3541
Founder of @osint_mindset / soxoj.com / @soxoj
Github repo by /channel/soxoj_insides with example of using Social Links API (free trial) to find accounts by face on social media.
https://github.com/SocialLinks-IO/sociallinks-api
#osint #socmint
Continuing the discussion of suggested friends for OSINT investigations.
🌐 VK (VKontakte) has a similar feature: a “People you may know” list that the platform shows for private accounts.
I’ve researched this functionality a bit, and at this point, I’ve come to the following conclusions:
1️⃣ it likely had (or still has) different sources for suggestions, but currently, I only see one "friends_recommendation_source": 10
2️⃣ it doesn't provide friends of a private account; it only gives recommendations based on your account's friends and activity
3️⃣ HOWEVER, for open accounts with hidden friends it does return friends and friends of friends
I’ve implemented similar functionality as I did for Instagram -- it wasn’t difficult, just a GraphQL request using the functions friends.getRecommendations and fortuneWheel.getReceivedThrows.
The results: I've managed to quickly get 20/300 hidden friends, using the confirmation method explained in one of my previous messages. Additionally, enriching with friends of friends will deepen the social graph and provide more insights into the PoI’s communications.
#vk #realinside
How to disable Instagram's suggestion algorithm for your account:
1. Login to Instagram on the Web (it's unavailable for apps)
2. Go to Edit profile
3. Uncheck "Show account suggestions" on profiles checkbox
Description:
Choose whether people can see similar account suggestions on your profile, and whether your account can be suggested on other profiles.
As you may already know, Telegram has disabled the functionality for searching groups and people nearby. Precisely for the reason I mentioned in my article about how to use this for investigations — there was too much illegal content there.
However, you can still take advantage of this functionality with Social Links 😉
Available for LEA only. Feel free to contact me directly if you’re interested in testing.
#tools #sociallinks #telegram
This summer, I almost gave a lecture on logic in open-source intelligence investigations at one of the universities in Amsterdam. Although the lecture didn’t happen, I would like to share some thoughts based on the materials I prepared, focusing on the perspective I usually take on OSINT – automation and enhancing the efficiency of investigations.
❓ What I find truly missing in OSINT tools is the lack of positioning regarding which hypotheses they cover and how. This is reflected in the prevalent “tool worship”, which often overshadows the understanding of how and why to use tools effectively.
Typically, you know how to use the tools, understand the types of information you can gather, and generally how they work. But the challenge for many OSINT tool users lies in assessing the reliability of this information and its relevance to their investigations.
🧰 Many OSINT tools merely automate the verification of basic hypotheses, such as:
- There are accounts of the same person using the same username => let’s find all accounts by username.
- There are accounts registered with the same email address or phone number => let’s find all accounts using registration identifiers.
- There are leaks of accounts of PoI, and Found leaks contain valuable information about the PoI => let’s find all leaks using names, usernames, phone numbers, emails, etc.
These hypotheses are straightforward and typically involve uncontroversial logical chains (although they are probabilistic!). However, issues arise because usernames can be used by other people for fake or unrelated accounts; some platforms allow account registration by email without confirmation; phone numbers can be reassigned, leading to mismatches; and leaks can point to unrelated individuals or accounts as described above.
☝️ Therefore, even in simple investigations, it’s crucial to consider the logical chain and the probabilities of edge cases. And these probabilities may be highly dependent on the context of the investigation and must be taken into account.
I don't even touch on more complex hypotheses: face similarity, virtual connections between individuals, cryptocurrency wallet owner attribution by transactions, account activity patterns, etc. These require deeper analytics and validation to minimize human bias and ensure robust conclusions.
🤔 Could this be automated? I'm sure yes. Experienced investigators perform such verifications and outline the key points in their reports, and it's not that hard to algorithmize.
Why? Let's not forget that everyone makes mistakes. The more we will automate, the fewer errors we’ll have.
