Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
nixintel - nixintel@bsky.social Profile picture
nixintel - nixintel@bsky.social
@nixintel
Steven Harris | OSINT & Cyber Security Specialist | Investigator | Teach OSINT @SANSInstitute | Ex @OSINTCurious | https://t.co/EGO8CWyA6H
Anson Kennedy Profile picture Elias Miller Profile picture Guilhem Dorandeu Profile picture 3 subscribed
Oct 17, 2023 16 tweets 5 min read
Despite the darkness and many fakes, I think it's possible to verify the hospital location in the #AlJazeera footage.

If correct, it tends to support the idea that the most likely cause of the explosion was a missile failure.

Here's what I've been able to verify so far: 1/n Image The full footage can be found here, in a broadcast from @ajmubasher:



2/n
Mar 9, 2023 10 tweets 2 min read
Thread continued from here 👇 Second impact of OSINT is it's ability to shift public confidence. The OSINT community is quick to expose Russian lies e..g. re: troop movements.

26/n
Mar 9, 2023 26 tweets 6 min read
"There's No Such Thing As Open Source Intelligence"

Apart from the clickbait title, what are the key takeaways from this article by a serving US Navy Intel officer?

The tone is very different to other recent military takes on #OSINT.

A thread (1/n)

tandfonline.com/doi/abs/10.108… The author argues that OSINT is distinct from other INT sources (SIGINT, HUMINT, IMINT etc) because it is defined by how accessible it is ("publicly available",) rather than the nature of the source (signals, human, images etc).

2/n
May 6, 2022 21 tweets 5 min read
BULLSHINT is alive and well.

If you have gaps in your intelligence picture, it is ok to say "I don't know" or "I need more data to form a conclusion".

It is never acceptable to fill the gaps with speculation and call it intelligence. 🧵 1/ All forms of intelligence, including #OSINT, involve assessment, evaluation and analysis.

There are a few different models, but they mostly look somthing like this:

2/
Mar 22, 2022 18 tweets 4 min read
Another very different true story from intelligence history.

It's certainly the most disgusting act of intel gathering I've ever heard of.

Here's how poor opsec and the careless toilet habits of Soviet soldiers became a reliable source of intel for NATO in the Cold War... 1/ After WW2 Germany was divided into Allied and Russian occupation zones.

Mistrust and paranoia between the two sides was rife and each was afraid of the other side launching a surprise attack on the other... 2/
Mar 21, 2022 5 tweets 2 min read
I've been reading up on the history of OSINT recently (although it wasn't always called "OSINT" of course...).

I found an interesting early example of image-based intelligence going back to WW2.

These days we'd call it "crowdsourced"... 1/ In 1942 the allies were struggling for reliable images of locations in Nazi-occupied Europe. These were needed to plan bombing raids and operations like D-Day.

The allies had reconnaissance planes, but they were limited by range and weather, and were often shot down. 2/
Feb 22, 2022 9 tweets 2 min read
Reality check on why sanctions on Russia will also have a detrimental impact on the West:

telegraph.co.uk/business/2022/…

(behind paywall, so summarised below)... 1) Russia has its own digital payment system, Mir, which will mitigate the economic impact of removal from SWIFT.

2) Note that Russia would regard SWIFT removal as equivalent to a declaration of war in the event it was implemented: nytimes.com/2022/01/31/us/…
Oct 4, 2021 12 tweets 6 min read
Last week a key ransomware threat actor was arrested in Kiev, Ukraine.

I wondered if it was possible to do a little geolocation and find out where he was living the high life.

The source video is the official release from the Ukranian Police:

Using YouTube-dl to download the video and FFMPEG to split into a series of stills makes finding clues a little easier.

(Guide here: nixintel.info/osint-tools/us…)

You can also use Frame-by-Frame to do this in your browser (HT @salaheldinaz)

watchframebyframe.com/watch/yt/I20fa…
Jul 24, 2020 5 tweets 1 min read
[THREAD] OSINT/Opsec tip:

Twitter accounts list profiles that they are following / followed by in chronological order.

The first few accounts that a Twitter user chooses to follow offer a great insight into who the account might belong to. So if I want to know who might be associated to a Twitter account, looking at the fist 5-10 accounts they chose to follow offer more insights than, say, the 500th account they chose to follow.
May 29, 2020 7 tweets 4 min read
THREAD: #Geolocation of images taken indoors is infinitely more difficult than geolocating those taken outside, but there are still some resources that can help. Time for some real #OSINT nerdery looking at how plug sockets can help with geolocating an indoor image... There are 14 different types of plug socket in use around the world. They are categorised from A to N:
Feb 28, 2020 12 tweets 7 min read
THREAD: This evening's disturbances at #Paris Gare de Lyon show the importance of acting quickly to gather real-time #OSINT information.

There are lots of resources for doing this, but Snapchat Map is one of the most useful:

map.snapchat.com 2) Snapchat Map displays near-live time videos that are all geotagged and which can be accessed without the Snapchat app via a web browser.

Here's #Paris about 20 mins ago. Hotspots indicate a lot of uploads: