TopTgm
osintops-news

OSIntOps News

Locale: en
Subscribers:5.12K
Category: news
Description:
News about Intelligence & OSInt.
join us in the https://osintops.com/home
-We don't receive sponsorship, nor are we interested in getting any-
S3E72 | Word up: learning foreign languages for OSINT with Skip Schiphorst

Language can limit or expand your worldview. That’s important to remember in OSINT where what you’re able to find and analyze can greatly affect the intelligence you build. Skip Schiphorst, OSINT instructor at i-Intelligence, shares his expertise on why even baseline knowledge of a foreign language is important in a world flush with translation services; how foreign language content can counteract bias; and tips for verifying automated translations.
Key takeaways

- You can find a lot more online than you may think by using foreign languages — even those using non-Latin characters
- You don’t need to be a ninja with years of training to find foreign content online, or outsource everything to language experts
- Know the basics of OSINT, be critical and be patient when searching online in a foreign language
6/12/2024, 7:14:21 AM
Week in OSINT #2024-17 - sector035 - Kirbstr's CSE's




created several custom Google searches, and she decided to share them over at . Besides that, she also wrote a blog post on how to create your own Google search engine. Kirby explains how she uses Similarweb and the extension "Instant Data Scraper" to create a list of useful sites, and build a custom search engine from scratch. Since Google, and the use of it for conducting research, can be very helpful, this tutorial is great for people who haven't played with this yet.
6/2/2024, 4:18:01 PM
Week in OSINT #2024-17 - sector035 - Open Secret



A few days ago I learned about a brand new podcast that started earlier this month, and this one is by . Hosts and Jane van Tienen talk to several guest, and the first six episodes are online already! If you are looking for a new listen with some interesting people and stories, then this one is for you!
6/1/2024, 11:13:01 AM
Week in OSINT #2024-17 - sector035 - 7 Deadly Sins



published an article about what not to do when it comes to open source investigations. I have touched on the subject before in some episodes of Week in OSINT, and this list should be a must-read for anyone that is working in this field of work. They describe some of the bad practice, and explain why it is important to watch out for these rules to become a better investigator.
5/31/2024, 11:13:01 AM
Disrupting deceptive uses of AI by covert influence operations

OpenAI is committed to enforcing policies that prevent abuse and to improving transparency around AI-generated content. That is especially true with respect to detecting and disrupting covert influence operations (IO), which attempt to manipulate public opinion or influence political outcomes without revealing the true identity or intentions of the actors behind them.

In the last three months, we have disrupted five covert IO that sought to use our models in support of deceptive activity across the internet. As of May 2024, these campaigns do not appear to have meaningfully increased their audience engagement or reach as a result of our services.

This blog describes the threat actors we disrupted, attacker trends we identified, and important defensive trends - including how designing AI models with safety in mind in many cases prevented the threat actors from generating the content they desired, and how AI tools have made our own investigations more efficient. Alongside this blog, we are publishing a trend analysis that describes the behavior of these malicious actors in detail.
5/30/2024, 9:53:56 PM
Week in OSINT #2024-18 - sector035 - Non-Free Email



Some platforms make it more difficult to register when using a free email account, but with the latest blogpost of at hand, that too won't be a problem. He explains how easy it is to register a new domain, and what steps need to be taken to get your personal email up and running. And with some domain registrars offering free domain privacy protection, by acting as a 'proxy' to hide your real identity, you are ready to take on the world with some new research accounts!
5/30/2024, 4:18:01 PM
Week in OSINT #2024-17 - sector035 - Elevation



shared a cool article written by about how to view elevation lines in Google Maps. Of course there are many tools for that, but when you are browsing around in maps and want to have a quick idea how high a certain location might be, then turning on the "terrain" view, and zooming in a little bit, isn't such a bad idea! Thanks for this useful tip!
Viewing elevation lines in Google Maps
5/30/2024, 11:13:01 AM
Geolocating a Gang Leader Wanted by the FBI: An OSINT Explainer

This report shows how OSINT techniques were used to find the ‘home’ of a gang leader on FBI’s Te Most Wanted Fugitives list with a bounty of up to $2 million dollars.
5/29/2024, 4:18:01 PM
Why a Non-Technical Background Does Not Prevent You from Succeeding in Cyber Threat Intelligence

