OSIntOps News
join us in the https://osintops.com/home
-We don't receive sponsorship, nor are we interested in getting any-
join us in the https://osintops.com/home
-We don't receive sponsorship, nor are we interested in getting any-
Language can limit or expand your worldview. That’s important to remember in OSINT where what you’re able to find and analyze can greatly affect the intelligence you build. Skip Schiphorst, OSINT instructor at i-Intelligence, shares his expertise on why even baseline knowledge of a foreign language is important in a world flush with translation services; how foreign language content can counteract bias; and tips for verifying automated translations.
Key takeaways
- You can find a lot more online than you may think by using foreign languages — even those using non-Latin characters
- You don’t need to be a ninja with years of training to find foreign content online, or outsource everything to language experts
- Know the basics of OSINT, be critical and be patient when searching online in a foreign language
created several custom Google searches, and she decided to share them over at . Besides that, she also wrote a blog post on how to create your own Google search engine. Kirby explains how she uses Similarweb and the extension "Instant Data Scraper" to create a list of useful sites, and build a custom search engine from scratch. Since Google, and the use of it for conducting research, can be very helpful, this tutorial is great for people who haven't played with this yet.
A few days ago I learned about a brand new podcast that started earlier this month, and this one is by . Hosts and Jane van Tienen talk to several guest, and the first six episodes are online already! If you are looking for a new listen with some interesting people and stories, then this one is for you!
published an article about what not to do when it comes to open source investigations. I have touched on the subject before in some episodes of Week in OSINT, and this list should be a must-read for anyone that is working in this field of work. They describe some of the bad practice, and explain why it is important to watch out for these rules to become a better investigator.
OpenAI is committed to enforcing policies that prevent abuse and to improving transparency around AI-generated content. That is especially true with respect to detecting and disrupting covert influence operations (IO), which attempt to manipulate public opinion or influence political outcomes without revealing the true identity or intentions of the actors behind them.
In the last three months, we have disrupted five covert IO that sought to use our models in support of deceptive activity across the internet. As of May 2024, these campaigns do not appear to have meaningfully increased their audience engagement or reach as a result of our services.
This blog describes the threat actors we disrupted, attacker trends we identified, and important defensive trends - including how designing AI models with safety in mind in many cases prevented the threat actors from generating the content they desired, and how AI tools have made our own investigations more efficient. Alongside this blog, we are publishing a trend analysis that describes the behavior of these malicious actors in detail.
Some platforms make it more difficult to register when using a free email account, but with the latest blogpost of at hand, that too won't be a problem. He explains how easy it is to register a new domain, and what steps need to be taken to get your personal email up and running. And with some domain registrars offering free domain privacy protection, by acting as a 'proxy' to hide your real identity, you are ready to take on the world with some new research accounts!
shared a cool article written by about how to view elevation lines in Google Maps. Of course there are many tools for that, but when you are browsing around in maps and want to have a quick idea how high a certain location might be, then turning on the "terrain" view, and zooming in a little bit, isn't such a bad idea! Thanks for this useful tip!
Viewing elevation lines in Google Maps
This report shows how OSINT techniques were used to find the ‘home’ of a gang leader on FBI’s Te Most Wanted Fugitives list with a bounty of up to $2 million dollars.
Intrusions, cyber attacks and adversarial operations are often seen as technical events best described by the deployed malware, leveraged C2 domains, connected IP addresses, hash values of files and multiple other indicators. However, these activities are not mere spontaneously occurring technical phenomena, a misconception held by many outside of Cyber Threat Intelligence (CTI) and Information Security. The Diamond Model, a fundamental framework in CTI, highlights the human element in these activities: threat actors with their motivations and objectives, and victims with their vulnerabilities and impact.
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
There is a lot of discussion on the value of breach data, including the various pivot points it provides. However, there isn't too much discussion on how to create an environment where you can collect breach data and make the data easily accessible and usable for OSINT Analysts when they need the data available to parse through. Having a process for parsing breach data is essential as more and more breaches become prevalent.
