the atmospheric bars of Amsterdam for that. We're passing the baton to the UK OSINT Community at the London pub this week! 👍
And, by the way, thanks to our meetup, two people met in person for the first time after four years of knowing each other. 🙀
OSINTerdam. Connecting People.
👉 Follow OSINTerdam to stay updated on the next meetup – it’s coming this fall!
#community #osinterdam
UBIKRON - a new OSINT+AI capture tool
It's is a powerful tool for capturing and analyzing web pages (currently in beta), created by Roelof Temmingh, the mind behind Maltego.
👉 Website
🔎 Install in any Chromium-based browser
In fact, UBIKRON a Chrome extension that tracks the sites you visit. It saves screenshots, all the body text, and lets you take notes or highlight important areas on a page. All this data is bundled into a RAG AI assistant that helps you organize and analyze the information. 👍
What do you think? Share your feedback to help in development!
#forensics #osint #maltego
Maigret appeared in the top-3 trending repositories on GitHub 😳
I’ve made significant updates and improvements to the tool and its documentation over the past few weeks. The new release will be published on PyPI soon! 🚀
😎 Let me remind you that Maigret is used in professional social media analysis and investigation tools, such as:
- Social Links API
- Social Links Crimewall
- UserSearch.ai
Thank you all for your support!
Friday marketing masterpieces 😂
Source
#crimewall #sociallinks
FAVICORN 💖🦄 — search websites by favicons through all possible sources
👉 GitHub: https://github.com/sharsil/favicorn
Features of this new tool:
1️⃣ Search for websites by favicon URL, file, or domain
2️⃣ Supports 10 platforms
3️⃣ Pulls results from ZoomEye, Shodan, and Netlas
4️⃣ And, of course, features a cool unicorn animation!
✨Whether you’re into pentesting, red teaming, bug bounties, or investigations, give Favicorn a try! Test it out and share your feedback — your input will help us make the tool even better!
Favicorn was developed in collaboration between @seelwersowl and @soxoj, just like our previous project, mailcat 👍
#cybersec #tools #github #favicon
Finally: collaborative mode in Crimewall. Just like Google Docs, but tailored for investigation graphs🕵️♀️
🔎OSINT teams and units are often composed of people with different backgrounds and specifics, which can be helpful when they work on the same investigation and focus on different details.
Considering the heterogeneity of many OSINT units, we in Social Links have created a collaborative mode that allows different analysts to work on the same document.
🚀 This allows OSINT units to work on the same investigation but at the same time to have all the needed information collected in just one document from where it would be easier to extract all of the valuable information and generate the final intelligence report!
As always, you can get a trial access 😉
#sociallinks #crimewall
WEBINAR: Social Links X OSINT Industries 🎗
In collaboration with Social Links, Watch us demonstrate how we supercharge investigators through our powerful new integration. ✨
🗓October 29, 4 PM CET
Register now: https://osint.tel/slxoi
+ A tour of SL Crimewall w/ Sonya Oronova
+ A Live demo of OSINT Industries w/ Nathaniel Fried
+ A Q&A and Case Studies showcasing the power of our combined tools!
Learn how you can combine OSINT Industries' unmatched data coverage with SL Crimewall's deep analysis, all in one workspace.
Don't miss this powerhouse collaboration.
—
Twitter: https://x.com/OSINTindustries/status/1849785714680135807
LinkedIn: https://www.linkedin.com/posts/osint-industries_osint-crimewall-activity-7255551423092854785-4cuV
Facebook: https://www.facebook.com/share/p/iXQ6NgsEd7MiSbpK/
Instagram: https://www.instagram.com/p/DBi_EizyGML/
Github repo by /channel/soxoj_insides with example of using Social Links API (free trial) to find accounts by face on social media.
https://github.com/SocialLinks-IO/sociallinks-api
#osint #socmint
Continuing the discussion of suggested friends for OSINT investigations.
🌐 VK (VKontakte) has a similar feature: a “People you may know” list that the platform shows for private accounts.
I’ve researched this functionality a bit, and at this point, I’ve come to the following conclusions:
1️⃣ it likely had (or still has) different sources for suggestions, but currently, I only see one "friends_recommendation_source": 10
2️⃣ it doesn't provide friends of a private account; it only gives recommendations based on your account's friends and activity
3️⃣ HOWEVER, for open accounts with hidden friends it does return friends and friends of friends
I’ve implemented similar functionality as I did for Instagram -- it wasn’t difficult, just a GraphQL request using the functions friends.getRecommendations and fortuneWheel.getReceivedThrows.
The results: I've managed to quickly get 20/300 hidden friends, using the confirmation method explained in one of my previous messages. Additionally, enriching with friends of friends will deepen the social graph and provide more insights into the PoI’s communications.