Intrusions, cyber attacks and adversarial operations are often seen as technical events best described by the deployed malware, leveraged C2 domains, connected IP addresses, hash values of files and multiple other indicators. However, these activities are not mere spontaneously occurring technical phenomena, a misconception held by many outside of Cyber Threat Intelligence (CTI) and Information Security. The Diamond Model, a fundamental framework in CTI, highlights the human element in these activities: threat actors with their motivations and objectives, and victims with their vulnerabilities and impact.
5/29/2024, 11:13:01 AM
Fast Google Dorks Scan

The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
5/1/2024, 4:18:01 PM
Breach Data Infrastructure

There is a lot of discussion on the value of breach data, including the various pivot points it provides. However, there isn't too much discussion on how to create an environment where you can collect breach data and make the data easily accessible and usable for OSINT Analysts when they need the data available to parse through. Having a process for parsing breach data is essential as more and more breaches become prevalent.

My talk will discuss the following points:
1. The breach data lifecycle: Discussing what I consider to be the breach data lifecycle, based off of the intelligence lifecycle (Data breach event occurrence -> Obtaining breach data -> Processing the breach data -> Integrating the breach data -> Analysis and production of the data).
2. Considerations for building an environment for breach data: Virtualization, hardware, OS, and software considerations.
3. Indexing Data: How indexing data can be a game changer when the time comes to rely on the data.
4. Demo: Showing how a breach data environment looks like at multiple scales. Demo will be some recorded information and some live demos.

Actionable takeaways:
- Be able to build your own breach data environment
- Follow a lifecycle to expand the breach data environment over time
- Allow Analysts to quickly parse through breach data when investigation time arises

SANS Open-Source Intelligence Summit 2024
Breach Data Infrastructure
Haris Qazi, Analyst
5/1/2024, 6:08:01 AM
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok

Static web pages - HTML stuffed with juicy user data - belong to the past and web 1.0. JavaScript frameworks like Facebook's React has drastically changed the digital landscape OSINT practitioners meet today. Nowadays HTML is just a mere shell - a blueprint - which remains to be populated with data, fetched when needed, i.e. when a user scrolls, clicks or navigates around. A consequence of this - and probably also legislation like the GDPR - is that still less user data is actually present when we inspect the HTML source of a given page. Finding user ids, timestamps and other necessary pieces of information becomes still more difficult with the traditional, old-school methods. The data simply seems to be gone.

This, however, is just an illusion. The data is still there. It's simply just invisible. The same structured, raw JSON data that these frameworks fetch from their servers and use to build the page on scrolls are increasingly not being stored in plain sight in the HTML. Instead it's stored as properties on the HTML nodes themselves. This talk aims to open the doors to the OSINT method necessary to extract large amounts of raw structured data from social media platforms exploiting the same techniques that giants such as Facebook, Instagram and TikTok actually uses themselves to access this data - but also hide it from the users. Using TikTok as an example the presentation will demonstrate how to locate and extract invisible data using JavaScript. How do you find the right nodes, that contain the invisible digital gold? How do you dump the data? On TikTok, on Facebook, on Instagram, on Twitter? This talk will teach you the basics you need to know to start your journey into the new reality of modern web development. Step by step we will explore a TikTok profile, dig through the HTML nodes and excavate the huge amount of awesome raw JSON data that TikTok stores invisibly behind the scenes. We'll write the few lines of JavaScript required to empty this amazing digital gold mine. Step out of the past and enter the future.

SANS Open-Source Intelligence Summit 2024
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
Jan Lauridtsen, OSINT Investigator, SpecialCrimes Unit, Danish National Police
4/30/2024, 6:08:01 AM
Enterprise Incident Response with Velociraptor: when tempo is all


A pochi giorni dal termine del Matera DigiSec 2024, il primo evento realizzato da ONIF a Matera sui temi legati alla "Digital Forensics e alla Cybersecurity per la protezione dei dati e dei diritti", in particolare in ambito aziendale, possiamo certamente dire che sia stato un grande successo, in termini di partecipazione ma anche in termine di qualità degli argomenti trattati (lascio qui un ottimo articolo, con commenti e alcune foto della giornata).

Sono davvero grato ad ONIF per l'invito a partecipare in maniera attiva a questo evento, e per l'occasione ho deciso di illustrare un tool ancora poco conosciuto (purtroppo!) ma che invece fa parte degli strumenti di molti team di Incident Response e che forse meriterebbe maggior rilievo.

