Discover and read the best of Twitter Threads about #osint

Most recents (24)

(1/3) The list of operators for running even more precise search on Twitter
• filter:replies (include replies to tweets in the results)
• filter:nativeretweets (include Retweets in the results)
#twitter #osint
(2/3)
• filter:follows (include Tweets from people you follow?)
• filter:likes (include "<user> liked this tweet" notifications in the results)
#twitter #osint
(3/3)
• filter:images (include Tweets with images in the results)
• filter:videos (include Tweets with videos in the results)
#twitter #osint
Read 4 tweets
We’re still looking for this place in Iran. We found some clues that convicted fugitive was in Teheran. And Kish. Now @bellingcat @Timmi_Allen made from Instagram-video this still image. Does anyone recognize where this is? (2/2) #osint #digitasherlock #digitalsherlocks
Technically, this place can be ANYWHERE in the world. So look at details on the photo.
I am starting to doubt Iran as country of origin. Look at the bin. I could't find bins with that color in Iran. Maybe I am wrong. But if not, does anyone recognise this bin color in his own country? (5/5)
Read 4 tweets
[#OSINT] You can use Twint to find indirect relationships between users. By matching the “conversation_id” to multiple queries, you can discover more insight.
For example, let’s say you’re trying to find violent users on Twitter that are threatening an influencer. Twitter only limits you to search for “influencer name” + “violent keyword”. Using Twint, you can search for all “violent keywords” and then match it to influencer mentions
You can also mine replies within Twint. It’s not in the Wiki, but adding “c.To =“ to your python module will allow you to pull tweets sent “to” someone. By finding the accounts that most mention said influencer, you can take this a a step further
Read 5 tweets
So finally got to the newest #Hamilton68 wordclouds. A few interesting things to note. First up the subset of #hamilton68 twitter troll accounts focused on US politics. This is 62k tweets from between Feb 27th through Mar 2nd. #infosec #disinfo #osint #psyops
These #Hamilton68 accounts were promoting #cpac2019, not surprisingly the controversy surrounding #IlhanOmar and a couple interesting smaller new hashtags #the200 and #themighty200 that I will discuss later in the thread. Also of note is the minimal attention to Tulsi Gabbard.
Looking at the #Hamilton68 subset of accounts focused on Russian geopolitics the conflict in Venezuela (#HandsOffVenezuela) was featured and new was the conflict between India and Pakistan. The #integrityinitiative continued to be a focus and again Tulsi was not that prominent
Read 16 tweets
.@OPCW just released its final report on the April 7, 2018 chemical attack on Douma: opcw.org/sites/default/… Thread to follow
FFM concluded that info collected “provide reasonable grounds that the use of a toxic chemical as a weapon took place. This toxic chemical contained reactive chlorine. The toxic chemical was likely molecular chlorine.”
Bottom line: the @OPCW report confirms the open source reporting by @VDC_Research @snhr @UOSSM @bellingcat @ForensicArchi on the chlorine attacks on Douma on April 7
Read 24 tweets
A few wks ago new words in the wordclouds of our domestic subset of #Hamilton68 Russian sympathizer accnts appeared on the topic of abortion. President Trump has been bleeding support among evangelicals & campaigns #walkaway & #buildthewall have proved ineffective #infosec #osint
It makes sense the #GOP would go back 2 their time tested political issue of abortion. And in this case push the most emotionally charged fringe like late-term abortions. The #Hamilton68 subset focused on Russian geopolitics showed a steady uptick around the topic #infosec #osint
We also looked at another #Hamilton68 subset that focuses on US Politics and contains a high level foreign sourced accounts & saw the same thing. This subset showed a dramatic increase in terms like abortion and late-term abortion. Something we've not seen before #infosec #osint
Read 8 tweets
[#OSINT] Want to pull construction data for any US city?

Introducing Platypus- Leverage @MapQuest API to collect OSINT for travel awareness. There’s a free API key, too!

A special thanks to @noneprivacy for dev

github.com/pielco11/platy…
Use the provided coordinates to plot on your MyMap.

jakecreps.com/mymaps
More features to follow!
Read 4 tweets
Last wk we noticed that an entire subset of our #Hamilton68 accounts had been suspended in mass. We have seen suspended accounts from time to time but not a whole set. To be clear these were bot accnts so it made sense they would all get suspended at once. #infosec #osint
We determined from our archive that they were mostly suspended around January 26th and this was the last tweet in our archive. #infosec #hamilton68 #osint
Some searching on Twitter & we found that our fellow bothunters @conspirator0 & @ZellaQuixote had already put out this excellent thread on Jan 24th outing most of the accounts in this small botnet. I apologize 4 missing it at the time #infosec #hamilton68
Read 13 tweets
🇻🇪 CIA weapons shipment destined for #Venezuela|n rebels?
That's what the authorities are saying.
O/C that would be completely out of character... 🙄

While @CalibreObscura is pouring over the pictures of the guns, I'm way more interested in the plane!

valenciainforma.obolog.es/operacion-gnb-…
🇺🇸 American-registered N881YV (ICAO:AC23C6) is a Boeing 767 Cargo plane (no windows) operated by 21 Air, LLC. The company was registered in 2014 to fly cargo from Orlando to Miami with two planes.

