Discover and read the best of Twitter Threads about #osint

Most recents (24)

L’équipe des @RevelateursFTV est mobilisée depuis le début de la crise en Guadeloupe pour vérifier les images amateur qui émergent du terrain🔍.

à dérouler 👇
Dès le 19 novembre, des barrages apparaissent sur les routes de l’île.

En #Guadeloupe, cette vidéo témoigne de la situation : des voitures renversées et calcinées coupent la circulation, les manifestants semblent avoir allumé un feu, visible sur le bas-côté.
Cette vidéo a-t-elle bien été filmée en Guadeloupe, et où exactement ?

Pour le savoir, le premier réflexe est de lire les commentaires, mais ici aucun indice.
Read 13 tweets
This is a second video of the same shot of #Eritrea and #Ethiopia's forces. (shared by @mvreisen). Several Twitter accounts have alleged a 'handover' of weapons did not occur or that video was 'fake'.

As part of my #OSINT @bellingcat homework, I've set out to show why it isn't.
This is the second video was also shared by @mvreisen.

The footage was captured at 07:08am on 5th November in #Eritrea, only days after fighting broke out in the #Tigray region.

The region, and #Ethiopia, have spiralled into a brutal civil war.
Eritrean forces have taken part in the conflict, and have been accused of committing war crimes in #Tigray. First, the location. Where is it? According to the tweet shared by @mvreisen, the video is located in Mukuti, #Eritrea.
Read 26 tweets
Exciting news about Facebook! They removed some annoying restrictions in search. Which problems are solved? Next tweets (1/...)
Till recently, you weren't allowed to list employees from a company or inhabitants of a city. It was mandatory to know their name. The workaround was to search for any letters of the alphabet, abcdefghijklmnopqrtsuvwxyz mimicking a letter in a name (#osint #nerdalert) (2/...)
But suddenly, Facebook removed this restriction. If you want to find people who work for a very small company in a small German town, restrictions will be lifted, if your keyword is the town itself. Let me explain (3/...)
Read 14 tweets
The #EU regulation for online Platforms, the #DigitalServicesAct (#DSA), plans in the article 31 to allow « access to platforms data for vetted researchers ». Unpopular opinion: it is a bad idea…
Some approved experts would be allowed under certain condition, access to some inside data from the platforms.What can go wrong ? Let’s ask the annoying quetion : what kind of access, what is "data" and how do we plan to organise the "vetting"
"access" does not means a "right to publish". Data, used, stored, accessed or published are governed by General Data Protection Regulation. #GDPR is highly protective of users, but, platforms like to use GDPR to shut down researchers accessing their data (like @algorithmwatch)
Read 10 tweets
Using #OSINT to investigate unsubstantiated claims on FB.

This image is spreading:
You know where this is going to go. But, let's do it anyway.

Two possibilities:
1. it's legit
2. It's not legit.

Let's "do the research"
I'm sure 'they' already did. But, let's verify.
We could search to see if it's already been verified, but, better to just start from scratch.

Off to Yandex for a reverse image search!

Open image in a new tab.
Get the URI
Plug that in to https://yandex[.]com/images

Read 28 tweets
1/5 [#OSINT|#WORDPRESS] For anyone who's been following my previous tweets over the last few days, I'm going to show you how its possible to identify someone who's commented on Wordpress website by leveraging Gravatar and Email Address Hashing.
2/5 if we visit the following link, and scroll down to the bottom, we can see many users have engaged with the authors post as shown in the image below.…
3/5 Starting with "Erick" we want to copy the Url of his profile image and paste it in to notepad or something similar. We then want to identify the part which is the md5 hash of his email address. After "/" and before "?"
Read 5 tweets
#Rittenhouse #FightbackLaw
The Rittenhouse thread- 1
#Rittenhouse #Fightback #FightbackLaw #UKShenanigans
#Rittenhouse #FightbackLaw #Fightback #JohnMPierce #LLinWood
Rittenhouse Thread - 3
Read 16 tweets
Providing some additional perspective as the sabotage theory continues to spread.


@CovertShores @David_Hambling @annapagnacco @saltwatersteve
Undersea cable breaks happen all.the.time. There are 100 breaks on average during the course of a single year. The main culprits: anchors, trawls, and earthquakes.…
Yes, the LoVe observatory is in deep water - hundreds of meters - but the anchor chains of large cargo or tanker vessels can reach that depth. And LoVe's cable - little more than a garden hose - would be no match for a several-tons anchor.