Sto parlando del tool opensource Velociraptor, sul quale ho basato il mio breve intervento, dal titolo "Enterprise Incident Response with Velociraptor: when tempo is all".
Prima di essere assalito (giustamente) dai puristi della lingua, vorrei precisare che il termine tempo, come ho spiegato meglio durante l'intervento, è stato volutamente lasciato in italiano, poichè ne ho utilizzato l'accezione musicale del termine, universalmente riconosciuta, proprio perchè ho immaginato il responsabile della Incident Response come un direttore d'orchestra il quale, utilizzando sapientemente (ed in armonia, appunto) gli "strumenti" (tools) a disposizione, possa "condurre" ad una risoluzione dell'Incidente informatico.
4/29/2024, 7:15:59 AM
Trailblazer: Piercing the Veil of Vehicle Secrets with OSINT Alchemy

In the intricate web of our digital cities, vehicles are not just modes of transport; they're anchors that can tether individuals to vast amounts of personal data. During this presentation, we will embark on an OSINT journey, starting with the ubiquitous presence of CCTV systems. These surveillance tools, while essential for public safety, can also be a gold mine for those aiming to trace a vehicle's whereabouts. Through our step-by-step process, we will demonstrate how to track and secure a clear image of a targeted vehicle.

Once we've captured this image, the true investigative work begins. We will employ different online tools to help us extract pivotal details, such as a vehicle's license plate or type of vehicle. We will then showcase how this license plate can be possibly correlated with its respective Vehicle Identification Number (VIN) using various databases. The VIN, unique to every vehicle, is more than just a serial number. Through it, we will unearth details ranging from the vehicle's history to specifics about its owner.

As we delve deeper using the VIN as our investigative compass, we'll demonstrate how to extract a wealth of personal information such as ownership records, insurance data, and much more. Our journey doesn’t stop there; leveraging obtained details, we can explore an individual's social media presence, discern patterns in their visits, and gain a glimpse into their personal life. The knowledge acquired from this level of detail can potentially be employed to craft sophisticated attacks, including highly targeted phishing schemes, underscoring the critical importance of safeguarding such information.

Thus, by the end of our investigative journey, we will illuminate the extensive reach and depth of OSINT techniques. Participants will not only gain an insight into the intricate methods and tools used in such investigations, but also acquire a profound understanding of the pivotal role vehicles play as digital anchors in today’s interconnected societies. The startling realization of the amount and depth of information that can be accessed from seemingly mundane vehicle data will serve as a wake-up call, emphasizing the urgent need for strengthened data protection measures to counter the potential misuse of personal information in our increasingly digitized world.

SANS Open-Source Intelligence Summit 2024
Trailblazer: Piercing the Veil of VehicleSecrets with OSINT Alchemy
Sagar Tiwari
Shubham Kumar, Senior InformationSecurity Analyst, Transunion LLC.
4/29/2024, 6:08:01 AM
The Impact of AI with OSINT


This presentation will explore the emerging impact of artificial intelligence, including generative AI, on open-source intelligence (OSINT) workflows. We will explore the evolution of AI as it relates to OSINT, and look at the future for how practitioners can do more with less using Gen AI techniques for tasks such as image analysis, creating your own OSINT tools, geo-spatial processing, and reporting. Analysts are more important than ever, and this talk will highlight the critical requirement for analysts to verify & validate information, whilst creating efficiencies with emerging technologies that will change how they interact with data in the future. Finally, this talk will explore bad actors & the evolution of disinformation in a deep-fake world with voice cloning, video & image generation along with tonally & grammatically accurate text-based replication.

SANS Open-Source Intelligence Summit 2024
The Impact of AI with OSINT
Chris Poulter, Founder & CEO, OSINT Combine
4/28/2024, 7:33:18 PM
AirChat, the buzzy new social app, could be great — or, it could succumb to the same fate as Clubhouse

Over the weekend, another social media platform exploded into the fray: AirChat. The app is like a combination of Twitter and Clubhouse. Instead of typing a post, you speak it. The app quickly transcribes what you say, and as your followers scroll through their feed, they’ll hear your voice alongside the transcription.
4/20/2024, 5:19:05 PM
Cartel King Kinahan's Google Reviews Expose Travel Partners

Bellingcat and the Sunday Times reported that wanted cartel boss Christopher Kinahan Sr. had exposed his movements and whereabouts by posting Google reviews for a variety of restaurants, hotels and other expensive establishments using his alias “Christopher Vincent”.

