Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Baptiste Robert Profile picture
Baptiste Robert
@fs0c131y
CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT
67 subscribers
Jan 19 9 tweets 4 min read
The IP address of DrugHub, a well-known dark web drug marketplace, has been exposed.

The website owner made a critical OPSEC blunder.

It's OPSEC time! On the website's /info/market-links page, three links are provided:
- The primary .onion address
- A clearnet link
- A permanent mirror Image
Jan 14 13 tweets 4 min read
Worried about a TikTok ban? Americans are now flocking to Xiaohongshu (REDnote), another Chinese app.

Spoiler: Yes, it tracks its users.

Time to dive in! ⬇️ Image When creating an account, you must verify your phone number by entering a code received via SMS.

The request sent to Xiaohongshu's server includes your phone number (of course), along with your IDFA and IDFV. Image
Image
Jan 10 17 tweets 8 min read
Only one country was represented at Kim Jong Un's New Year's Eve party. Can you guess which one?

At the Rungrado Stadium, Kim hosted a grand celebration. Before the fireworks, officials enjoyed a private party near the stadium

One attendee's face stood out 🕵️‍♂️

It’s OSINT time! South Korean media focused on a 2-second clip of Kim Yo Jong, Kim Jong Un's sister, seen publicly with what seemed to be her children for the first time.

But they missed something important 👀
Jan 8 27 tweets 10 min read
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.

They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.

It's OSINT time! 👇 Image The samples include tens of millions of location data points worldwide.

They cover sensitive locations like the White House, Kremlin, Vatican, military bases, and more.

Time to dig in! Image
Image
Image
Dec 28, 2024 11 tweets 5 min read
5 days ago, an Instagram account shared a video from North Korea with the caption: "A brave tourist secretly captures restricted views of downtown North Korea"

Can we geolocate this footage?

It's GEOINT time! I paused the video to screenshot this pink building. A quick Google Lens search reveals two matching photos of the location:
- alamyimages.fr/un-agent-de-po…
- flickr.com/photos/tobeyfo… Image
Image
Image
Image
Dec 23, 2024 14 tweets 8 min read
On Friday, December 20, 2024, the U.S. DOJ charged Rostislav Panev, a dual Russian-Israeli national, as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S.

It's OSINT time! Image You know the drill: with predictasearch.com and predictagraph.com, I traced and mapped Rostislav Panev's complete digital footprint.

Explore the graph here: predictagraph.com/graph/snapshot… Image
Oct 31, 2024 21 tweets 11 min read
Two days ago, @TheJusticeDept announced an international disruption effort against the current version of RedLine Infostealer.

It's #OSINT time! In the redacted complaint, Maxim Rudometov is identified as one of the developers of RedLine: justice.gov/usao-wdtx/medi…

Using Predicta Graph and #OSINT techniques, I’ve retraced each step taken by the @FBI. For full details, check out the complete graph!

predictagraph.com/graph/snapshot… Image
Oct 16, 2024 15 tweets 7 min read
Today, the famous hacker known as USDoD was arrested by the Brazilian police.

The FBI had a way to find his identity and home address since at least June 2022. I will show you how.

It's OSINT time! ⬇️ Let’s recap: On August 23, USDoD was doxxed by Crowdstrike.

Along with the @PredictaLabOff team and using predictagraph.com, we discovered two different OSINT methods to uncover USDoD’s real identity.

x.com/fs0c131y/statu…
Sep 17, 2024 14 tweets 4 min read
Few things about exploding communication pagers

Thread ⬇️ First off, it's still early, and reports are developing. Keep an eye on the news in the coming hours or days for more updates.

theguardian.com/world/2024/sep…
Sep 8, 2024 11 tweets 5 min read
Three days ago, the @FBI released photos of "GRU 29155 cyber operatives": five Russian military intelligence officers and one civilian.

It's #OSINT time! @FBI I zeroed in on Denis Igorevich Denisenko and, with the help of , mapped a portion of his digital footprint in just a few minutes.

Nothing groundbreaking, but I did uncover some interesting bits! beta.predictagraph.com

Image
Image
Aug 26, 2024 4 tweets 1 min read
On Linkedin, Jean-Michel Bernigaud, (OFMIN chief of staff) wrote

"At the heart of this case is the lack of moderation and cooperation from the platform [..] particularly in the fight against pedocriminality."

Ultimately, it's all about content moderation.
Image The legal showdown over this case will be monumental
Aug 25, 2024 20 tweets 8 min read
The woman who accompanied Pavel Durov on his journey that led to his arrest is Juli Vavilova

It's #OSINT time!
Image On August 21, Pavel Durov posted on his VK account:

"Telegram delegation visit to Azerbaijan

In Azerbaijan, Pavel Durov honed his target shooting skills and prepared for Formula 1."