Read 14 tweets
1/6 [#OSINT] Gravatar is used by more than 200m users, the email address used to create your account is also hashed to create your unique profile url; which poses a massive privacy implication if you was to be able to reverse the MD5 hash but also creates an opportunity.
2/6 If you have a large enough collection of email addresses you could start by hashing every single one and storing them in a table. The more you have the greater the chance you have of being able to take a url of any Gravatar Profile and decoding the registered email address.
3/6 If you take a look at the url below you will see an example of the founders profile url being used. After hashing over 3+ billion email address i am able to lookup that hash in my table to receive the founders email address for that profile.… Image
Read 6 tweets
1/4 [#OSINT|#SOCMINT] Been a couple of months and almost forgot about the Research/PoC i was doing around the #GuntraderUK data leak.

Here is a FB Profile from one of the members which is pretty concerning especially if this individual keeps licensed firearms. Image
2/4 I did find more interesting posts/photo's on his timeline. A photo of him hunting with a shotgun by the looks of it and a photo/ad of a "Walther CP99 .177 Pistol" which was being advertised for sale. Image
3/4 I was able to find this profile pretty quickly after enriching all the email address's and phone numbers against a facebook dataset, then collecting all the pages on facebook these people like. I then looked at any profiles which followed pages around depression/suicide.
Read 4 tweets
Google has a serious flaw. In the past, adding words would reduce the number of results. However, sometimes the numbers go up, as shown below. Why? (1/...) #osint
First thing you should know, is that you can't see all 356,000 answers that Google is predicting in the question below. In reality, it will give you only about 130 answers. How can you find out? (2/..) Image
You can use my example, "how many answers" and click the highest number. Your settings determine how many results appear on a page (some use 10, some 100). (3/...) Image
Read 9 tweets
Following the killing of a 7 year old in Bamenda, Tataw Brandy, this afternoon by an element of Cameroon's military, @CMRNewsAgency has put together a timeline of what they know so far. I'll use this🧵to piece together some of the pics/vids with timeline.#EndAnglophoneCrisis /1 Image
Killing of the 7 yr old by police officer occurred ~12: 30 pm at a stretch of road called 'New Road' in Mile 2 Nkwen, Bamenda. Geolocated here🗺️5°58'03.0"N 10°10'19.9"E🗾… #OSINT #EndAnglophoneCrisis /2
As per the timeline by @CMRNewsAgency, the 7 yr old was returning from school while the police officer was at a checkpoint mounted in front of a snack bar called 'Dreamland bar'🗺️5°58'03.0"N 10°10'18.4"E🗾… #OSINT #EndAnglophoneCrisis /3
Read 14 tweets
Hey @BMVg_Bundeswehr und @Akk, dem #BAMAD ist scheinbar bei der Sicherheitsüberprüfung (SÜ) erneut ein Verdachtsfall mit Bezug zum #Rechtsextremismus durchgerutscht. Konkret handelt es sich um den neuen Jäger-Feldwebelanwärter „Gustav“ des FA-/UA-Btls in #Celle. Ein Thread. 1/
Soweit es sich hierbei um ein offenes Insta-Profil handelt konnten die folgenden Informationen alle uneingeschränkt aus #OSINT-Erkenntnissen gewonnen werden. Dabei weist dieser Fall eines #BMVgLeaks eine Vielzahl von Bezügen zu dem #MAD bereits seit 2016 bekannten Fällen auf. 2/
Auf #Instagram präsentiert sich der #Jäger-FA des @Deutsches_Heer|es selbstbewusst mit dem Anwärter-Barett und deutlich sichtbar dem Patch des FA-/UA-Btl 2 in Celle (…). 3/
Read 28 tweets
9 OSINT Tools, you might have come across.

Read about them below, it's a thread 👇.

Let me know if I missed an awesome OSINT Tool.
#OSINT #infosec
1. Maltego: Specializes in uncovering relationships among ppl, companies, domains, and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered info and plotting it all out in easy-2-read charts and graphs.
2. Mitaka: Available as a Chrome extension and Firefox add-on, #Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, #Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser.
Read 10 tweets
Life moves fast. OSINT and military analysis led stories move faster.

