Discover and read the best of Twitter Threads about #OSINT

Most recents (24)

Chris has already done a good thread & analysis on the Twitter reactions after the indictment in #Louisville was handed down yesterday. We have a couple of things to add namely some additional analysis on the phrase "burn Louisville" #BLM #BreonnaTaylor
First alot of the analysis @TAPSTRIMEDIA did shows a high level of astroturfing activity around the hashtags he looked at. Levels of 25% & higher & much of the initial activity stemmed from videos related to this Uhaul dropping off what appears 2b #Antifa related protest signs ImageImageImage
Here is the hoaxy analysis for the phrase "burn Louisville" that was also briefly trending on Twitter yesterday late afternoon. The cyborg / astroturfing activity was just over 31%. Normal more organic levels tend to be close to roughly 4% or less. #Louisville #BreonnaTaylor Image
Read 12 tweets
Sigo procesando páginas del BORME a mansalva… van unas cuantas docenas de miles. Publicaré los resultados. ✌️

Hoy me he fijado en las 𝗜𝗡𝗛𝗔𝗕𝗜𝗟𝗜𝗧𝗔𝗖𝗜𝗢𝗡𝗘𝗦. Y he sacado —por pura curiosidad— todos los empresarios inhabilitados en 🇵🇱Cantabria durante la última década.
Porque parece que si la lías «muy parda» administrando una empresa y entra en concurso, un juez puede venir e inhabilitarte para gestionar nada.

⚠️ Aunque todo esto es público, no voy a publicar la lista. Pero sí hay algunos casos muy notorios o de relevancia pública. 👇
Como por ejemplo la inhabilitación por cinco años de Ali Syed a raíz del concurso del Racing de Santander.

Sé más de física cuántica que de fútbol, así que me temo que no puedo comentar mucho sobre este tema… pero me suena que fue muy sonado todo.

Read 8 tweets
#OSINT Tips ★ 17 short tips for website investigations

[1/17: tactical information👁️]
Purpose: collect and analyze tactical information.
1. Visit website
2. Collect visible info (contact details, VAT numbers, etc.)
3. Analyze information
4. Have fun!
[2/17: WHOIS information]
Purpose: find owner/host of website
1. Find top level domain
2. Find TLD register via*
3. Fill in target URL
4. Look for registrant/registrar
5. Have fun!

* Use multiple databases/registers!
[3/17: archives]
Purpose: find archived information
1. Visit*
2. Fill in target URL
3. Check for archived information
4. Have fun!

* Use other websites such as
* Use cached version of search engines
Read 18 tweets
Everyone but the DSA, far-right & Russian trolls knew RBG ALWAYS wanted to be a SC during the 1st woman president & would have likely retired then. Of course almost no one predicted what would happen next. This is purposeful divisive sh$t meant 2 cause anger and chaos. #infoOps Image
We are collecting the tweets for analysis so I can't say for sure where this divisive line of attack started ... but its clear there are alot of fake accounts, trolls and sh$tposters pushing the "should have retired" or "by not retiring" content. Don't get sucked in. #infoOps Image
Lots of accounts like this one. 2 yrs old but just started tweeting this month and half its tweets are about RBG and how she should have retired. Not clue if this is a real person, paid troll or what but this is certainly odd behavior for an account. #infoOps ImageImage
Read 9 tweets
A few interesting take-aways from FBI director Wray's testimony yesterday before the House committee on Homeland Security. First Russia continues to interfere in the upcoming 2020 elections to benefit Trump and harm Joe Biden's chances. #infosec #osint #infoOps Image
Second, #Antifa is not a terrorist organization ... or even an organization at all. But rather, he said it is more an ideology or movement and that criminal and anarchist elements are likely co-opting it. #infoOps #osint Image
Third, FBI director Wray reiterated the strategy of attacking #disinfo early and often. Completely agree. The "head in the sand" approach or "don't feed the trolls" approach is useless and even dangerous. And deplatforming works. Twitter efforts against Q anon clearly shows this Image
Read 4 tweets
Psalm 127 (KJV)