It would be beneficial to have at least some level of logical reasoning support in professional OSINT platforms, connecting many tools and approaches in one place. Ideally, this would involve not just assigning a weight to links between information pieces but also automating the building of the entire logical chain based on available search and analytics methods, their accuracy, and the ultimate goals of the investigation.
🫡 I understand that this topic may seem trivial to those who have been conducting investigations since the days when there was no Internet and every piece of evidence had to be painstakingly connected. However, given the overwhelming volume of information today, the barrier to entry for investigations has significantly lowered, as has the quality of logical reasoning and final conclusions, making this topic extremely important.
👇 What's your opinion on this?
#tools #realinside #vacation
Also, there is a new functionality of Stars donation: directly by ⭐️ reaction to posts! This option should be turned on in a channel settings, reactions section.
And, of course, Telegram introduced a game mechanic of donater leaderboards, so admins can see who is supporting the channel.
#realinside
🔎 OSINT Industries Enables @TraceLabs Top 3 #OSINT #CTF Team 'We Work for Open AI ֎'
👏🏼 Well done to @OSINT_Tactical, @Sox0j, @UnShelledSec and @StrayKat73 for achieving 3rd place and for obtaining the most approved submissions! #TraceLabs
We always love hearing when people are using our tool for amazing events such as this. #OSINT4GOOD 💫
We provide our #OSINT Platform for FREE for non-profit organisations, to help in finding missing persons, combatting modern-day slavery, investigating war crimes, tackling child exploitation and more. ☀️ #nonprofit #missingperson
Get free access: https://www.osint.industries/industries/non-profits
Did you participate in this?
Twitter: https://x.com/OSINTindustries/status/1820866217986642299
LinkedIn: https://www.linkedin.com/feed/update/urn:li:share:7226632006078492673/
✅ OSINTerdam #8
The meetup went wonderfully despite the exceptional 30 degrees Celsius heat in Amsterdam 😅
There were incredibly useful presentations from OSINT trainers and amazing networking at the afterparty✌️
Thank you to everyone who attended, see you at the next meetups!
#community #osinterdam
✍️ My new Substack article has been published!
OSINT Methodology: How to Investigate Illegal Content in Telegram Chats
Tips for cybercrime investigators
#tools #sociallinks #telegram
Are you ready for an exclusive OSINT training in Amsterdam? 😉
Join OSINTerdam meetup #8 for an insightful presentation by Jörn Weber, a seasoned OSINT investigator and managing director of corma GmbH.
Title: Elevating OSINT Investigations: The Case for Professional Tools
Subtitle: From Commodore 64 to Cutting-Edge OSINT
The talk will delve into the essential tools and techniques that elevate OSINT investigations 🕵♂️ to a professional standard. Jörn Weber will argue against the typical "free" OSINT culture, demonstrating that professional equipment is crucial for delivering high-quality results that meet client expectations. 🤝
Attendees will learn about the best-in-class software, hardware, and methodologies that save time and enhance investigative outcomes. This presentation is a must-attend for anyone serious about advancing their OSINT capabilities. 🚀
🎙 About the Speaker: Jörn Weber is an investigator, trainer, and managing director of corma GmbH. Before his time at corma, he worked as a police officer in North Rhine-Westphalia (NRW), Germany, for nearly 20 years. He investigated cases of homicide, fraud, white-collar crime, and cybercrime, and ended his service as a Detective Chief Inspector (Kriminalhauptkommissar).
Today, Jörn Weber and his team primarily support the security departments of companies and the brand protection officers of national and international clients. The clientele of corma GmbH also includes banks, insurance companies, and law firms. Over the years, corma GmbH has shifted its focus to successfully conducting internet investigations, including person searches, company searches, darknet investigations, and investigative due diligence.
In addition to his investigative work, Jörn Weber regularly conducts training on Maltego, Social Links, and internet investigations. These training sessions ensure a high level of practical relevance through the integration of established workflows and the daily use of research solutions like Maltego and Social Links. Participants include German and international police authorities, corporate security departments, investigative journalists, intelligence services, and the military.