My talk will discuss the following points:
1. The breach data lifecycle: Discussing what I consider to be the breach data lifecycle, based off of the intelligence lifecycle (Data breach event occurrence -> Obtaining breach data -> Processing the breach data -> Integrating the breach data -> Analysis and production of the data).
2. Considerations for building an environment for breach data: Virtualization, hardware, OS, and software considerations.
3. Indexing Data: How indexing data can be a game changer when the time comes to rely on the data.
4. Demo: Showing how a breach data environment looks like at multiple scales. Demo will be some recorded information and some live demos.
Actionable takeaways:
- Be able to build your own breach data environment
- Follow a lifecycle to expand the breach data environment over time
- Allow Analysts to quickly parse through breach data when investigation time arises
SANS Open-Source Intelligence Summit 2024
Breach Data Infrastructure
Haris Qazi, Analyst
Static web pages - HTML stuffed with juicy user data - belong to the past and web 1.0. JavaScript frameworks like Facebook's React has drastically changed the digital landscape OSINT practitioners meet today. Nowadays HTML is just a mere shell - a blueprint - which remains to be populated with data, fetched when needed, i.e. when a user scrolls, clicks or navigates around. A consequence of this - and probably also legislation like the GDPR - is that still less user data is actually present when we inspect the HTML source of a given page. Finding user ids, timestamps and other necessary pieces of information becomes still more difficult with the traditional, old-school methods. The data simply seems to be gone.
This, however, is just an illusion. The data is still there. It's simply just invisible. The same structured, raw JSON data that these frameworks fetch from their servers and use to build the page on scrolls are increasingly not being stored in plain sight in the HTML. Instead it's stored as properties on the HTML nodes themselves. This talk aims to open the doors to the OSINT method necessary to extract large amounts of raw structured data from social media platforms exploiting the same techniques that giants such as Facebook, Instagram and TikTok actually uses themselves to access this data - but also hide it from the users. Using TikTok as an example the presentation will demonstrate how to locate and extract invisible data using JavaScript. How do you find the right nodes, that contain the invisible digital gold? How do you dump the data? On TikTok, on Facebook, on Instagram, on Twitter? This talk will teach you the basics you need to know to start your journey into the new reality of modern web development. Step by step we will explore a TikTok profile, dig through the HTML nodes and excavate the huge amount of awesome raw JSON data that TikTok stores invisibly behind the scenes. We'll write the few lines of JavaScript required to empty this amazing digital gold mine. Step out of the past and enter the future.
SANS Open-Source Intelligence Summit 2024
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
Jan Lauridtsen, OSINT Investigator, SpecialCrimes Unit, Danish National Police
A pochi giorni dal termine del Matera DigiSec 2024, il primo evento realizzato da ONIF a Matera sui temi legati alla "Digital Forensics e alla Cybersecurity per la protezione dei dati e dei diritti", in particolare in ambito aziendale, possiamo certamente dire che sia stato un grande successo, in termini di partecipazione ma anche in termine di qualità degli argomenti trattati (lascio qui un ottimo articolo, con commenti e alcune foto della giornata).
Sono davvero grato ad ONIF per l'invito a partecipare in maniera attiva a questo evento, e per l'occasione ho deciso di illustrare un tool ancora poco conosciuto (purtroppo!) ma che invece fa parte degli strumenti di molti team di Incident Response e che forse meriterebbe maggior rilievo.
Sto parlando del tool opensource Velociraptor, sul quale ho basato il mio breve intervento, dal titolo "Enterprise Incident Response with Velociraptor: when tempo is all".
Prima di essere assalito (giustamente) dai puristi della lingua, vorrei precisare che il termine tempo, come ho spiegato meglio durante l'intervento, è stato volutamente lasciato in italiano, poichè ne ho utilizzato l'accezione musicale del termine, universalmente riconosciuta, proprio perchè ho immaginato il responsabile della Incident Response come un direttore d'orchestra il quale, utilizzando sapientemente (ed in armonia, appunto) gli "strumenti" (tools) a disposizione, possa "condurre" ad una risoluzione dell'Incidente informatico.