#OSINT timelines on Twitter. See thread for relevant stories
Biggest story right now, Nov 7-8…
Russian Spy Ship near UK carrier strike group >…
Read 9 tweets
Okay these accusations by Durham that Danchenko lied to the FBI are incredibly sketchy. For example Danchenko is not lying that he didn't know Charles Dolan but rather that Dolan was not one of his sources for the #SteeleDossier. Check out this interview exhibit.
Danchenko in the covert interview thinks the FBI is asking his opinion of Charles Dolan & his interest in Russia as something that could be interpreted as malign. Danchenko essentially laughs. But in actuality FBI is subtly probing Danchenko to c if Dolan was one of his sources
So this is seriously open for interpretation depending on which side of the fence you are on. Durham essentially is saying Dolan must be one of Danchenko's sources & Danchenko is saying no. How that hell is this even legitimate line of inquiry ..besides exposing anonymous sources
Read 15 tweets
BREAKING: @MaddowBlog tonight. So it WAS a covert communication channel between Trump, Alfa Bank, Spectrum ect. in 2016? Quote, "Its clear there's hidden communications between Trump and Alfa Bank". So John Durham lied about this in his investigation? @RepAdamSchiff @RepRiggleman
Here is a link to last night's segment on @MaddowBlog who expertly goes through the new implications that seems like ABSOLUTELY warrants new investigations and an investigation now into John Durham. #infosec #osint
Our thread from earlier this month on yrs of collected details on the purported covert communications channel between Trump & Alfa Bank that has NEVER been explained. Their newest conspiracy that it was actually made up has fallen flat in a HUGE boomerang
Read 5 tweets
📚 tl;dr sec 107
* @rung Attacking and securing CI/CD pipelines
* @xntrik Threat modeling in HCL
* @NCCGroupInfosec Cracking random number generators w/ML
* @kottireethi GitHub Actions security best practices
* @pdnuclei Easily validate leaked API tokens…
@rung @xntrik @NCCGroupInfosec @kottireethi @pdnuclei 📢 Sponsor: Join @Tenable, @awscloud, @techmahindracsr, & more at #Accurics Code to Cloud Security Summit on Wed. Nov 10 @ 8:30am PST. If you’re in the US, register by Fri. to receive a FREE snack box. Preparing for tomorrow’s security challenges today.…
@rung @xntrik @NCCGroupInfosec @kottireethi @pdnuclei @tenable @awscloud @techmahindracsr Tool for secret management at @elastic

Repo of Google's security advisories and accompanying PoCs…

@xntrik: Document your threat models in HCL

@daniel_bilar With 👆, you can now lint your TMs with Semgrep
Read 10 tweets
THREAD: I've been doing a lot of reading on Error Level Analysis for image forensics and have tested various images out. It can be quite hit or miss, but one thing it is great at is detecting forged documents. (I faked my name onto this certificate image). #osint #verification ImageImage
Sadly, it is not perfect, and if an image is lightly edited with content of the same error level (eg things move around in the same image), then it is much harder to detect. ImageImageImage
A lot of contextual analysis is needed. For example, the lettering on the drone may appear fake, as does the tag blowing in the wind underneath, but they are real. Edges often light up due to the nature of image compression. ImageImage
Read 6 tweets
We've been working on something big (well, for us at least) that we're really excited to announce on Sunday.

May everyone have a blessed Shabbat!
You’ve just had a taste of what we can do with #OSINT on #LabourAntisemitism. Now that we've had time to regroup & reevaluate, we're ready to take on the next phase of our operations. Antisemites around the globe should beware!
Of course the left wing antisemites are obsessing over this announcement, which is never a bad thing. However, threats of violence are illegal. This person needs to loose their account, they’ve been reported to the police (we know who they are) ImageImage
Read 4 tweets
Slovenian PM and current #EU-president @JJansaSDS tweeted an hour ago an image of a #conspiracy which says #GeorgeSoros has "puppets" in the European Parliament: (via @markduursma)

Where does this image come from? 👇👇👇 1/...
@JJansaSDS @markduursma We upload the image to #TinEye, a search engine which looks for the oldest version of an image online. 2/...
@JJansaSDS @markduursma A file named 'soros.puppets.jpg' was posted on a blog called 'eunmask' in 2019.

With Google we search on this site for "soros" and find the picture on this page:… 3/...
Read 11 tweets
History #OSINT

Services for fact checking (e.g the authenticity of photos) and gathering information about events that took place several years or even decades ago.

(this is not a complete guide, just some examples)



To find out what a certain place looked like in different periods, try searching for pictures of it on a map at There you can find pictures and drawings (!) from 1826 to 2000.

(Keep in mind that the data from that site needs to be verified, too).

Don't forget that on Google Maps ( and Yandex Maps (, you can see panoramas of streets in a particular location for different years.
Read 4 tweets
🚨 JOB ALERT! Are you based in the Netherlands & interested in investigative journalism?
@LHreports is opening a reporting fellowship.
Join a team breaking major stories with Europe's biggest media…
We'd like to broaden the group of people coming into journalism & strongly encourage people from communities under-represented in the Dutch media to apply
We're not looking only for J-School grads. So coders, finance students, #OSINT enthusiasts, people with diverse languages. If you're curious & want to know whether your skills could be an asset in new forms of journalism, get in touch
Read 4 tweets
To answer this question, I will create a small thread🧵

#python #youtube #osint
1. Get a list of video URLs

pip install youtube_search

Create file

from youtube_search import YoutubeSearch
results = YoutubeSearch('osint', max_results=25).to_dict()
for v in results:
print('' + v['url_suffix'])
Look at the indentation in the picture above (this is important), replace "osint" with your keyword and run the script:

Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!