OSIntOps.com News
1.71K subscribers
138 photos
35 files
2.29K links
News about Intelligence & OSInt.
join us in the OsintOps.com Groups
OsintOps - IT: https://t.me/OsintOps_IT
OsintOps - EN: https://t.me/OSIntOps_EN
Please visit our blog for more news and further insights!
Download Telegram
to view and join the conversation
Week in OSINT #2021-37 - Weirdest IoT device?

Ever wondered what a candle, sunglasses and toilet paper might have in common? Twitter user @Coleens_IS asked the question: "What's the most ridiculous IOT device you can find?" and the answers she received are hilarious! And if you're scrolling through the list and are wondering about the 'anus scanner'? Well, it's probably this weird device.

Do go over the thread if you're into IoT, security, or just need a good laugh at the start of your week!
Week in OSINT #2021-40 - Hunchly and Maltego

Talking about Maltego, did you know that Hunchly has some Maltego transforms that enables you to import a Hunchly case in the tool? After importing a case, all the captured pages, images, selectors and objects are available to be used within Maltego. This makes it possible to get a visual overview of all the captured data, and run transforms on the data you've already gathered. A great tutorial by Justin Seitz, and I recommend you to watch this if you work with both of these tools.
Week in OSINT #2021-37 - Google Alerts

Tracy Maleeff wrote a short tutorial on how to create Google Alerts. It's a simple way of digesting information on specific topics, right to your mailbox or even an RSS feed. This service from Google was launched back in 2003 already, and it offers a service where newly indexed URLs within the Google database that matched to 'alerts', after which the creator of the alert is being notified. Extremely useful, and easy to set up. Thanks for this little tutorial!

Link: https://link.medium.com/zboIT78fHjb
Week in OSINT #2021-41 - Mapping Tutorial
Just before publishing my last newsletter, another awesome video by Benjamin Strick was published. I saw the video, but I simply ran out of time to include it in my last episode. Ben shows you how to run some basic OverPass Turbo queries, how to import them into Google Earth Pro, and what other free tools are available to quickly draw up a map of interesting things
Week in OSINT #2021-41 - Does This Person Exist?Twitter user OSINT Shinobi shared an interesting story last week. Over at the University of Caen Normandy in France, they've studied the images generated by "This Person Does Not Exist". By using a so-called "membership attack", they've been trying to establish the source of the images by comparing them with the training data. By finding the source within the training data, it's possible to find out whether someone's image has been used for training purposes without any consent, or provide evidence of copyright infringement.
Link: https://www.technologyreview.com/2021/10/12/1036844/ai-gan-fake-faces-data-privacy-security-leak/

Paper: https://arxiv.org/pdf/2107.06018.pdf
Week in OSINT #2021-41 - Social Media CSE

Brijesh Singh has been busy playing with Google programmable search engines, or CSE's. He has created a one-stop CSE for social media. With one search, you can view results on Medium. Pinterest, Reddit, Twitter, LinkedIn and more. I know there are loads of CSE's out there already, but it's always good to share extra options.
Open Source Information’s Blind Spot: Human and Machine Bias in International Criminal Investigations
Digital open source information has been heralded for its democratizing potential, insofar as it allows access to a much broader range of sources and voices than would normally be consulted through traditional methods of information gathering for international criminal investigations. It also helps to overcome some of the physical access barriers that are commonplace in international criminal investigations. At a time when the use of digital open source information is becoming more widespread, this article warns of the cognitive and technical biases that can impact upon two key stages of an investigation: finding relevant information and analysing that information. At the information-gathering stage, there are particular crimes, regions and groups of people whose experiences are more likely to be overlooked or hidden in digital open source investigations. When it comes to analysing digital open source information, there is a danger that cognitive and technical biases may influence which information is deemed most relevant and useful to an international criminal investigation, and how that information is interpreted. This article proposes some steps that can be taken to mitigate these risks.
Week in OSINT #2021-41 - Another "Week in..."

Bleeping Computer is an amazing news platform, but they also seem to have a weekly overview. This isn't really your regular OSINT though, but if you are looking for a weekly overview about ransomware, then this is a really nice site to add to your feed reader. Thanks to Lawrence Abrams you'll stay up to date on the latest news and intel on ransomware.
ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and based on Flask that automates the entire analysis process starting from the extraction of the observables from the header and the body of an email to the elaboration of a verdict which is final in most cases. In addition, it allows the analyst to intervene in the analysis process and obtain further details on the email being analyzed if necessary. In order to interact with TheHive and Cortex, it uses TheHive4py and Cortex4py, which are the Python API clients that allow using the REST APIs made available by TheHive and Cortex respectively.
Week in OSINT #2021-41 - Syrian Datasets

OpenFacto is a French organization specialized in OSINT training, fact-checking and assisting others, like NGO's and news agencies. They alerted me to the fact that The Syria Report has opened up two of their databases to the public, and is free of charge: The Official Gazette of the Syrian government and the housing, land and property dataset.

Syrian Gazette (English and Arabic): https://syria-report.com/category/official-gazette/

Housing, land and property (Arabic): https://syria-report.com/category/%D8%AD%D9%82%D9%88%D9%82-%D8%A7%D9%84%D8%B3%D9%83%D9%86-%D9%88%D8%A7%D9%84%D8%A3%D8%B1%D8%A7%D8%B6%D9%8A-%D9%88%D8%A7%D9%84%D9%85%D9%85%D8%AA%D9%84%D9%83%D8%A7%D8%AA/
Week in OSINT #2021-41 - layer 8 Videos

Earlier this month there was the Layer 8 conference, and recently they've uploaded some videos onto YouTube. Whether it's about social engineering, or mental health, anything that touches open source investigations is game. So sit down, and enjoy these talks. With a little special shout-out to my TOCP colleages Christina Lekati, Rae Baker and Inês Narciso
Week in OSINT #2021-36 - Investigator

The GitHub user 'ABHIJITH' has created a simple HTML page, with different searches on a domain name. Fill in a domain name at the top, and then click one of the many search options below to find subdomains, IP addresses, certificates, information in paste sites and lots more. Don't bother entering those Google searches by hand, or finding the correct option within ViewDNS. Because it's available at the click of a button!

Link: https://github.com/abhijithb200/investigator
Week in OSINT #2021-41 - Be Careful What You Search With

I see loads and loads of links being shared on the TOCP Discord, Twitter, the OSINT sub Reddit and anywhere else. But sometimes things aren't what they seem. For instance, take the website streamingsearch[.]xyz that Twitter user fe_tsoc shared last week. It looks like a very nice website, with multiple ways to search for videos and such. But it actually hides a piece of malware that hijacks your browser, according to multiple sites, like this page over at EngimaSoft. And while checking the website with URLscan.io, I saw there was a distinctive filename being used: cfgnt.json. With that, I quickly found a few other websites that may need to be avoided.
A quick look at the separate scans revealed that the screenshots taken by URLscan showed the same layout and icons, which confirmed my suspicions. So remember: Make sure to do some research before you jump on every opportunity to use a new and