S3E72 | Word up: learning foreign languages for OSINT with Skip Schiphorst
Language can limit or expand your worldview. That’s important to remember in OSINT where what you’re able to find and analyze can greatly affect the intelligence you build. Skip Schiphorst, OSINT instructor at i-Intelligence, shares his expertise on why even baseline knowledge of a foreign language is important in a world flush with translation services; how foreign language content can counteract bias; and tips for verifying automated translations.
Key takeaways
- You can find a lot more online than you may think by using foreign languages — even those using non-Latin characters
- You don’t need to be a ninja with years of training to find foreign content online, or outsource everything to language experts
- Know the basics of OSINT, be critical and be patient when searching online in a foreign language
6/12/2024, 7:14:21 AM
Week in OSINT #2024-17 - sector035 - Kirbstr's CSE's
created several custom Google searches, and she decided to share them over at . Besides that, she also wrote a blog post on how to create your own Google search engine. Kirby explains how she uses Similarweb and the extension "Instant Data Scraper" to create a list of useful sites, and build a custom search engine from scratch. Since Google, and the use of it for conducting research, can be very helpful, this tutorial is great for people who haven't played with this yet.
6/2/2024, 4:18:01 PM
Week in OSINT #2024-17 - sector035 - Open Secret
A few days ago I learned about a brand new podcast that started earlier this month, and this one is by . Hosts and Jane van Tienen talk to several guest, and the first six episodes are online already! If you are looking for a new listen with some interesting people and stories, then this one is for you!
6/1/2024, 11:13:01 AM
Week in OSINT #2024-17 - sector035 - 7 Deadly Sins
published an article about what not to do when it comes to open source investigations. I have touched on the subject before in some episodes of Week in OSINT, and this list should be a must-read for anyone that is working in this field of work. They describe some of the bad practice, and explain why it is important to watch out for these rules to become a better investigator.
5/31/2024, 11:13:01 AM
Disrupting deceptive uses of AI by covert influence operations
OpenAI is committed to enforcing policies that prevent abuse and to improving transparency around AI-generated content. That is especially true with respect to detecting and disrupting covert influence operations (IO), which attempt to manipulate public opinion or influence political outcomes without revealing the true identity or intentions of the actors behind them.
In the last three months, we have disrupted five covert IO that sought to use our models in support of deceptive activity across the internet. As of May 2024, these campaigns do not appear to have meaningfully increased their audience engagement or reach as a result of our services.
This blog describes the threat actors we disrupted, attacker trends we identified, and important defensive trends - including how designing AI models with safety in mind in many cases prevented the threat actors from generating the content they desired, and how AI tools have made our own investigations more efficient. Alongside this blog, we are publishing a trend analysis that describes the behavior of these malicious actors in detail.
5/30/2024, 9:53:56 PM
Week in OSINT #2024-18 - sector035 - Non-Free Email
Some platforms make it more difficult to register when using a free email account, but with the latest blogpost of at hand, that too won't be a problem. He explains how easy it is to register a new domain, and what steps need to be taken to get your personal email up and running. And with some domain registrars offering free domain privacy protection, by acting as a 'proxy' to hide your real identity, you are ready to take on the world with some new research accounts!
5/30/2024, 4:18:01 PM
Week in OSINT #2024-17 - sector035 - Elevation
shared a cool article written by about how to view elevation lines in Google Maps. Of course there are many tools for that, but when you are browsing around in maps and want to have a quick idea how high a certain location might be, then turning on the "terrain" view, and zooming in a little bit, isn't such a bad idea! Thanks for this useful tip!
Viewing elevation lines in Google Maps
5/30/2024, 11:13:01 AM
Geolocating a Gang Leader Wanted by the FBI: An OSINT Explainer
This report shows how OSINT techniques were used to find the ‘home’ of a gang leader on FBI’s Te Most Wanted Fugitives list with a bounty of up to $2 million dollars.
