I'm in dire need of a little break from this newsletter, like every year around this time. But don't worry, there's a lot of great content out there that will keep you, as readers of this newsletter, busy for quite a while. So while I'm taking some time to relax, create a bunch of presentations for future events, do some research, create a bunch of content for this website, and maybe still try to relax a bit more, I'll leave you with the following content for the upcoming period to check out:
Christina Lekati wrote an article on observation skills, and how to use them during investigations and analysis. The title of the article is a nod towards one of the greatest fictional detectives of all time, and the article refers to Sherlock Holmes multiple times. It explains how reaching conclusions, or most probable hypotheses, based on observation, reasoning and inferring can help an investigation.
New blog post! 📢— Christina Lekati 》@ DEF CON SEVillage (@ChristinaLekati) August 1, 2021
How can you better employ observation and inference skills in your investigative and #intelligenceanalysis processes?
And oh my, there are still a few things to learn from Sherlock Holmes' eloquent reasoning!#OSINT #investigationhttps://t.co/qrwi8jeq8E
Benjamin Strick is director of investigations over at the Centre for Information Resilience, where they fight disinformation. In their latest article, they dive into the narrative of pro-China propaganda that has been pushed on Twitter, Facebook, Instagram and other platforms. They found topics about Covid-19, human rights, Hong Kong and many other topics that are hitting the news constantly, and documented their findings in a graphics filled, 80-page report, that is well worth the read.
A coordinated network of accounts is using major social platforms to deny human rights abuses, distort narratives on significant issues and elevate China’s reputation.— Benjamin Strick (@BenDoBrown) August 5, 2021
This is a thread of what we found & how we found it. Full report @Cen4infoRes: https://t.co/L04sU95LLv
Over at Maltego, they've created a new integration and this time it's all about malicious URL's. This free transform enables you to find information on IP addresses and domains, but also on URL's, DNS names and hashes. The integration of Abuse.ch's service URLhaus is a great addition to the already existing transforms within the threat intel providers that they already offered.
If you don't follow Ben Heubl yet, I'd suggest you do so. He has featured multiple times in my newsletter, and his Medium blog has lots of great content. This article talks about faked scientific papers that are out there, and he dives into some digital forensics, and analyses how they are created and by whom.
Exposed 🚨: Analysis into shady practices of #predatory #journal giant #OMICS reveals how they do it.— Ben H (@benheubl) August 3, 2021
Buying up brands, inventing Universities, creating hundreds of new online websites for journals brands, social media etc - all to scam academics#OSINThttps://t.co/hYFfnNykyx pic.twitter.com/S8ruo6vAyh
Last week during DEFCON 29 there was another Recon Village, where OSINT practitioners and social engineers come together. This year there was an abundance of awesome talks, ranging from OSINT to combat human trafficking, to detecting CobaltStrike command-on-control servers. The video's will probably be split into individual uploads by the org, but I've taken the liberty to create links that will direct you to each individual speaker within the daily streams, for your convenience!
Video 6 - Using OSINT to Combat Human Trafficking & Smuggling
Rae Baker has a lot of experience in OSINT within the field of humanitarian aid. She shares a fictional scenario to show how she applies her knowledge for this purpose.
Video 7 - Hunting & Smashing Trolls on Twitter
Mauro Eldritch and Santiago Montaño have investigated Twitter bots, and talk about how they work, hot to spot and hunt them and what you can do about it.
Mishaal Khan shows how he uses his pentesting skills to 'hunt' down people. A different side of OSINT, to grab that much more information about people.
Video 6 - Domainsquatting with Different TLD's
Anthony Kava has an awesome talk, filled with funny images and cool music. He goes over government domains, the equivalents within other TLD's, and the security that comes with it.
A new episode has released on YouTube of The OSINT Bunker Podcast, where air_intel, DefenceGeek, skywatcherintel and Osinttechnical talk about the recent events within the world, like the Taliban in Afghanistan and the Iranian drone strike. If you're into this, then this podcast brought to you by the UK Defence Journal is one to subscribe to!
Link: The OSINT Bunker Podcast
The user meddiom collected some funny OSINT memes. Do you have any better ones? Do share them with the community!
Have a good week and have a good search!