Except the Lord build the house, they labour in vain that build it: except the Lord keep the city, the watchman waketh but in vain.
It is vain for you to rise up early, to sit up late, to eat the bread of sorrows: for so he giveth his beloved sleep.
Lo, children are an heritage of the Lord: and the fruit of the womb is his reward.
Read 10 tweets
BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec #malware #smish #osint
The m9sxv[.]info domain was just registered today and here are few sample links we have collected so far. @kyleehmke @RiskIQ @ydklijnsma #infosec #malware #smish #osint
There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec #malware #smish #osint #phishing
Read 10 tweets
Fascinating article out by a Dutch tech publication. Says in 2016 three Dutch hackers stumbled upon Donald Trump's LinkedIn password from the hacked LinkedIn DB of 117 million users. Russian hacker Yevgeni Nikulin would later be arrested for this.…
Here is a very fascinating supplement to the article that contains all the receipts. Interesting that Donald Trump at the time reused the same password in a least a couple of different accounts…
This part about Mark Zuckerberg is amusing as well. So glad all these tech giants and heads of state use hard to crack passwords. 🤦‍♂️Thanks to @ChiefCovfefe for passing this Dutch article along. Image
Read 5 tweets
So the #Antifa boogeyman is now being blamed 4 wild fires across the country. Apparently George Soros is sending out Antifa to start forest fires. Of course this is completely not true & has been debunked by law enforcement & local officials. Here are two recent #disinfo examples ImageImage
Quick shout out to @ContextFall & @dragnetizen for sending these examples. On Facebook its even worse & an absolute sea of dumb. Also its good to know that the fake @ScarsdaleAntifa account, inciting violence & falsely claiming #AntifaFires is responsible is now suspended Image
#Antifa is the top trending hashtag in Colorado Springs at it was due to this tweet from a local pastor. Its interesting because it appears to be boosted by one of the #Mighty200 accounts @LeahR77. This is also an account that I believe President Trump has retweeted on occasion. Image
Read 11 tweets
Oh the poor Q folks ..... seeing the layers of the onion they would rather not see from their fellow Q 'ers 😅😅
For some context the big Qanon website Qmap was found to be run by a grifter in New Jersey before it was taken down. This was the family-friendly version for the cultists. #wwg1wga
Okay this is very interesting. QAppAnon was a platform that allowed users to share content via posting. Wonder if that means it could connect to Facebook and Twitter in some way? Great way to coordinate and boost certain talking pts. Image
Read 4 tweets
This week I followed Arabic language Tweets around 9/11 and noticed disinformation around Qatar. A look at this topic shows the use of hacked verified Twitter accounts for coordinated inauthentic activity is still prevalent. #disinfo #OSINT (thread)
Initially I noticed several angry Saudi accounts subtweeting a verified account that had posted a video about Saudi Arabia being behind the attacks. This account appears to be hijacked (and has since changed its handle), so I looked into it further.
@FernStrategy was a verified account out of Silicon Valley. Look at the timeline it is clear that whoever hacked this account deleted all previous tweets and removed all accounts in the following list.
Read 15 tweets
This redirecting of Antifa(.)com to the Joe Biden campaign website seems more & more well thought out & planned. Using a headerless 302 redirect was not accidental. Using @Namecheap as ur registrar also makes getting any response from them near impossible.
But the one thing they may not have accounted for is to have the Antifa(.)com domain get flagged as malicious by Google. And given this domain is likely worth 10's of thousands of dollars on the open market. Having all its value erased by Google isn't insignificant @Namecheap Image
Hopefully the Biden campaign can just block the incoming IP address given the headerless 302 redirect is proving more problematic than we thought. Which begs the question ... why is this even allowed anymore? Is there ever a legitimate use for allowing headerless 302 redirects?
Read 11 tweets
Tried my best to stay away from this whole sordid #SSR drama/ modern day salem witch trial in order to preserve last remaining vestiges of sanity.
What follows is a thread on how bot-like and inauthentic accounts are being mobilised to hack Twitter trending in the country. So heres a 101 on how to spot a manipulated hashtag - #RheaArrested now you're on my turf. #OSINT #socialmediamanipulation
Earlier today, local media reported that #RheaChakraborty was arrested by Narcotics Control Bureau ostensibly for the possession and consumption of marijuana.…
Read 12 tweets
Recent news report on current Russian election meddling said that one propaganda #infoOps by the Kremlin was 2 convince Americans that instead of having a childhood stutter, Joe Biden was actually suffering from dementia cc @jonkarl @donie @oneunderscore__
Looking at our archives we confirmed seeing something very similar 2 the draft bulletin titled “Russia Likely to Denigrate Health of US Candidates to Influence 2020 Election” from DHS analysts that was submitted to their public affairs office 4 review on July 7 but never released
As an example of Russian efforts to raise doubts about Biden's mental acuity, the draft bulletin points to a March story on a Russian proxy website that "refuted media claims that the candidate’s gaffes are a result of a stutter, instead arguing they were symptoms of dementia.”
Read 14 tweets
We've discovered a new #Emotet malware #phishing campaign that leverages Google Sites & a previously compromised PetFoods website. We were asked to look into the following email. Thanks to the fantastic tools from @RiskIQ @PassiveTotal we finally connected the dots. #infosec Image
We plan to write up the details soon but here's a general overview. First looked at some of the indicators of compromise and surprisingly found that a Google search for "Mel Redins" revealed ZERO searches in Google. That's pretty hard to do these days. #infosec #osint #emotet Image
Same thing with searching for the email that Mel Redins provided. Also zero searches in Google and haveibeenpwned(.)com . #infosec #osint #emotet Image
Read 12 tweets
🚨 #BREAKING [UNCONFIRMED] A Chinese #PLA Air Force warplane has been taken down, likely by Taiwan air defense systems.