In the intricate web of our digital cities, vehicles are not just modes of transport; they're anchors that can tether individuals to vast amounts of personal data. During this presentation, we will embark on an OSINT journey, starting with the ubiquitous presence of CCTV systems. These surveillance tools, while essential for public safety, can also be a gold mine for those aiming to trace a vehicle's whereabouts. Through our step-by-step process, we will demonstrate how to track and secure a clear image of a targeted vehicle.
Once we've captured this image, the true investigative work begins. We will employ different online tools to help us extract pivotal details, such as a vehicle's license plate or type of vehicle. We will then showcase how this license plate can be possibly correlated with its respective Vehicle Identification Number (VIN) using various databases. The VIN, unique to every vehicle, is more than just a serial number. Through it, we will unearth details ranging from the vehicle's history to specifics about its owner.
As we delve deeper using the VIN as our investigative compass, we'll demonstrate how to extract a wealth of personal information such as ownership records, insurance data, and much more. Our journey doesn’t stop there; leveraging obtained details, we can explore an individual's social media presence, discern patterns in their visits, and gain a glimpse into their personal life. The knowledge acquired from this level of detail can potentially be employed to craft sophisticated attacks, including highly targeted phishing schemes, underscoring the critical importance of safeguarding such information.
Thus, by the end of our investigative journey, we will illuminate the extensive reach and depth of OSINT techniques. Participants will not only gain an insight into the intricate methods and tools used in such investigations, but also acquire a profound understanding of the pivotal role vehicles play as digital anchors in today’s interconnected societies. The startling realization of the amount and depth of information that can be accessed from seemingly mundane vehicle data will serve as a wake-up call, emphasizing the urgent need for strengthened data protection measures to counter the potential misuse of personal information in our increasingly digitized world.
SANS Open-Source Intelligence Summit 2024
Trailblazer: Piercing the Veil of VehicleSecrets with OSINT Alchemy
Sagar Tiwari
Shubham Kumar, Senior InformationSecurity Analyst, Transunion LLC.
This presentation will explore the emerging impact of artificial intelligence, including generative AI, on open-source intelligence (OSINT) workflows. We will explore the evolution of AI as it relates to OSINT, and look at the future for how practitioners can do more with less using Gen AI techniques for tasks such as image analysis, creating your own OSINT tools, geo-spatial processing, and reporting. Analysts are more important than ever, and this talk will highlight the critical requirement for analysts to verify & validate information, whilst creating efficiencies with emerging technologies that will change how they interact with data in the future. Finally, this talk will explore bad actors & the evolution of disinformation in a deep-fake world with voice cloning, video & image generation along with tonally & grammatically accurate text-based replication.
SANS Open-Source Intelligence Summit 2024
The Impact of AI with OSINT
Chris Poulter, Founder & CEO, OSINT Combine
Over the weekend, another social media platform exploded into the fray: AirChat. The app is like a combination of Twitter and Clubhouse. Instead of typing a post, you speak it. The app quickly transcribes what you say, and as your followers scroll through their feed, they’ll hear your voice alongside the transcription.
Bellingcat and the Sunday Times reported that wanted cartel boss Christopher Kinahan Sr. had exposed his movements and whereabouts by posting Google reviews for a variety of restaurants, hotels and other expensive establishments using his alias “Christopher Vincent”.
The “Dapper Don” detailed trips to Zimbabwe, South Africa, Spain, Portugal, Turkey, the Netherlands and Egypt. However, there appeared to be no reviews for trips outside of his base in the United Arab Emirates since the US Treasury announced a collective $15 million bounty for information leading to the financial disruption or arrest of Kinahan Sr and his two sons (Daniel and Christopher Jr) in April 2022.
Kinahan Sr inadvertently captured his own reflection in mirrors and windows in some images posted alongside the reviews, helping Bellingcat and The Sunday Times prove the account was his.
But that wasn’t all he appears to have unintentionally depicted in his posts.
Further analysis reveals new details about some of those Kinahan Sr travelled with, dined with and interacted with in recent years.
One of the world’s most wanted men, a notorious narco kingpin whose gang is implicated in multiple murders, has left a trail of Google reviews providing valuable new insights into his movements and whereabouts over the past five years.
