Week in OSINT #2021-16

26th Apr 2021

Hello and welcome to another Monday with some articles and tips on OSINT. This time, by sheer coincidence, I have multiple articles that focus on geolocation.

Last week there were some articles shared online about geolocation, that always will have my interest. Some nice 3D modelling, using trees to figure out where a location is, and then there's the phenomenon called 'geographing'. Three completely different things, but they all can bu useful when it comes to geolocation. But of course I also have a few other things in this week's topics:

Spatial Reconstruction for Geolocation
Investigate a Crypto Scam During Lunchbreak
Tree Mapping
Geograph Germany
Email Investigation Reference
URL Redirects

Article: Spatial Reconstruction for Geolocation

This story has been shared a few times by different media in the last few weeks. But I particularly like this article, shared by Julia Bayer, that shows how reconstructing the area with tools like Blender can give a better insight in the area and can be used to verify findings. It shows how information about elevation, satellite imagery and an advanced 3D modelling tool can help verify a specific area.

Warning! The article contains disturbing content.

Mapping out the terrain during geolocation

Link: https://citizenevidence.org/2021/04/09/geolocation-mahibere-dego/

Article: Investigate a Crypto Scam During Lunchbreak

Ryan Foote was planning on having a lunch break, but decided to have a moment and dive into one of the many crypto scams out there. He shows the basic steps on how to investigate such scams using simple, free or low-cost online resources. He goes over how to connect the dots using urlscan.io, Shodan, favicon hashes and a lot more. Well worth the read!

Calculating a favicon hash

Link: https://link.medium.com/6knFfuvsGfb

Site: Tree Mapping

On the Searchlight Discord last week there were some links shared about open maps with tree location. These kind of maps can help immensely when it comes to geolocation. When there's a global idea of the area a photo or movie is shot, these kind of mapping services can help narrow down the area where you want to focus your searches. So take some time, explore the different maps and play around with the different filters they offer.

OpenTreeMap: http://opentreemap.github.io/

London: https://apps.london.gov.uk/street-trees

NYC: https://tree-map.nycgovparks.org/

Site: Geograph Germany

Another link that was shared on the Searchlight Discord, was the website of Geograph Germany. In Week in OSINT 2018–33 I already talked about the English version of such a project, and now there seems to be a German initiative. By dividing the country into small areas, and collecting photos from these locations they try to, and I quote: "collect geographically representative photographs and information for every square kilometre of Germany". Another awesome source when it comes to geolocation.

Link: https://geo-en.hlipp.de

UK: https://www.geograph.org.uk/

Tip: Email Investigation Reference

And Sinwindie is at it again with another awesome quick reference card for OSINT work. This time he created one for email investigations. He shows all the possible pivot points and steps you have to think of when diving into people when you have an email address.

I admittingly treat Emails a lot like Usernames when searching. I finally put together my #OSINT #exploitation chart for a quick reference of what standard steps I take to investigate Emails that come my way.

Keep in mind, not all emails will contain all data points. pic.twitter.com/QgvDKCZTRW
— Sin (@sinwindie) April 24, 2021

Link: https://twitter.com/sinwindie/status/1386030788978778115

Tip: URL Redirects

It's not uncommon for spam sites to redirect multiple times, before reaching the end. By redirecting via URL shorteners and multiple domains, the scammers are making it more difficult to be blocked on for instance social media by constantly changing the links they share. But there are three different services that offer assistance in this, all of them showing you the full path of all the redirects and what type of redirect is used.