#OSINT #Military #Aviation
#TaiwanStrait #China
⚠️Chinese pilot of the PLA Air Force warplane which was taken down by Taiwan, US air defense system is injured.

#Taiwan #China #Military
#OSINT #TaiwanStrait
CONFIRMED ⚠️ Pilot of Chinese PLA Air Force is seriously injured after his warplane Su Kai 35 was shot down by Taiwan ADS.

Further escalation is inevitable!

#OSINT #Military #Aviation
#China #TaiwanStrait #Taiwan
Read 3 tweets
I find this sentence quite interesting, in the new Graphika report that Facebook has supposedly attributed to the Russian IRA. Lots more to go through and it is a very small network that Facebook has taken action on. A drop in the bucket. #elections2020… Image
And this is a VERY clever headline 👏👏 article posted on Facebook about the far-right militia movement known as the boogaloo featured a headline that read, “USA Far Right is Growing Thanks to President Trump" ... think about it for a minute on how it works for both sides
Another example of "that is soo 2020". The
@Alex_Lacusta account was just suspended as a Russian IRA account. And I guess @/rjones2818 will need to retool their follow back scheme of socialists and anarchists. Who apparently in the eyes of Russians get along quite dashingly Image
Read 5 tweets
Something that should shock no one, Russian hackers are selling voter registration DBs on the darkweb. At least MI, FL, NC, CT & AR so far. It should be noted all major political campaigns already have all of this data & its fairly easy to acquire it.…
What is more shocking is that our own State Department appears to have known about this for some undetermined amount of time (possibly all the way back to March) & paid a bug bounty to some of the associates of the Hackers 4 letting the State Depart know.
One hacker bragged that he got paid $4000 from our State Department. All eye-rolling aside, it is worth determining if hackers got it from hacking directly into state voter roles. Seems doubtful, as this kind of access would not be advertised on a forum. But thats the REAL danger
Read 6 tweets
1)Cuando @lawwait comenta que el CNI está investigando una intrusión en varios ministros y que "consiste en la recepción de un enlace que hace explotar una vulnerabilidad del sistema operativo del teléfono móvil de la víctima."

No me extraña nada.
2)La metodología que voy a usar es siempre la misma utilizando la aplicación de Dante's Gates Minimal Version y OSINT. Podéis ver algunos resultados en este artículo que @Quantika14 ha publicado en su blog:…
3)En el caso de Juan Carlos Campo (ministro de Justicia) es posible obtener su CV desde una intranet que tiene el PSOE. Actualmente, no es accesible. Pero si tiramos de archive:
¡Vualá! 😄
Además, su email del congreso quizás haya sido una de la fuente de infección.
Read 7 tweets
🏮🏮 CRAZY if true, but let me stress not confirmed yet.. #China #India #GalwanValley #Ladakh
Quick Update: Some other large followed #OSINT peeps have linked this dude, I'm not buying it.
Update: as I suspected it was BS. Dude deleted his tweet.
Read 3 tweets
@adithyan_ak As I re-read this, you frame this as a guide to help
TraceLabs CTF competitors. This is the exact opposite of #OSINTForGood and what the Trace Labs mission stands for. I don’t think they would endorse this type of unethical #OSINT in their competitions ever
@adithyan_ak Your techniques are unethical for this sort of engagement and banned in the competition. I am intimately familiar with the competition as both a competitor and a judge.
@adithyan_ak The note to the crush is disturbing. If she is okay with this, why not tell her about it? The language in this has a downer creepy vibe and TBH, makes my skin crawl.
Read 23 tweets
Quran burning in #rosengård #malmö #sweden escalated.

Read 19 tweets
An #OSINT thread on Foreign Funded Agents in Pakistan.
1. As a member of Pakistan's #OSINT community, I try to unearth grave threats to national security that mainstream sources refuse to discuss because of their own treacherous agendas. One thing I am increasingly concerned about is foreign money being used to recruit local agents.
2. In the ten minutes I spent on Google looking for evidence of these conspiracies, I was stunned to discover that actors working at the highest levels of government and policy have been taking foreign money for years! ImageImageImageImage
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!