The “Dapper Don” detailed trips to Zimbabwe, South Africa, Spain, Portugal, Turkey, the Netherlands and Egypt. However, there appeared to be no reviews for trips outside of his base in the United Arab Emirates since the US Treasury announced a collective $15 million bounty for information leading to the financial disruption or arrest of Kinahan Sr and his two sons (Daniel and Christopher Jr) in April 2022.

Kinahan Sr inadvertently captured his own reflection in mirrors and windows in some images posted alongside the reviews, helping Bellingcat and The Sunday Times prove the account was his.

But that wasn’t all he appears to have unintentionally depicted in his posts.

Further analysis reveals new details about some of those Kinahan Sr travelled with, dined with and interacted with in recent years.
4/16/2024, 11:13:01 AM
Kinahan Cartel: Wanted Narco Boss Exposes Whereabouts by Posting Google Reviews

One of the world’s most wanted men, a notorious narco kingpin whose gang is implicated in multiple murders, has left a trail of Google reviews providing valuable new insights into his movements and whereabouts over the past five years.
4/16/2024, 6:08:01 AM
Identifying Daesh-Related Propaganda Using OSINT and Clustering Analysis

The development of the digital society has substantially altered the conditions under which conflicts occur. Emerging threats are characterized by their asymmetry, diversity, and constant change; rapid transmission over the network; near-immediate nature; possibility for unrestricted access; and swift ability to alter the behaviour of individuals. This paradox is an example of cognitive warfare, which employs both traditional and novel information, cyber, and psychological warfare techniques. The self-proclaimed Islamic State engages in a unique type of disruptive cyber cognitive-intelligence activity utilizing cyberspace. We now refer to the Weaponization of Media Narratives: the struggle of narratives has overtaken the relevance of traditional military and physical Jihad. Jihadist activities consist of sending threatening messages to Western nations and promoting online propaganda in order to recruit new members and instil terror in individuals. Daesh’s propaganda output is so extensive that it is practically impossible for humans to analyse it. Thus, it is crucial to establish and implement cyber defence strategies to prevent, identify, and deter jihadist Internet activity. Law Enforcement, Intelligence, and other organizations are constantly devising new tools to prevent, identify, and restrict terrorist operations over the Internet. The collection and analysis of information from a vast array of sources can give intelligence analysts with useful insights by revealing previously concealed but logically sound patterns and connections. Beginning with a review of Al-Naba’s propaganda materials, this study seeks to construct an automated model that would aid in detecting and identifying the online locations of Daesh. We looked at Al-Naba’ magazine instead of another newspaper because it has only been published in Arabic. Other magazines have been published in other languages and have been looked at in a lot of community identification and Social Network propaganda analysis studies in the past. Therefore, the purpose of our study was to discover if it is possible to employ computer assistance to evaluate Jihadist tales in order to identify any (thematic) similarities across various propaganda sources. One of the specific goals was to evaluate whether or not there are tweets with a direct connection to Al-Naba’ magazine. We wanted to make sure that the tweets were coded in a way that was consistent with the Twitter data—collected from Kaggle—we used as a training set. This was important because tweets could be put into different groups. This was done to see if the tweets were correctly put into their own groups based on information from Al-Naba’s writings. So, the number of times each group shows up depends on how often it shows up in more than 1% of the texts in each cluster.
4/15/2024, 11:13:01 AM

Related Groups

Tech Tuber Rana
Tech Tuber Rana
technology317

welcome to Tech Tuber Rana!? Notcoin now has its own smart contract! Everything is ready, we are just waiting for the official launch...Notcoin utilizes a standard TON jetton smart contract (view on GitHub) (https://github.com/OpenBuilders/notcoin-contract) with some special features:• The jetton administrator can modify the code of the jetton-minter and its full data. This means that Sasha can change the code at any moment: if he wants, he can ban you, if he wants, he can take away coins, if he wants, he can create new coins.Admin Id @jm_nobita

Ashish Technical Services | OFFICIAL ?️ ?️
Ashish Technical Services | OFFICIAL ?️ ?️
technology3.79K

