Discover and read the best of Twitter Threads about #OSINT

Most recents (24)

Android Coronavirus SMS Worm is probably connected to developer from India 🇮🇳 #OSINT (1/8)
.@Spam404Online found another domain (codebeta[.]in) with the same Android SMS Worm hosted (Get Corona Safety Mask) app. (2/8)

Source:
Sample: virustotal.com/gui/file/8a87c…
Based on the Google cache, "codebeta[.]in" in the past offered to users get free 350 Rupees via Paytm.
20 Rs extra if you install the Android app. The app was SMS Spam Trojan. (3/8)

Distributed link: codebeta[.]in/Free350Paytm-2.00.apk
VT(2/62): virustotal.com/gui/file/6eed0…
Read 9 tweets
HTB: Kryptos.pdf
github.com/blaCCkHatHacEE…
HTB: Helpline.pdf
github.com/blaCCkHatHacEE…
HTB: Unattended.pdf
github.com/blaCCkHatHacEE…
HTB_ Hackback.pdf
github.com/blaCCkHatHacEE…
Keep Calm and Hack The Box - Devel.pdf
github.com/blaCCkHatHacEE…
#Hacking #BugBountytips
Hack The Box Write-up - Access.pdf
github.com/blaCCkHatHacEE…
Hack The Box Write-up - Active.pdf
github.com/blaCCkHatHacEE…
Hack The Box Write-up - Carrier.pdf
github.com/blaCCkHatHacEE…
Hack The Box Write-up - DevOops.pdf
github.com/blaCCkHatHacEE…
#BugBounty
Read 7 tweets
Por si les es útil un mini hilo con entradas para descubrir quienes nos intentan manipular en Twitter
#osint #factcheck #periodismo
Un kit básico
Cómo detectar posibles bots y cuentas falsas en Twitter con un móvil mmadrigal.com/como-detectar-…
Cómo saber si una cuenta en twitter usó otros nombres mmadrigal.com/como-saber-si-…
Read 8 tweets
ICYMI -

Scholastic has curated a free digital learning hub designed to support virtual learning plans: Scholastic Learn At Home allows open access to daily learning journeys divided into four grade spans—Pre-K–K, Grades 1–2, Grades 3–5, and Grades 6–9+.
classroommagazines.scholastic.com/support/learna…
If you are still looking for more educational resources, remember that places like the @librarycongress has an extensive Digital Collection.

loc.gov/collections/
Although your local library may be closed, there's a good chance that your library card gives you access to a treasure trove of online resources and audio/visual media.

Mango, Learning Express Library, TumbleBooks, BookFlix, TrueFlix, are just some examples of resources.
Read 14 tweets
Wow big story I just saw from @donie on a @cnnbrk undercover investigation by @clarissaward & her team revealing a Russian linked troll farm in Ghana Africa. One of the accnts they highlight is @africamustwake. We reported on that & a couple others last wk
Here's our thread from last wk on 4 tightly connected #BLM accnts that we identified a while back & had added to our new alt-left #Hamilton68 set of Kremlin-aligned twitter trolls. Can't believe they turned out 2b Russian outsourced accounts based in Ghana
This is a set of some of the accounts we also found. I guess we will find out soon enough from Twitter as I am assuming they will make this suspended data set available. @AfricaMustWake
@AfricaThen
@TheNewAfrica_
@_Pawa_2_da_ppl_
@s_Racism_
@TonCarthur
@WomensRights___
Read 15 tweets
Yesterday night, @campuscodi published an article about the COVID-19 detection app which has been removed from the PlayStore.

I saw the article this morning, so I decided to give it a look. Follow me for a walk 1/

zdnet.com/article/spying…
The Iranian gov made a website ac19.ir. On this website people can download an Android app "to test" if they are infected by the COVID-19 (coronavirus). 2/
*Reminder*: If you are sick, go to the doctor, download a f*cking app will not help you... 3/
Read 20 tweets
I recently learned about a neat #OSINT trick from @underthebreach for LinkedIn that I want to share and expand on a bit.

A thread
The LinkedIn API URL allows you to search for users by email (if logged in), and appears to bypass some of the privacy settings that are set by the user’s account.
linkedin.com/sales/gmail/pr…$

Using this URL we can modify the bit between the $’s to our target’s email and determine if they have a LinkedIn profile or not.
Read 9 tweets
Time for another #OSINT thread, but let's focus on TikTok:
- OSINT Investigations on TikTok (article)
- TikTok Open Source Intelligence Tool
- TikTok Open Source Intelligence Tool
- On TikTok, There Is No Time (article)
- TikTok quick search (tool)
- 2019 Layer8 Conference “Getting the Good Stuff” Talk Companion Post
- TikTok Bookmarklet Tools
- VidNice TikTok web viewer and analytics tools
- CloutMeter Profile Analytics Tool
- TikTok Hastags
- Fanbytes Search
- Influence Grid
- Analisa TikTok analytics
- Soundtracks — Where is data on TikTok?