Two? How do you run a cargo company with 2 planes?

flightradar24.com/data/aircraft/…
That's okay, don't be worried about their business; they're super busy, and do not just fly the Miami-Orlando cargo circuit as documented; they fly all over! They're into wet leasing. What's wet leasing?
Read 61 tweets
1. Not Dead Yet: Our own @NicheIntel and @Intel_Prof use #FacialRecognition app @Betaface and voice comparisons to examine the rumours Abu Rofiq of #MalhamaTactical faked his own death in February of 2017.

We discuss some of the interesting findings here.
#OSINT
2. On Feb 7th 2017 Malhama Tactical announced that its leader Abu Rofiq had been killed in a Russian airstrike on his apartment in #Idlib, Syria. A report by @ForeignPolicy entitled The Blackwater of Jihad, countered that Abu Rofiq was not present at the time; per a local source.
3. After almost a year absent on social media, Malhama introduced Abu Salman Belarus as its "new" leader. Since then, there have been rumours that Rofiq faked his death. The biggest deterrent to testing the rumours were the lengths Abu Salman went to in masking his identity.
Read 9 tweets
Finally we are able to analyze the most common URL use from a subset of #Hamilton68 accounts. Many many thanks to @Saill for all the scripting work on this. We now have a ton of additional data that can be analyzed. #infosec #opsec #osint
This is the top 25 URLs used by the #Hamilton68 subset of accnts focused on Russian Geopolitics. The most recent 3000 tweets from each of 125 accts were analyzed. 375000 tweets total. Fairly expected results & shows the prominence of Youtube & Facebook use. #infosec #opsec #osint
Further down the list in top 35-56 range revealed more interesting sites being used by these accnts. Ria(.)ru is a fairly new Russian media site housed at the same location as the Russian IRA troll farm. Stalkerzone is well known disinfo site #infosec #opsec #osint #hamilton68
Read 5 tweets
1/ Who am I?

I'm a #CVE researcher who studies the process of radicalization, social groups, and movements. In short, I look for ways to prevent people like the #CovingtonBoys from swiping even further right & endorsing white nationalism, ethnic separatism, or dom. terrorism.
2/ On Twitter, I identify as a “#ProudBoys Whisperer,” a tongue in cheek reference to the ethnographic fieldwork I do. This work involves many conversations like the one below.

3/ I also look for ways to help men and women innoculate themselves from falling down the #antifeminist/anti-#SJW /conspiratorial rabbit hole.
Read 24 tweets
Just before Christmas we looked at #Hamilton68 accounts who focus on Russian geopolitics and how they were stoking the #giletsjaunes conflict in France. We noticed a new hashtag #integrityinitiative (red arrow) .. #infosec #osint #opsec
We didn't think much about this over the holidays but revisited it in early January 2019. Turns out the the #integrityinitiative had become even more prominent and prompted additional research .. #infosec #osint #opsec
We did a hoaxy analysis of the #integrityinitiative hashtag on January 5th and noticed two major nodes of well-known #Hamilton68 accounts .. @Ian56789 and @ShoebridgeC ... #infosec #osint #opsec
Read 10 tweets
A fascinating thread ...dont think 4 a minute that the only propaganda / misinformation campaigns come from Russia ... there are plenty of domestic operations going on right now. In this case a Wall Street Hedge Fund manager posing as a #Bernie2020 acolyte
As @HoarseWisperer alertly posted, this Hedge Fund manager is running a disinfo / troll campaign against @ewarren and her supporters. If ur reasonably intelligent, I think you can figure out why a wallstreet Hedge Fund manager might be behind promoting #Bernie2020 #infosec
No idea right now how much of the "we want Bernie" tweets to @ewarren are from trolls, cyborgs and bots. Guessing like ourselves lots of other groups are scrambling to collect the data for analysis. #infosec #opsec #osint
Read 8 tweets
The alt-right is in an interesting quandary. They want 2 argue #projectbirmingham, a small social media disinfo experiment by a handful of Dem activists affected the outcome in Alabama Senate race ...but not social media disinfo efforts by Russia, a nation state in 2016? #psyops
Some background on #projectbirmingham .... if everything from the original NYT story is true about this domestic disinfo campaign against #RoyMoore then yes I am against this as much as I am against what Russia did in the 2016 elections. #infosec #ALsen
NEW: This is a strong denial from the New Knowledge CEO Jonathan Morgan, including the part about the creation of fake Cyrillic Russian bots ... so someone has some explaining to do #ProjectBirmingham #infosec
Read 11 tweets
(1/10) #OSINT #thread
✉️🔎💥
E-Reveal: #Reveal email addresses on #LinkedIn Profiles! chrome.google.com/webstore/detai…

? HOW DOES IT WORK?