Pixel OS 14.0 Official For Mi 11X & POCO F3 | Android 14 QPR2 | Refreshed Feature | Security UpdatePOCO F1 - Project Elixir 4.2 Official - Android 14 QPR2 - Redesign Settings & New FeaturesHyper OS 1.0.1.0 Update For Redmi Note 5 Pro | Android 13 | Depth Wallpaper | Full Detailed ReviewMIUI SR 13 War Edition For Redmi Note 5 Pro | Android 12 | Bugs & Features | Full Detailed ReviewPOCO F1 - Pixel Experience Plus (EOL) Update - Android 13 - New Changes & April Security PatchHyperArt 1.0.5.0 V2 Port For Mi 11X & POCO F3 | Android 14 | Smoothness | Full Detailed ReviewCrDroid 10.4 For Redmi Note 4 | Android 14 QPR2 | New Features & Security UpdateUpdates & NewsChannel :- @Ashishts007

AppleSwap AI | Global Group
AppleSwap AI | Global Group
technology53.78K

Appleswap AI - The all in one AI Technology Platform for all your cryptocurrency needs!?Channel:@AppleSwapAI_Announcement?Email: [email protected]? Dear Appleswap community,? Appleswap team would like to announce that we're working tirelessly with the Athene team to bring you the much-awaited Athene Mainnet and Athene Bridge, set to launch in Q2 2024! ?But that's not all! ? $AP is expected to be listed on major exchanges in Q2 2024! Stay tuned for more updates as we embark on this incredible journey together! ?Buy AP tokens on:? Appleswap ? DEX Screener? PancakeSwap Stake on Appleswap ?app.appleswap.ai/stake Stay tuned for more updates!

METABLAZE - OFFICIAL COMMUNITY
METABLAZE - OFFICIAL COMMUNITY
technology5.97K

We transform Blockchain and AI technology into immersive entertainment experiences through gaming, storytelling & digital assets. MetaBlaze is where the story becomes the ecosystem.Dear MetaBlazers,It's with a heavy heart to announce that MetaBlaze failed to reach it's fundraising goal by a long shot. This means that MetaBlaze is financially incapable of proceeding to third-party launchpad sales and token launch.All community members who made purchases between February 14th to February 28th, 2024, have been fully refunded. Confirmation emails are on their way.The team is acutely aware of the disappointment and frustration resonating throughout the community. We're heartbroken to have reached this point and share in the colossal disappointment; we feel the utmost sorrow for letting our community down. Most team members can no longer continue working without compensation and must seek new job opportunities. Without them, daily operations are no longer feasible.MetaBlaze's present failure is not necessarily permanent and a couple team members will continue pursuing other viable options, such as possibly passing the torch to an entirely new team or securing funding through other means. We are actively and pursuing these potential opportunities.We acknowledge the damage to the current team's reputation and credibility. Nevertheless, we remain optimistic about MetaBlaze's prospects and are confident that placing the company in the hands of a new team could revitalize both the organization and its community. In the event of such a transition, several team members are dedicated to providing support to facilitate the new team's integration.Any concrete updates regarding these developments will be shared in the group once they are fully confirmed and official.While we thank you for the support, we are very sorry for letting you down. Remain hopeful, all hope is not lost

Wallet News Chat
Wallet News Chat
news54.47K

Beware of scammers! Wallet Team will never write you first! Never go to suspicious links.Official chat of @wallet_supportbot⚠️Beware of scammers! Wallet Support will never DM you first. Block and report anyone who impersonates themselves as a member of the Wallet Support⚠️? Official Wallet Support can be contacted only here: https://t.me/wallet_supportbotPlease note, that our Support team is handling a high volume of requests, which may affect average response times and make them a bit longer. Rest assured, they will respond to everyone, but it's important to know how to effectively communicate with Support:1. Send 1-2 concise messages.2. Be polite and provide detailed explanations of your issue ?3. Include screenshots if available.4. Use translation services if English is not your primary language.5. Avoid spamming with multiple messages every 5 minutes ?Following these recommendations will significantly reduce your waiting time and help Support better understand your issue, thus providing you with the necessary assistance

News | SimpleSwap
News | SimpleSwap
technology317

Official chat of SimpleSwap.io Telegram channel @SimpleSwapAnother piece of content from the Web3 Family Conference is a big video  where we discuss cryptocurrency market predictions with the drivers of industry! Crypto experts from Lido Dao, Cosmos SDK, Decentraland, Chainlink, Outlier Ventures shared their vision on the future of the market ⬇️

This website is not affiliated with Telegram. Visual content shown here might be copyrighted by rightful owners. No infringement intended.
DISCLAIMER: Infos without tag OFFICIAL posted on website are public, and wo are not responsible for the content on their media. Join or subscribe the info there maybe some risk with you. If you have any issueContact UsPlease!