Week in OSINT #2022-37
In this episode we talk about distressing content and drones, an interesting event and Instagram
Work kept me really busy last week, so I hardly had the time to finish this episode! Thank goodness I wake up early enough nowadays to spend some time going over all the interesting information everyone posts online. And this week I learned some new things again! For instance, that the new Instagram JSON information has changed in the recent few months. Yes, I actually kept a cheat sheet for myself, but what I wrote down there didn't match the current JSON output. Time to dive into all the additions and changes I guess. Another good reminder that all these social media platforms are constantly changing... Anyway, this week I have the following topics for you:
- OpSec and OSINT
- Distressing Content
- Drone Wars
- OSINT With Bombal
Event: OpSec and OSINT
SANS will be hosting another live stream later this month. The topic will be OpSec and OSINT, and will feature UnleashedOsint, thegumshoo, dutch_osintguy and d_mashburn. With these experts it will no doubt be an interesting stream to watch!
Link: https://www.youtube.com/watch?v=CsPd8q4YFUo
Article: Distressing Content
A few years ago Nico Dekens shared an important article on vicarious trauma. Last week Theo Baxter shared his own article on the topic. In the current climate, there's a lot of content that has an emotional impact on everyone, so it is great to see another article on this topic. There is a lot of overlap, but Theo shares some personal experiences that might help you too. He does state he isn't an expert on the field, but his personal tips and techniques are a great addition to Nico's earlier blog.
Link: https://link.medium.com/JtnjumHqntb
Site: Drone Wars
Over on Twitter, OSINT Jobs notified me about the website 'Drone Wars'. They contain lots of information on drones, mostly from the UK, how they are used, and they even have a drone crash database. The website is actually an anti-drone platform, but the information they gather, especially on crashed drones, could be useful in other investigations.
Link: https://dronewars.net/drone-crash-database/
Tip: Instagram
Some time ago Instagram changed the way you can view the metadata within an Instagram account. It used to be really easy to find info by simply adding the ?__a=1 behind a URL, but now one has to dive into the developer tools of the browser. Gonzo shared this information, and also a small script that can be used to view the information from within the command prompt. But there's more...
The following URL that you can find within the eveloper tools will give metadata on any post on Instagram:
https://i.instagram.com/api/v1/media/{decimal post ID}/info/Some interesting information that can be viewed, is mentioned here:
| Entity/section | Value |
|---|---|
| 0 - taken_at | Timestamp of creation of the media |
| 0 - created_at | Timestamp of IG post itself |
| media_id | This timestamp is an IG timestamp that needs to be converted. It looks like the time that within the IG app a new post was bing started. Converter can be found here |
| device_timestamp | Another timestamp, unknown format |
| pk | Information on comments |
| user | User information of poster |
| video_versions | URLs to different video formats |
To automate things, Gonzo shared a small Python script that will enable you to retrieve the user information. From there you can easily parse it to any tool you like.
Python script: https://gist.githubusercontent.com/GONZOsint/...
Media: OSINT With Bombal
Micah Hoffman was a guest at David Bombal again, and this time he talked about different platforms like Untapped and Strava. He also talks about some basic geolocation, GitHub and shows what you can do with Cyberchef. Another awesome video
Link: youtu.be/F6l2Bmh7Dq4
Have a good week and have a good search!