The post was accompanied with 2 videos

Image
Aug 23, 2024 27 tweets 16 min read
Today, the famous hacker USDoD has been doxed by CrowdStrike.

You want to know how?

It's #OSINT time! First the recap. This morning @TecmundoDigita published an article based on a report from CrowdStrike received from an anonymous source.

"The likely leader of the USDoD group is a 33-year-old man named Luan BG who lives in Minas Gerais, Brazil"

tecmundo.com.br/seguranca/2885…
May 20, 2024 19 tweets 8 min read
The owner of the "Incognito Market" has been arrested. It's #OSINT time!

THREAD 1/n Today, the @FBI announced today the arrest of RUI-SIANG LIN, a/k/a “Ruisiang Lin,” a/k/a “林睿庠,” a/k/a “Pharoah,” a/k/a “faro,” in connection with his operation and ownership of “Incognito Market,” an online dark web narcotics marketplace

justice.gov/usao-sdny/pr/i…
Image
May 7, 2024 31 tweets 12 min read
The identity of the Lockbit leader has been revealed. It's #OSINT time!

THREAD 1/n Our starting point will be the specially designated nationals list. It gives 2 email adresses linked to Lockbitsupp:
- khoroshev1@icloud.com
- sitedev5@yandex.ru

src: ofac.treasury.gov/recent-actions…
Image
Feb 21, 2024 19 tweets 10 min read
Ivan Gennadievich Kondratyev, a.k.a. “Bassterlord” has been added to OFAC's SDN list

It gives us an email address. It's time for an investigation. THREAD ⬇️ ofac.treasury.gov/recent-actions…
Image Who is Bassterlord ?

According to Jon Di Maggio from @Analyst1:
- Bassterlord is a ransomware affiliate who runs his team, known as the National Hazard Agency. Originally, he was a junior. team member, but as time progressed, he moved up the ranks and is now its leader.

- Bassterlord partnered with at least four ransomware gangs: REvil, RansomEXX, Avadon and LockBit.

- Bassterlord is a Caucasian male around 27 years old, born, raised, and living in Lugansk, Ukraine. He operates on Russian underground forums under the monikers “Fisheye,” “Bassterlord,” “Buster,” and “National Hazard Agency,” which is also the name of his team.

analyst1.com/ransomware-dia…Image
Feb 19, 2024 18 tweets 10 min read
I found the blog of lengmo. Bro people will remembered your blog now

Image
Image The blog is .

A lot of archives are available lengmo.net
web.archive.org/web/2024000000…
Image
Feb 14, 2024 9 tweets 4 min read
Bon. Il faut qu’on parle du “hack” des 600k comptes de la CAF.

Encore une fois, tout et n’importe quoi a été dit. Résumons la situation ⬇️ Lundi 12 Février, le compte Twitter officiel du groupe lulzsec fr a publié le tweet suivant, suivi rapidement d’un autre tweet comportant une capture d’écran supplémentaire de la part d’un compte appelé kizarush

1. On remarque que ces 2 tweets n’ont pas particulièrement été relayés.

2. On voit 4 captures d’écrans, du tableau de bord de 4 comptes.

3. Dans le 2ème tweet, on voit un fichier texte flouté.Image
Image
Nov 30, 2023 13 tweets 3 min read
Thread sur les applis de messagerie

- Olvid est une bonne solution de messagerie pour des communications dans un cercle restreint, une communauté. Je connais la personne, j’échange mon QR code en présentiel avec lui et je démarre la discussion

1/n - Olvid n’a pas de serveur central permettant de retrouver qui à un compte sur Olvid. C’est une bonne chose en terme de vie privée

MAIS

C’est un frein immense en terme de vitalité.

2/n
Nov 21, 2023 6 tweets 1 min read
Les jeunes et plus largement la majorité de la population CONSOMME l’informatique.

Non “les jeunes” ne sont pas à l’aise avec l’informatique. Ils sont à l’aise sur l’utilisation des fonctionnalités les plus simples des 10 applications qu’ils utilisent au quotidien sur leur tél Plot twist: même certains “techniciens” ne comprennent plus comment “l’informatique” fonctionne.

Les outils évoluent avec le temps. Ils abstraient la complexité des systèmes. Résultat: le “technicien” n’a plus besoin de comprendre le système sous jacent
Jul 12, 2023 15 tweets 6 min read
1/n Hier soir en live sur Twitch, on a fait de la #GEOINT pour trouver la localisation exacte de cette image. C'est parti pour une nouvelle aventure ! 🧵 2/n Premier réflexe, on observe:
- On a un avion qui décolle sur la gauche
- 2 avions stationnés sur la droite
- Un parking avec un bord arrondi sur la gauche
- Ce qui semble être une tour de contrôle au milieu
- Un bâtiment avec une architecture particulière au centre