Fun Fact: Join us in this presentation to uncover how early experiences with the C64 are linked with the pioneering German police website and how that connects to leaked data. 😉
OSINT in Anti-Drug Trafficking Investigations: a webinar!
👉 Free registration here
My team will present various case studies for LEA on Crimewall this Thursday at 1 PM CET:
🔸 Historical data on DarkNet market activity within a macroregion
🔹 In-depth social graph of a precursor broker
🔸 NLP-assisted digital profiling in Telegram
and others.
🕵♀️ Ivan Kravtsov, as always, conducted amazing research to translate impressive real-life examples into the language of investigations.
❗ If you are unable to attend this webinar, subscribe to our blog to receive notifications well in advance. And DM me to get some materials 😉
#sociallinks
🚀 The OSINT Industries API has been featured in Social Links latest article on the top 10 OSINT and Open Data APIs for 2024! 🌐🔍
Our OSINT Industries API empowers organisations with advanced intelligence capabilities, including:
🔎 Comprehensive OSINT data from hundreds of sources
🛡️ Real-time intelligence with 100% accuracy
🔧 Seamless integration with existing intelligence platforms
Discover how our innovative solutions enhance intelligence platforms and streamline workflows. 💡
We are thrilled to be featured alongside amazing intelligence tools such as Spokeo, Have I Been Pwned, BTC.com, Picarta, Shodan, Censys, and more…
📲 Request API Access: https://www.osint.industries/offerings/api-access
📖 Read the article: https://blog.sociallinks.io/top-10-osint-and-open-data-apis-for-2024/#oi
Tweet: https://x.com/OSINTindustries/status/1804589622153859394
Linkedin: https://www.linkedin.com/feed/update/urn:li:share:7210355418244464640/?actorCompanyId=98334708
A quick update on X / Twitter, they have just made an accounts Likes Private, which is annoying and doesn't help us much but don't worry as there are always new OSINT tools & techniques being made available to help locate other useful intelligence
Читать полностью…
How to attract the attention of passersby at the Intelligence Support Systems conference? Put a Flipper Zero box on your stand. It can even be an empty one!
#iss #realinside
📍 Big update of GEWEL (GEoint Weaknesses Enumeration List) by Dukera
What's New:
❗ New techniques
✍️ Explanations, examples and useful tools
🔥 New classification: Use of GEWEL
As part of the new classification, two use cases that were presented at OSINTOMÁTICO Conference 2024 and KazHackStan 2024 conferences have been published. The examples contain a detailed analysis of cases using the GEWEL framework:
👉 UoG-1. Geolocating in a Suburban Area
👉 UoG-2. Getting Date and Time of Creation
No password is required to access the framework 🔓
Source: Telegram, LinkedIn
#community #geoint
The archived tool allowed to uncover a part of Instagram mutual followers: https://github.com/novitae/Tenai
It exploited the service information leak in API endpoint https://i.instagram.com/api/v1/fbsearch/accounts_recs/, which, for a few weeks, was returning some new parameters (Python-like values), such as “sources”:
- [11]: accounts following and being followed by the target account (mutuals)
- [20]: your personnal suggestions influenced by your activity
- [47]: 2 accounts or more you follow are following this user
At the time of active development of the tool, there were no additional categories, but now I see a few new ones. Considering the source numbering (up to 47 suggestion sources?), we can assume that Instagram was trying to collect accounts for suggestions using many algorithms and sources, and they are likely still testing other methods, so we may find unexpected correlations in the suggestions.
#instagram #tool
OK, let’s talk about method to extract followers from a private Instagram account.
TL;DR: Analyze the “Suggested for You” accounts related to the PoI account.
This section consists of accounts from several categories:
- Followers of the PoI account
- Accounts connected to followers of the PoI account
- Accounts related to your followers/followees
- Accounts that have your phone number in their contact list (😳)
- Others maybe this group is even more interesting
I conducted a small research and found that this list can include up to 20 followers of the PoI account. The total amount of suggested accounts is usually around 70-80.
