Week in OSINT #2020 — 02
The year 2020 has started, and Week in OSINT is back! Time to bring some tools, tips and tricks to your screen!
When I started this newsletter in May 2018 — about 80 or so episodes ago — I couldn’t suspect what impact this would have on my life. Throughout the last two years I’ve been lucky to meet lots of great people and 2019 has been a very important year for me. Together with an awesome bunch of people we started OSINTcurious and the response so far has been great. Besides that I was finally able to meet the majority of the people behind the Quiztime initiative. And lastly I had the chance to attend or speak at several conferences where I met lots of wonderful people, that were shocked I didn’t look anything like my avatar! And so we slowly rolled into the first week of 2020, while I took a couple of weeks off and to spend some time on other important things.
But now it’s time again to kick some life into the weekly newsletter, so let’s start with the first episode of this year!
- Creating Flowcharts
- Fundamentals of Online Newsgathering
- Twitter Tools
- Hindsight Files
- Facial Recognition
- Shodan Filters
- Reverse Hash Lookup
- Lessons Learned by OSINT News
- Kirby’s Corner
It’s time to have a look at TikTok again, with a list of links curated by the awesome Stefanie Proto. It’s a long list of different sites, starting off with a general search tool by OsintCombine, followed by some useful links. I went over all of them and some sites are a bit crappy, like Tokvid that every once in a while throws an error 500 (server error). The site TubZi that can’t seem to find profiles that actually do exist — which I found out after going over the profile of Will Smith — and Vidnice is so slow or is simply not working. What I did like where the tools ‘ttdown’ to download videos — an option that is also available in Tokvid — and ‘Clout Meter’ that has loads of user stats. Then there are some tools that were actually down when I wrote this article, so I’m not even including them in the list underneath, but feel free to check out Stefanie’s tweet and save them for historical purpose, or future reference 😉
Clout Meter: https://cloutmeter.com/
NixIntel shared the link to the website PrivacyTools the other week, that has a nice list of services and software that are known for their stance on guarding your privacy. Besides lists of apps and tools, they also have information on which countries are required to hand over encryption keys by law, a list of VPN providers, has info on warrant canaries, DNS leak tests, add-ons, browser tweaks and all kinds of other goodness.
Article: Creating Flowcharts
Aware Online has been busy during the holidays and one of his blog posts is about a very important process within OSINT: Organising your work and create insight into possible pivot points. In this article he explains you how to use XMind ZEN to create your personal diagrams so you don’t have to rely on other people’s work. What I personally like is that this also gives you the opportunity to think creative and come up with connections you may not always see in the heat of an investigation.
Another interesting article I want to point out talks about how to use location information of Telegram to find possible persons of interest. A little GPS spoofing is all that is needed to find persons of interests that are in a certain location.
Media: Fundamentals of Online Newsgathering
First Draft News has some awesome publications on how to conduct online investigations, and at the end of 2019 they published this PDF. They explain the basics of searching within Google, Twitter, Facebook, Instagram, Reddit and YouTube and they give some basic information on some other social media sites. A lengthy document and the 33 pages are well worth the read!
Tutorial: Twitter Tools
Loránd Bodó shared a page the other week from the official Twitter developer documentation. It lists a bunch of tools and code libraries that are often used to talk to the API, to analyse and visualise Twitter data. This page contains links to the more technical reference guides and manuals, so it might not be suitable for everybody. But in case you are looking for some ideas or you want to play a bit with code, it’s nice to know where you may be able to find them!
Tip: Hindsight Files
In December 2019 a new Twitter account came online called @HindsightFiles. This account is run by Brittany Kaiser and the account is releasing documents from Cambridge Analytica. If you are interested in how this is going to play out, and want to stay on top if this particular news, it might be a good idea to check out the files that are released.
Article: Facial Recognition
This article looks at one of the features where Yandex stands out in search engine land: Facial recognition. By comparing the results with other search engines like Google or Bing, and by running tests with people from a different ethnicity, Nelson goes over this awesome feature. Privacy wise it may not be great, but for someone who is ‘OSINTCurious’, nothing beats a publicly available tool like this!
Tutorial: Shodan Filters
For quite some time people have been asking for a good and comprehensive list of filters that can be used inside Shodan. I used to find some in their blogs, I bookmarked some on GitHub, but now there finally is an official list of filters!
And as a little bonus one of my favourite lists of Shodan filters, curated by Jake Jarvis. Not all the filters shown are useful all over the world, but it does have some funny examples on how companies can totally screw up the Internet of 5h17…
Site: Reverse Hash Lookup
Someone that has been busy during the holidays is Intelligence X, because a couple of days ago they added a new section to their every growing web site. This new search tool gives you the option to search for the plaintext value of a MD5/SHA1/Sha256/SHA512 hash, by giving you a simple tool that opens multiple web sites where you might be lucky to find the hashed — and unsalted(!) — password you need…
Article: Lessons Learned by OSINT News
OSINT News wrote an article about the end-of-year OSINT quiz I created to basically keep people busy during the holidays. The quiz is an interactive multi-stage CTF-style one, where you can advance by answering a question correctly and sending it in by email. OSINT News is one of the many people that participated and he shared some little insights into what was unknown to him. Really nice to hear back from people that they learned new things, or discovered some obscure bit and pieces out there!
Talking about that quiz, I want to thank all for the positive feedback you gave! I truly enjoyed making both of these quizzes, and I can spoil there is something cooking… But that will take some time! So be patient!
Links: Kirby’s Corner
And as a little bonus, I added one more link… I really want to try and push Kirby to add some more interesting links to this ‘Bublup Roll’, so you can keep up with interesting articles whenever she shares it. She only just started it, but more links will follow, I’m sure of that… Especially now that a bunch of OSINT enthusiasts are going to bookmark it 😎
Have a good week and have a good search!