5/29/2024, 4:18:01 PM
Why a Non-Technical Background Does Not Prevent You from Succeeding in Cyber Threat Intelligence
Intrusions, cyber attacks and adversarial operations are often seen as technical events best described by the deployed malware, leveraged C2 domains, connected IP addresses, hash values of files and multiple other indicators. However, these activities are not mere spontaneously occurring technical phenomena, a misconception held by many outside of Cyber Threat Intelligence (CTI) and Information Security. The Diamond Model, a fundamental framework in CTI, highlights the human element in these activities: threat actors with their motivations and objectives, and victims with their vulnerabilities and impact.
5/29/2024, 11:13:01 AM
Fast Google Dorks Scan
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
5/1/2024, 4:18:01 PM
Breach Data Infrastructure
There is a lot of discussion on the value of breach data, including the various pivot points it provides. However, there isn't too much discussion on how to create an environment where you can collect breach data and make the data easily accessible and usable for OSINT Analysts when they need the data available to parse through. Having a process for parsing breach data is essential as more and more breaches become prevalent.
My talk will discuss the following points:
1. The breach data lifecycle: Discussing what I consider to be the breach data lifecycle, based off of the intelligence lifecycle (Data breach event occurrence -> Obtaining breach data -> Processing the breach data -> Integrating the breach data -> Analysis and production of the data).
2. Considerations for building an environment for breach data: Virtualization, hardware, OS, and software considerations.
3. Indexing Data: How indexing data can be a game changer when the time comes to rely on the data.
4. Demo: Showing how a breach data environment looks like at multiple scales. Demo will be some recorded information and some live demos.
Actionable takeaways:
- Be able to build your own breach data environment
- Follow a lifecycle to expand the breach data environment over time
- Allow Analysts to quickly parse through breach data when investigation time arises
SANS Open-Source Intelligence Summit 2024
Breach Data Infrastructure
Haris Qazi, Analyst
5/1/2024, 6:08:01 AM
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
Static web pages - HTML stuffed with juicy user data - belong to the past and web 1.0. JavaScript frameworks like Facebook's React has drastically changed the digital landscape OSINT practitioners meet today. Nowadays HTML is just a mere shell - a blueprint - which remains to be populated with data, fetched when needed, i.e. when a user scrolls, clicks or navigates around. A consequence of this - and probably also legislation like the GDPR - is that still less user data is actually present when we inspect the HTML source of a given page. Finding user ids, timestamps and other necessary pieces of information becomes still more difficult with the traditional, old-school methods. The data simply seems to be gone.
This, however, is just an illusion. The data is still there. It's simply just invisible. The same structured, raw JSON data that these frameworks fetch from their servers and use to build the page on scrolls are increasingly not being stored in plain sight in the HTML. Instead it's stored as properties on the HTML nodes themselves. This talk aims to open the doors to the OSINT method necessary to extract large amounts of raw structured data from social media platforms exploiting the same techniques that giants such as Facebook, Instagram and TikTok actually uses themselves to access this data - but also hide it from the users. Using TikTok as an example the presentation will demonstrate how to locate and extract invisible data using JavaScript. How do you find the right nodes, that contain the invisible digital gold? How do you dump the data? On TikTok, on Facebook, on Instagram, on Twitter? This talk will teach you the basics you need to know to start your journey into the new reality of modern web development. Step by step we will explore a TikTok profile, dig through the HTML nodes and excavate the huge amount of awesome raw JSON data that TikTok stores invisibly behind the scenes. We'll write the few lines of JavaScript required to empty this amazing digital gold mine. Step out of the past and enter the future.
SANS Open-Source Intelligence Summit 2024
Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
Jan Lauridtsen, OSINT Investigator, SpecialCrimes Unit, Danish National Police
4/30/2024, 6:08:01 AM
Enterprise Incident Response with Velociraptor: when tempo is all
A pochi giorni dal termine del Matera DigiSec 2024, il primo evento realizzato da ONIF a Matera sui temi legati alla "Digital Forensics e alla Cybersecurity per la protezione dei dati e dei diritti", in particolare in ambito aziendale, possiamo certamente dire che sia stato un grande successo, in termini di partecipazione ma anche in termine di qualità degli argomenti trattati (lascio qui un ottimo articolo, con commenti e alcune foto della giornata).