The development of the digital society has substantially altered the conditions under which conflicts occur. Emerging threats are characterized by their asymmetry, diversity, and constant change; rapid transmission over the network; near-immediate nature; possibility for unrestricted access; and swift ability to alter the behaviour of individuals. This paradox is an example of cognitive warfare, which employs both traditional and novel information, cyber, and psychological warfare techniques. The self-proclaimed Islamic State engages in a unique type of disruptive cyber cognitive-intelligence activity utilizing cyberspace. We now refer to the Weaponization of Media Narratives: the struggle of narratives has overtaken the relevance of traditional military and physical Jihad. Jihadist activities consist of sending threatening messages to Western nations and promoting online propaganda in order to recruit new members and instil terror in individuals. Daesh’s propaganda output is so extensive that it is practically impossible for humans to analyse it. Thus, it is crucial to establish and implement cyber defence strategies to prevent, identify, and deter jihadist Internet activity. Law Enforcement, Intelligence, and other organizations are constantly devising new tools to prevent, identify, and restrict terrorist operations over the Internet. The collection and analysis of information from a vast array of sources can give intelligence analysts with useful insights by revealing previously concealed but logically sound patterns and connections. Beginning with a review of Al-Naba’s propaganda materials, this study seeks to construct an automated model that would aid in detecting and identifying the online locations of Daesh. We looked at Al-Naba’ magazine instead of another newspaper because it has only been published in Arabic. Other magazines have been published in other languages and have been looked at in a lot of community identification and Social Network propaganda analysis studies in the past. Therefore, the purpose of our study was to discover if it is possible to employ computer assistance to evaluate Jihadist tales in order to identify any (thematic) similarities across various propaganda sources. One of the specific goals was to evaluate whether or not there are tweets with a direct connection to Al-Naba’ magazine. We wanted to make sure that the tweets were coded in a way that was consistent with the Twitter data—collected from Kaggle—we used as a training set. This was important because tweets could be put into different groups. This was done to see if the tweets were correctly put into their own groups based on information from Al-Naba’s writings. So, the number of times each group shows up depends on how often it shows up in more than 1% of the texts in each cluster.
Related Groups
For Web3
Your one-stop shop for Web3 News, Events, Projects & People! ✨ Get daily news digest straight to your inbox!✨ No need to keep up with events & meetups; find them delivered to you!✨ Find a highly motivated & like-minded community!? forwebthree.comGm Frens ✨Welcome to the For Web3 Community!As the name suggests we are here for web3; to create more awareness, onboard more people, and help people stay up-to-date with web3!For Web 3 Media house is a news & media platform intending to showcase India as a leader in revolutionizing the next age of the Internet aka Web 3! We publish news, cover events, feature projects & showcase the next gen of buidlers!Why FW3 Community?✨ Get Daily News Digest straight to your inbox!✨ Learn about new Projects & Buidlers in detail every week! ✨ No need to keep up with events & meetups, be it Indian or International; find them delivered to you!✨ Learn about Web3 & Blockchain in a simple, concise, jargon-free way!✨ Web3 is boring without people; find a highly motivated & like-minded community!So, strap your seatbelts & get ready because we are just getting started!WAGMI ?