And now for the links!
Read 20 tweets
THREAD: This evening's disturbances at #Paris Gare de Lyon show the importance of acting quickly to gather real-time #OSINT information.

There are lots of resources for doing this, but Snapchat Map is one of the most useful:

map.snapchat.com
2) Snapchat Map displays near-live time videos that are all geotagged and which can be accessed without the Snapchat app via a web browser.

Here's #Paris about 20 mins ago. Hotspots indicate a lot of uploads:
3) The videos are only visible for a short while before being removed from the map. The need to geotag the videos and their short lifespan makes them slightly less susceptible to being faked than on some other platforms.

Click on a hotspot to start viewing videos from that area:
Read 12 tweets
This morning, @Facebook announced that it removed assets for “coordinated inauthentic behavior” from Russia, Iran, & Myanmar.

We saw some new things & re-confirmed a bunch of things about efforts from Russia & Iran.

But the assets removed deriving from Myanmar were wild.

1/
On the Russia efforts, the biggest takeaways included that info operations are not exclusive to one platform, efforts are getting more sophisticated, and harder for #OSINT to attribute.

Good report from @Graphika_NYC.
2/
graphika.com/reports/from-r…
Great thread on the latest takedown of Russian influence operations from @DFRLab non-resident senior fellow and @Graphika_NYC investigations director @benimmo. #disinformation

3/
Read 6 tweets
TikTok doesn't have visible timestamps, and there's articles about that: wired.com/story/tiktok-t…. But there's an easy way to figure out the time a TikTok was uploaded. Here's how. #OSINT
Step 1:

Find any TikTok you're interested in on the *desktop* version: tiktok.com/trending.
(I'll use this one by the @washingtonpost, because they're just really good at it.)
Read 8 tweets
#OSINT THREAD:

A video is doing the rounds on social media since past couple hours which purports to contain audio message by former spokesperson of Tehrik-e-Taliban Pakistan (TTP) and Jamaat-ul-Ahrar, Ehsanullah Ehsan.

Here's what we know and don't know about this audio:
- The audio-video was first shared by a Twitter account claiming to represent Ehsan.

- The Twitter account was created in Jan 2020.

- The Twitter account links to a Facebook account named Liaqat Ali, which btw is Ehsan's name. The Facebook account was created in Sept 2016.
- What is very interesting is that the Facebook account has been active throughout 2018-19, when Ehsan was in jail. Moreover, it has "Islamabad" as current location.

- The FB account has been posting almost monthly posts (sometimes multiple times a month) throughout this time.
Read 29 tweets
Satellite image analysts, #OSINT researchers, journos. In the wake of the sudden loss of @Terraserver I’ve been testing alternative options for previewing sat images. Sharing my lessons so far. Please share yours & retweet!
Short background: For research into arms or human rights abuse through destruction of urban areas I need high-res (to compare structures) and regularly updated satellite images of remote regions. So, while public and good, Sentinel and Landsat services usually don’t work for this
eos.com/landviewer offers 10 free satellite image previews a day. Through the CBERS-4PAN5 sensor I can spot changes in this village that indicate burned area. Not high-res. Still, proved useful for other places where I can see areas have gone abandoned after reported attacks
Read 9 tweets
In this thread, I did a deep dive into the companies behind the faulty app during the #IowaCaucuses2020. I added all the sources like this you can verify everything.

Twitter folks, journalists, #OSINT lovers: if you want to debunk the conspiracy theories, read it and use it
Journalists: I know it's one hell of a thread but read it entirely, extract what you can from it and use the data in your articles.

Investigative journalists: You have a topic here, dig, you will probably find an awesome world
#OSINT lovers: You can have a lot of fun here and be useful. Enjoy guys!

cc @dutch_osintguy @OsintSupport @OsintCurious
Read 3 tweets
1/ According to the @nytimes, the app used to report results during the #IowaCaucuses "was not properly tested at a statewide scale".

Follow me, we will try to have a better picture of who is behind this app.

nytimes.com/2020/02/03/us/…
@nytimes 2/ In their article, the @nytimes wrote: "The app used by the Iowa Democratic Party was built by Shadow Inc., a for-profit technology company"

Pro-tip: if you are doing political tools, "Shadow" is probably not the best company name
@nytimes 3/ The Shadow Inc. has a website shadowinc.io.

In their website they describe 2 products:
- Lightrail: "the universal adapter for political data"
- Messaging: "Recruit volunteers and mobilize voters with our peer-to-peer email and texting platform"
Read 79 tweets
Lots of interesting details in the VC citation of WC Abhinandan. Do read carefully.

He thwarted a second wave of ground strike package with his surprising aggressive maneuvering which the PAF did not anticipate it seems. They ran away without offloading their weapons, while the
first Strike package was disrupted from completing their bombing run (which is also evident from their PGMs falling way off the intended targets).

Also, the citation indicates there was a low flying PAF formation (likely F16) hiding from the Indian AD radars and ready to ambush
Any IAF interceptors vectored towards the very visible, second formation flying at high alti. WC Abhi, with his presence of mind and probably anticipating exactly such tactics by PAF, scanned low altitudes with own Radar and exposed the ambush threat, alerted other IAF jets too.
Read 6 tweets
#nyctour #osint Tip 1 out of 25

@lampyre_io for Email/Phone Investigation. One of my delegates wrote a manual, feel free to download it here: learnit.today/lampyre
@lampyre_io #nyctour #osint Tip 2 out of 25

Find hidden zipcode in LinkedIn profile, find hidden connections and other research tips.

learnit.today/guide2 (now with correct link)
@lampyre_io #nyctour #osint Tip 3 out of 25

Some great tips for Instagram research, including how to use multiple keywords, search for just a location, video search, time and place search, and more
Read 5 tweets
1) This thread is a sequel, the first part is about my coming up to speed on Russia information warfare.

threadreaderapp.com/thread/1213428…
2) Having shown an ongoing interest in the area, I began to meet people in the field. It should be noted that this sort of networking was mediated via @LinkedIn, not Twitter.

Activities here are covert - you often can't identify actors. Things on @LinkedIn are clandestine.
@LinkedIn 3) Clandestine here means that things are kept quiet, but there are no difficulties in identifying who the players are.

There are a LOT of worried professionals out there from law enforcement, intelligence services, and the military.
Read 26 tweets
Would it be helpful to make some materials in OPsec and OSINT techniques for fellow #digitalsoldiers #qanon?
Phone security; disallow these application in having elevated access to your phone.. what apps have access to your GPS? photos? contacts? Camera? Microphone? Health data? Do you have an Android or IPhone? Update your phone last? Applications last? Do you have PWD mgmt? #opsec
Read 9 tweets
1) Let's have an #OSINT thread about Roger Stone.
2) There is an enormous amount of information out there, so much so that it would thwart a casual reader from digging any deeper. I started a @MaltegoHQ graph to keep it organized.
@MaltegoHQ 3) The more current topical stuff @TrickFreee is doing a good job of tracking. Start here:

Read 34 tweets
New pictures by @Reuters from US report to @UN Security Council on the UAV used for Aramco attack in Abqaiq. Shows its engine & vertical gyro compared to the ones from Iranian Shahed-123 UAV and a far picture of that delta wing UAV in an IRGC exhibition.
@Reuters @UN @fab_hinz @AlexLuck9 @Aviation_Intel @TheDEWLine 1. Based on all the #OSINT analyses done on Aramco Abqaiq attack UAV so far and US government data, I guess the Iranians obtained the ASN-301 Chinese UAV (export version of the Chinese copy of the Israeli Harpy UAV) & copied it with their own equipment. I will show why #Thread.
2. ASN-301 has a wing span of 2.2 m close to the UAV shown by @modgovksa. Picture analyzed by @SnakeDocTop.
Read 9 tweets
JUST OUT: new report on the accounts identified by Reddit as connected to Russian operation "Secondary Infektion".

Looks like the stories were designed to divide Western countries.

H/t the teams at @Reddit, @Medium and @Facebook for insights.

graphika.com/reports/uk-lea…
This one started when Reddit published a list of 61 accounts that it believed were tied to the earlier Secondary Infektion.

Fifteen were linked to the UK trade leaks, eight were already known, the rest were new.

reddit.com/r/redditsecuri…
The Reddit accounts shared stories that had originally been posted by single-use burner accounts on websites like homment[.]com, Medium, and the BuzzFeed Community - the same ones that Secondary Infektion used.

The themes were wide-ranging, from Ukraine to Kaspersky.
Read 13 tweets
#OSINT Technique - Google Dorking

Google has a lot of power built into it’s search bar. It’s one of many tools used by #infosec to perform Open Source INTelligence research. Here are some dorks to find items of interest, edit and try them out! 🔎

#30DaysOfThreads
Searching a specific site and its subdomains 🏪

You don’t have to search the entire internet, you can focus a search to a specific site and its subdomains.

site: twitter.com 0xBanana
site: cnn.com juggling
Searching for a specific filetype 🧬

There are so many file types out there, using the filetype operator we can focus on types of interest.

Want to find: Videos? Documents? Zips? Try it out!

filetype: pdf
filetype: pptx

All formats 👇🏽
en.wikipedia.org/wiki/List_of_f…
Read 7 tweets
You #OSINT guys who are worried about the learning curve with @Elastic can just chill, because I found an excellent book from @PacktPub

amazon.com/gp/product/183…
@elastic @PacktPub It might say "Learning Kibana 7: Build powerful Elastic dashboards with Kibana's data visualization capabilities, 2nd Edition" on the cover, but don't let it fool you - first half is a solid guide to getting @elastic running on Linux/Mac/Windows.
@elastic @PacktPub Elasticsearch: The Definitive Guide by @clintongormley & @ZacharyTong is still THE master class for @elastic, but Learning Kibana 7 gets a strong recommend from me.

amazon.com/Elasticsearch-…
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!