Sono davvero grato ad ONIF per l'invito a partecipare in maniera attiva a questo evento, e per l'occasione ho deciso di illustrare un tool ancora poco conosciuto (purtroppo!) ma che invece fa parte degli strumenti di molti team di Incident Response e che forse meriterebbe maggior rilievo.
Sto parlando del tool opensource Velociraptor, sul quale ho basato il mio breve intervento, dal titolo "Enterprise Incident Response with Velociraptor: when tempo is all".
Prima di essere assalito (giustamente) dai puristi della lingua, vorrei precisare che il termine tempo, come ho spiegato meglio durante l'intervento, è stato volutamente lasciato in italiano, poichè ne ho utilizzato l'accezione musicale del termine, universalmente riconosciuta, proprio perchè ho immaginato il responsabile della Incident Response come un direttore d'orchestra il quale, utilizzando sapientemente (ed in armonia, appunto) gli "strumenti" (tools) a disposizione, possa "condurre" ad una risoluzione dell'Incidente informatico.
4/29/2024, 7:15:59 AM
Trailblazer: Piercing the Veil of Vehicle Secrets with OSINT Alchemy
In the intricate web of our digital cities, vehicles are not just modes of transport; they're anchors that can tether individuals to vast amounts of personal data. During this presentation, we will embark on an OSINT journey, starting with the ubiquitous presence of CCTV systems. These surveillance tools, while essential for public safety, can also be a gold mine for those aiming to trace a vehicle's whereabouts. Through our step-by-step process, we will demonstrate how to track and secure a clear image of a targeted vehicle.
Once we've captured this image, the true investigative work begins. We will employ different online tools to help us extract pivotal details, such as a vehicle's license plate or type of vehicle. We will then showcase how this license plate can be possibly correlated with its respective Vehicle Identification Number (VIN) using various databases. The VIN, unique to every vehicle, is more than just a serial number. Through it, we will unearth details ranging from the vehicle's history to specifics about its owner.
As we delve deeper using the VIN as our investigative compass, we'll demonstrate how to extract a wealth of personal information such as ownership records, insurance data, and much more. Our journey doesn’t stop there; leveraging obtained details, we can explore an individual's social media presence, discern patterns in their visits, and gain a glimpse into their personal life. The knowledge acquired from this level of detail can potentially be employed to craft sophisticated attacks, including highly targeted phishing schemes, underscoring the critical importance of safeguarding such information.
Thus, by the end of our investigative journey, we will illuminate the extensive reach and depth of OSINT techniques. Participants will not only gain an insight into the intricate methods and tools used in such investigations, but also acquire a profound understanding of the pivotal role vehicles play as digital anchors in today’s interconnected societies. The startling realization of the amount and depth of information that can be accessed from seemingly mundane vehicle data will serve as a wake-up call, emphasizing the urgent need for strengthened data protection measures to counter the potential misuse of personal information in our increasingly digitized world.
SANS Open-Source Intelligence Summit 2024
Trailblazer: Piercing the Veil of VehicleSecrets with OSINT Alchemy
Sagar Tiwari
Shubham Kumar, Senior InformationSecurity Analyst, Transunion LLC.
4/29/2024, 6:08:01 AM
The Impact of AI with OSINT
This presentation will explore the emerging impact of artificial intelligence, including generative AI, on open-source intelligence (OSINT) workflows. We will explore the evolution of AI as it relates to OSINT, and look at the future for how practitioners can do more with less using Gen AI techniques for tasks such as image analysis, creating your own OSINT tools, geo-spatial processing, and reporting. Analysts are more important than ever, and this talk will highlight the critical requirement for analysts to verify & validate information, whilst creating efficiencies with emerging technologies that will change how they interact with data in the future. Finally, this talk will explore bad actors & the evolution of disinformation in a deep-fake world with voice cloning, video & image generation along with tonally & grammatically accurate text-based replication.