#vk #realinside
How to disable Instagram's suggestion algorithm for your account:
1. Login to Instagram on the Web (it's unavailable for apps)
2. Go to Edit profile
3. Uncheck "Show account suggestions" on profiles checkbox
Description:
Choose whether people can see similar account suggestions on your profile, and whether your account can be suggested on other profiles.
As you may already know, Telegram has disabled the functionality for searching groups and people nearby. Precisely for the reason I mentioned in my article about how to use this for investigations — there was too much illegal content there.
However, you can still take advantage of this functionality with Social Links 😉
Available for LEA only. Feel free to contact me directly if you’re interested in testing.
#tools #sociallinks #telegram
This summer, I almost gave a lecture on logic in open-source intelligence investigations at one of the universities in Amsterdam. Although the lecture didn’t happen, I would like to share some thoughts based on the materials I prepared, focusing on the perspective I usually take on OSINT – automation and enhancing the efficiency of investigations.
❓ What I find truly missing in OSINT tools is the lack of positioning regarding which hypotheses they cover and how. This is reflected in the prevalent “tool worship”, which often overshadows the understanding of how and why to use tools effectively.
Typically, you know how to use the tools, understand the types of information you can gather, and generally how they work. But the challenge for many OSINT tool users lies in assessing the reliability of this information and its relevance to their investigations.
🧰 Many OSINT tools merely automate the verification of basic hypotheses, such as:
- There are accounts of the same person using the same username => let’s find all accounts by username.
- There are accounts registered with the same email address or phone number => let’s find all accounts using registration identifiers.
- There are leaks of accounts of PoI, and Found leaks contain valuable information about the PoI => let’s find all leaks using names, usernames, phone numbers, emails, etc.
These hypotheses are straightforward and typically involve uncontroversial logical chains (although they are probabilistic!). However, issues arise because usernames can be used by other people for fake or unrelated accounts; some platforms allow account registration by email without confirmation; phone numbers can be reassigned, leading to mismatches; and leaks can point to unrelated individuals or accounts as described above.
☝️ Therefore, even in simple investigations, it’s crucial to consider the logical chain and the probabilities of edge cases. And these probabilities may be highly dependent on the context of the investigation and must be taken into account.
I don't even touch on more complex hypotheses: face similarity, virtual connections between individuals, cryptocurrency wallet owner attribution by transactions, account activity patterns, etc. These require deeper analytics and validation to minimize human bias and ensure robust conclusions.
🤔 Could this be automated? I'm sure yes. Experienced investigators perform such verifications and outline the key points in their reports, and it's not that hard to algorithmize.
Why? Let's not forget that everyone makes mistakes. The more we will automate, the fewer errors we’ll have.
It would be beneficial to have at least some level of logical reasoning support in professional OSINT platforms, connecting many tools and approaches in one place. Ideally, this would involve not just assigning a weight to links between information pieces but also automating the building of the entire logical chain based on available search and analytics methods, their accuracy, and the ultimate goals of the investigation.
🫡 I understand that this topic may seem trivial to those who have been conducting investigations since the days when there was no Internet and every piece of evidence had to be painstakingly connected. However, given the overwhelming volume of information today, the barrier to entry for investigations has significantly lowered, as has the quality of logical reasoning and final conclusions, making this topic extremely important.
👇 What's your opinion on this?
#tools #realinside #vacation
Also, there is a new functionality of Stars donation: directly by ⭐️ reaction to posts! This option should be turned on in a channel settings, reactions section.
And, of course, Telegram introduced a game mechanic of donater leaderboards, so admins can see who is supporting the channel.
#realinside
🔎 OSINT Industries Enables @TraceLabs Top 3 #OSINT #CTF Team 'We Work for Open AI ֎'
👏🏼 Well done to @OSINT_Tactical, @Sox0j, @UnShelledSec and @StrayKat73 for achieving 3rd place and for obtaining the most approved submissions! #TraceLabs
We always love hearing when people are using our tool for amazing events such as this. #OSINT4GOOD 💫
We provide our #OSINT Platform for FREE for non-profit organisations, to help in finding missing persons, combatting modern-day slavery, investigating war crimes, tackling child exploitation and more. ☀️ #nonprofit #missingperson
Get free access: https://www.osint.industries/industries/non-profits
Did you participate in this?
Twitter: https://x.com/OSINTindustries/status/1820866217986642299
LinkedIn: https://www.linkedin.com/feed/update/urn:li:share:7226632006078492673/
✅ OSINTerdam #8
The meetup went wonderfully despite the exceptional 30 degrees Celsius heat in Amsterdam 😅
There were incredibly useful presentations from OSINT trainers and amazing networking at the afterparty✌️
Thank you to everyone who attended, see you at the next meetups!
#community #osinterdam