When you visit a LinkedIn profile, the #chrome extension will (explained in tweets below 👇🏻)
(2/10)
Pull the person's name and company from the page
(3/10)
Convert the company name into a domain via Clearbit's [free autocomplete api](clearbit.com/docs#autocompl…)
Read 10 tweets
🔐 #OSINT Thread 🔓
——————————————————
(1/6) LINKEDIN 🔎 OPERATORS: TIP SHEET by @braingain 🛠
——————————————————
#osint #research #linkedin #search #boolean #tips 👇🏻🔥
(2/6)
headline:
skills:
spokenlanguage:
(3/6)
startyear:
endyear:
geo:
title:
Read 7 tweets
(6/1) #OSINT #Thread This thread is including the most valuable #GoogleDorks that you might find useful while searching for #Trello public boards. Enjoy and let me know if am miss any of them! #research #hacking #tips #tricks
(6/2)

site:trello.com intext:@gmail.com
(6/3)

site:trello.com intext:accesskey
Read 7 tweets
We at @Bellingcat are often asked how one can help with #OSINT research. Well, here's a good example where geolocation and time determination is needed of 4 images, allegedly taken in Crimea. It would foster the investigative work of @houpaciosel. Context in thread below 👇
The person in the photos is Andrej Babiš Jr (35), son of Czech Prime Minister @AndrejBabis who's facing a political crisis after his son said he'd been kidnapped in Crimea to stop him giving evidence in a fraud case against his father. More context: bbc.com/news/world-eur….
The Czech PM denies that his son was kidnapped, and these 4 photos are used as a proof that his son and his companion (with hat) were voluntarily in Crimea during the Fall of 2017. Geolocation and time determination of these photos could shed a light on facts and/or fiction.
Read 33 tweets
Não deu pra ir no #codabr18? Foi, mas queria mesmo era se clonar pra ver as muitas atividades simultâneas? A gente reuniu quase 40 apresentações e recursos didáticos usados nas mesas, bootcamps e workshops! Conhecimento bom é conhecimento aberto! #ddj escoladedados.org/2018/11/21/apr…
Vamos revisitar aos poucos as apresentações do #CodaBr18 :

Na abertura, o @albertocairo abordou a democratização da visualização de dados, falando de sua busca para que esta prática se torne uma linguagem universal 🌐

drive.google.com/file/d/1PrDaDB…
@viegasf falou de suas pesquisas sobre inteligência artificial, #dataviz e inovação no Google. Aqui, você confere a oficina que ela deu sobre Interpretação e Fairness em Machine Learning

bit.ly/mlfairness-coda
Read 37 tweets
Given that a common modus operandi for Russian influencer #Hamilton68 accnts is to sow division & weaken US groups & political parties, the upcoming speaker of the House election & whether Rep. Nancy Pelosi would again get the nod seemed like an obvious target. #infosec #osint
Searching our archived tweet data on about 350 #Hamilton68 accounts, sure enough these accounts had been injecting themselves into the debate on the upcoming Pelosi election. One particular tweet to a simple thegatewaypundit.com article caught our eye.
Displayed here are some example Tweets pushing this simple video posting. What is displayed here are not necessarily verified #Hamilton68 accounts, many are just activist accounts. #infosec #osint
Read 9 tweets
Great example of how geolocation and crowdsourcing works to assist investigations. @EmmanuelFreuden needed a video geolocated of buildings that had been burnt - hints were it was Kumbo in Cameroon. The following is how it was found. #Geolocation #OSINT Thread 1/👇
2/ There were direct clues in this video, which @Sector035 picked up a location for, in conjunction with tipoffs from @EmmanuelFreuden - they were tong structure, red roof, concrete square structure, long building and a light coloured roof. goo.gl/maps/h41Bn9zz1…
3/ In the video, we are also able to identify "GPS Bookstore". Plug that into Google and you get this result. camerlex.com/kumbo-gps-book… - It says "Squars" or Squares - an area in Kumbo.
Read 15 tweets
Just found an unlisted Pastebin shared by @James_inthe_box listing 124 #lokibot URLs. Pastebin.com/SyeXWqQE #osint
If you want to learn more about LokiBot, check out this write up. threatfabric.com/blogs/lokibot_… #malware
If you want to learn more about my method of finding unlisted Pastebin pages, read here. jakecreps.com/2018/10/10/osi… #osint
Read 3 tweets
Two days ago, Turkish sources revealed that Saudi Arabia dispatched a "clean up" team to Istanbul to cover up evidence of Jamal's murder. One of the members of this team were named as "chemist" Ahmed Abdulaziz Al Janoubi. Here's some #OSINT information about him.
On the 1st of October 2018 (one day before Jamal's murder), the Saudi forensics directorate posted about an event celebrating recent promotions within the department of forensics. They tweeted a thread with names & photos:
"Ahmad Abdulaziz Al Janoubi" is named as one of those recent promotions. He's seen in the picture here (left) and his name is listed. He's described in Arabic as "عميد" (corresponding to a Brigadier-General).
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!