SANS Open-Source Intelligence Summit 2024
The Impact of AI with OSINT
Chris Poulter, Founder & CEO, OSINT Combine
4/28/2024, 7:33:18 PM
AirChat, the buzzy new social app, could be great — or, it could succumb to the same fate as Clubhouse
Over the weekend, another social media platform exploded into the fray: AirChat. The app is like a combination of Twitter and Clubhouse. Instead of typing a post, you speak it. The app quickly transcribes what you say, and as your followers scroll through their feed, they’ll hear your voice alongside the transcription.
4/20/2024, 5:19:05 PM
Cartel King Kinahan's Google Reviews Expose Travel Partners
Bellingcat and the Sunday Times reported that wanted cartel boss Christopher Kinahan Sr. had exposed his movements and whereabouts by posting Google reviews for a variety of restaurants, hotels and other expensive establishments using his alias “Christopher Vincent”.
The “Dapper Don” detailed trips to Zimbabwe, South Africa, Spain, Portugal, Turkey, the Netherlands and Egypt. However, there appeared to be no reviews for trips outside of his base in the United Arab Emirates since the US Treasury announced a collective $15 million bounty for information leading to the financial disruption or arrest of Kinahan Sr and his two sons (Daniel and Christopher Jr) in April 2022.
Kinahan Sr inadvertently captured his own reflection in mirrors and windows in some images posted alongside the reviews, helping Bellingcat and The Sunday Times prove the account was his.
But that wasn’t all he appears to have unintentionally depicted in his posts.
Further analysis reveals new details about some of those Kinahan Sr travelled with, dined with and interacted with in recent years.
4/16/2024, 11:13:01 AM
Kinahan Cartel: Wanted Narco Boss Exposes Whereabouts by Posting Google Reviews
One of the world’s most wanted men, a notorious narco kingpin whose gang is implicated in multiple murders, has left a trail of Google reviews providing valuable new insights into his movements and whereabouts over the past five years.
4/16/2024, 6:08:01 AM
Identifying Daesh-Related Propaganda Using OSINT and Clustering Analysis
The development of the digital society has substantially altered the conditions under which conflicts occur. Emerging threats are characterized by their asymmetry, diversity, and constant change; rapid transmission over the network; near-immediate nature; possibility for unrestricted access; and swift ability to alter the behaviour of individuals. This paradox is an example of cognitive warfare, which employs both traditional and novel information, cyber, and psychological warfare techniques. The self-proclaimed Islamic State engages in a unique type of disruptive cyber cognitive-intelligence activity utilizing cyberspace. We now refer to the Weaponization of Media Narratives: the struggle of narratives has overtaken the relevance of traditional military and physical Jihad. Jihadist activities consist of sending threatening messages to Western nations and promoting online propaganda in order to recruit new members and instil terror in individuals. Daesh’s propaganda output is so extensive that it is practically impossible for humans to analyse it. Thus, it is crucial to establish and implement cyber defence strategies to prevent, identify, and deter jihadist Internet activity. Law Enforcement, Intelligence, and other organizations are constantly devising new tools to prevent, identify, and restrict terrorist operations over the Internet. The collection and analysis of information from a vast array of sources can give intelligence analysts with useful insights by revealing previously concealed but logically sound patterns and connections. Beginning with a review of Al-Naba’s propaganda materials, this study seeks to construct an automated model that would aid in detecting and identifying the online locations of Daesh. We looked at Al-Naba’ magazine instead of another newspaper because it has only been published in Arabic. Other magazines have been published in other languages and have been looked at in a lot of community identification and Social Network propaganda analysis studies in the past. Therefore, the purpose of our study was to discover if it is possible to employ computer assistance to evaluate Jihadist tales in order to identify any (thematic) similarities across various propaganda sources. One of the specific goals was to evaluate whether or not there are tweets with a direct connection to Al-Naba’ magazine. We wanted to make sure that the tweets were coded in a way that was consistent with the Twitter data—collected from Kaggle—we used as a training set. This was important because tweets could be put into different groups. This was done to see if the tweets were correctly put into their own groups based on information from Al-Naba’s writings. So, the number of times each group shows up depends on how often it shows up in more than 1% of the texts in each cluster.
4/15/2024, 11:13:01 AM