Wallet News Chat
Beware of scammers! Wallet Team will never write you first! Never go to suspicious links.Official chat of @wallet_supportbot⚠️Beware of scammers! Wallet Support will never DM you first. Block and report anyone who impersonates themselves as a member of the Wallet Support⚠️? Official Wallet Support can be contacted only here: https://t.me/wallet_supportbotPlease note, that our Support team is handling a high volume of requests, which may affect average response times and make them a bit longer. Rest assured, they will respond to everyone, but it's important to know how to effectively communicate with Support:1. Send 1-2 concise messages.2. Be polite and provide detailed explanations of your issue ?3. Include screenshots if available.4. Use translation services if English is not your primary language.5. Avoid spamming with multiple messages every 5 minutes ?Following these recommendations will significantly reduce your waiting time and help Support better understand your issue, thus providing you with the necessary assistance
Memeinator | Official Telegram
Forged from the depths of meme culture: a fusion of advanced technology, cutting-edgeAI mastery & a cold ruthless meme-targeting system - the Memeinator has emerged asthe game-changer and leader of the resistance.WITHIN THE EXPANSE OF THE DIGITAL REALM, WHERE MEMES PROLIFERATE, A BRAVE CHAMPION ARISES WITH A GRAND OBJECTIVE: TO REVOLUTIONIZE OUR VIRTUAL LANDSCAPE. ?✨WELCOME THE MEMEINATOR - SENTINEL OF UNFILTERED HUMOR, UNDERTAKING A NOBLE QUEST TO ELIMINATE MEDIOCRITY'S GRIP. ?? DETERMINED TO REVOLUTIONIZE YOUR MEME GAME? ?INTRODUCING MEMESCANNER: YOUR MEME MASTER! ?OBLITERATE LOW-QUALITY MEMES WITH PRECISION TECH! ?
Deepcoin English
❤️Welcome to Deepcoin official English group.all others are fake!⚠️Anyone who DM you to help solve your problem is a scammer! Channel - @deepcoin_channel【Initial Perpetual Listing】BounceBit (BB) Coming Soon, Stay Tuned!??What Is BounceBit (BB)?BounceBit is the first-ever native BTC Restaking chain. The BounceBit network is secured by staking both Bitcoin and BounceBit tokens. BounceBit's PoS mechanism introduces a unique dual-token staking system by leveraging native BTC security with full EVM compatibility.In a groundbreaking move, BounceBit introduces the mixed DeFi and CeFi yield mechanism, allowing BTC holders to earn yields through native validator staking, DeFi ecosystem, and a CeFi mirroring mechanism powered by Ceffu and Mainnet Digital.
GPTVerse
GPTVerse, AI Hub and multi-platform gateway to a next-level DAPP experience. Powered by cutting-edge AI technology, we aim to develop AI tools that transform the way users engage, learn, generate revenue, and transact within a virtual ecosytem? We're thrilled to announce a game-changing partnership with OneAM Capital! ? Their investment in GPTVerse marks an exciting new chapter in our journey towards revolutionizing the AI and blockchain landscape. With OneAM Capital by our side, we're poised to reach new heights of innovation and impact. ? Stay tuned for more updates! Exciting News! ?? We're thrilled to announce that GPTVerse will be listed on MEXC Exchange on April 30th at 11:00 UTC! ? Get ready for a new chapter of growth and opportunity as we expand our reach to the MEXC community. Stay tuned for more updates!
ritestream ▶️
Join us for an insightful AMA session with Skillful AI, the cutting-edge platform revolutionizing the AI landscape. Learn directly with the minds behind Skillful AI and discover the future of advanced virtual assistants and tailor-made AI solutions.Prepare your questions, ideas, and curiosity as we delve into the limitless possibilities of AI-powered solutions.? Announcementst.me/ritestreamchannelHere's What You Need to Know from the AMA with the Skillful AI TeamHere are the key takeaways from our insightful session:? Introducing Skillful AI: The team, led by Emanuel Hernandez (CTO), Zoltan Prokai (CEO), and J.Daniel Urena (CMO), shared their backgrounds and passion for revolutionizing the AI landscape.? Skillful AI's Vision: Skillful AI aims to create a complete ecosystem of AI, empowering users to capture real-world skills and monetize them through customized virtual assistants.? The Role of Skillful AI Token $SKAI: $SKAI token holders will have early access to the platform, voting rights on data usage for training models, staking rewards, and a percentage of platform revenue from B2B deals.? Skillful AI on Sizzle Reel: We pulled back the curtain on Skillful AI at our AMA session. Check out the first look at early footage showcasing the power and potential of their AI platform.? Product Development Progress: Skillful AI already has an alpha product being tested by select users, with plans to launch the full ecosystem by Q4 2024.? Investor and Community Support: Skillful AI has received overwhelming support from investors, including VCs, strategic partners, and the community, with plans for a community sale to empower more individuals.Want to learn more? Watch the full AMA!