This is particularly useful when you have no information about the PoI connections: with this feature you can simply start investigating their network, while it is supposed to be hidden. 🤷♂️
The challenge is the mixing of different categories of accounts. However, by gathering multiple “Suggested for you” lists for random accounts, you can create a blacklists helping you to filter useless suggestions.
Oh yes, how can you confirm if an account is a follower of the PoI? You need just to check if they follow or are followed by the PoI account. This process is time-consuming and may not work for every account, but it does work. 👍
PRIVACY TIP: None. It’s impossible to get suggestions for certain accounts, though I’m unsure why. If you have any insights, feel free to reach out.
BONUS: How to extract a list of IG URLs after clicking "See all" in Developer Tools (see picture):
$$("._ap3a._aaco._aacw._aacx._aad7._aade").map(el => "https://www.instagram.com/"+el.innerText);
OSINT mindset speakers at KazHackStan 2024! 🔥
Our speakers are back in Kazakhstan at the largest cybersecurity conference in Central Asia — KazHackStan 2024. Here is the schedule of talks:
📍Sept. 11
OSINT Track
[11:00-11:45] Dukera — GEWEL: A structural approach to GEOINT
[11:45-12:30] Soxoj — The Art of Digital
Investigations: The SOWEL Framework
[14:00-15:00] Vitaly Perov — OSINT: Underestimated Dork requests
[15:00-15:50] Pandora — Social graphs against cybercrime
[15:50-16:35] Pritchard — Obsidian as a support in OSINT investigations
📍Sept. 12
Information Security
[12:00-13:00] Gospodin Sobaka — DeFi Exploits and Hacks: Reversing Blockchain Exploits
Main Stage
[14:00-14:40] Pandora — Not tracing alone: investigating modern cryptocurrency wallet attacks
[15:10-15:50] Katya Turing — Preventing internal data leaks
[15:50-16:30] Artyom Semenov — How to protect your MlOps pipeline and model code from fears, hatred and vulnerabilities?
📍Sept. 13
Main Stage
[15:05-15:35] Adk — RedTeam: Abusing Google to fight Google
We wish our guys a successful performance and look forward to seeing everyone! 🧡
🌐Site | 💬 Forum | 🔍 Family |▶osint_mindset">YT
OSINT: Perception, Challenges, Impact, Sources
My colleagues at Social Links have compiled fascinating insights from across the OSINT industry!
Our comprehensive survey explores how organizations implement OSINT, the value they perceive, the challenges they face, and emerging trends. This report is essential for anyone in government or corporate sectors looking to optimize their open-source intelligence strategies.
Download the full report here.
#sociallinks #osint
It's possible to show accounts' profiles for messages in channels after the last Telegram release.
A new OSINT vector! 🌚
🚀 TraceLabs Bronze Medal 🥉/ mini write-up 👇
Last weekend, I was honored to participate in the Trace Labs OSINT CTF competition alongside the amazing 𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝, UnShelledSec and Stray.
This was my first experience (much to my shame), and the cases we worked on were quite challenging. I am very pleased to have helped gather diverse clues that could shed light on the whereabouts of missing persons and assist law enforcement in tracking and supporting the families of these individuals.
⚠️ Each real case is an opportunity to use #OSINT4good and advance the industry: methods, approaches, and search tools. As you may know, discovering useful new approaches and tools for investigation is my passion, so I’m excited to share some insights about what proved useful:
1️⃣ Search by Face and Name/Alias: This feature is amazing for finding social media accounts in seconds, allowing immediate evidence collection 🔥. Thanks to Social Links for this fantastic feature in Crimewall and SL Pro!
2️⃣ Search in Leaks and Stealer Logs: An excellent toolset for confirming connections and finding additional clues, digital identifiers of missing persons, or even some evidence. Huge thanks to Constella Intelligence and Social Links for this!
3️⃣ OSINT Industries: An ABSOLUTE must-have for finding accounts of missing persons that no one else might find (possibly even the owners themselves!).
🙏 Some of my other insights, I hope, will materialize into publicly available useful tools for the community or at least a couple of additional posts about methods helping to search for missing persons.
I look forward to the next competitions with great anticipation. A big thank you to Trace Labs for organizing, to all Search Party participants, and 𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝 for inviting me. Together, we can make a big impact! 🤝
OSINTerdam #8 summary 👇
Thanks again to everyone who attended the amazing meetup last weekend! 🕵♂️
Despite the exceptionally hot weather in Amsterdam, we once again gathered a unique audience of OSINT professionals and specialists from various industries and countries! 💪
Jörn Weber showed us how to use professional tools and how he structured his investigations to make them as quick and cost-efficient as possible. He has also allowed us to share a small mindmap with you: attached to this post! The recording of the talk and additional materials will be available for participants ✅
Tactical OSINT Analyst presented a practical case on using facial recognition tools, demonstrating how to combine them, utilize AI for complex cases, and follow the principles to solve a case – insights from the multiple award winner of Trace Labs! ✌️
A part of the event comparable in importance was the amazing networking at the afterparty – thanks to the atmospheric bars of Amsterdam for that. We're passing the baton to the UK OSINT Community at the London pub this week! 👍
And, by the way, thanks to our meetup, two people met in person for the first time after four years of knowing each other. 🙀
OSINTerdam. Connecting People.
👉 Follow OSINTerdam to stay updated on the next meetup – it’s coming this fall!
#community #osinterdam
OSINTerdam #8 today! 🚀
Tactical OSINT Analyst will present a talk titled “Using AI with Facial Recognition”
He is a professional OSINT trainer, founder of Tactical Systems Academy, the brain behind some fantastic tools and research on facial recognition, and a multiple-time winner of Trace Labs CTFs.
The meetup promises to be incredibly cool! 😎
👉Join us!
#community
⚠️ I am looking for OSINT investigators interested in using SL Crimewall for their daily tasks.
🤝Just DM me!
#community #crimewall #sociallinks
Twitter Tools
View username, display name and bio history of any Twitter user.
twitter.lolarchiver.com
Partly free. Works well, but not always accurately. Use in combination with other similar tools (like UserSearch etc).
Creator twitter.com/lol_archiver
OSINTerdam #8 is coming!
Subscribe so you don't miss it! 😉
👇
- Eventbrite (main platform, email notifications)
- Meetup.com (secondary platform, email notifications)
- LinkedIn (detailed announcements and networking)
- X (Twitter), some updates
#realinside #osinterdam #community
🔥 A new tool to uncover website ownership and investigate information campaigns using various technical indicators and searching for similar content 🔍
👉 https://informationlaundromat.com/
Functionality:
🔸 Search by text snippets and get a list of websites that post the same content, through a few search engines
🔸 Compare and search similar websites by many technical indicators (using DNS, Shodan, Urlscan, metatags, links, IDs, and classes of HTML elements) to reveal hidden connections and common ownership
🔸 Use in-group match for a list of your links
🔸 Use the Domain Forensics Comparison Corpus
Learn more about the need for detecting copied content in OSINT in my SOWEL encyclopedia: https://sowel.soxoj.com/copying-content
#community #sowel
Wednesday Updates #1, our weekly newsletter is out now.
Highlights: 7 Interesting blogs, 7 awesome videos, 9 new tools, 5 job openings, one free eBook and many more.
https://osintambition.substack.com/p/wednesday-updates-1
Subscribe to the newsletter for receiving all OSINT updates directly in your inbox.
Join @osintambition for more.
✅ ISS talk -- done!
Thank you to the participants for attending and for the positive feedback! Although I cannot publish the presentation, I can share the very methodology I mentioned. It is publicly available here: https://sowel.soxoj.com
#iss #sowel #community