Week in OSINT #2022-44

This week I've got a lengthy episode for you, with a lot of topics, and I dive into Mastodon!

Within the realm of social media, there's a lot going on. Twitter is dominating the news, not really in a positive way, but also Mastodon is getting more and more popular. These shifts happen once in a while, so it's important to stay up to date and check what kind of information can be derived from new, or upcoming platforms. In this weekly episode I make a little start, by giving you some basic pointers, that might help you understand Mastodon a little better. But of course there's more:

  • Backmoji
  • Threat Intel
  • Clean Images
  • Geolocation Cheat Sheet
  • Genealogy
  • Mastodon Intro
  • Mastodon for OSINT

Site: Backmoji

Griffin wrote an article on how to retrieve previous versions of a Snapchat Bitmoji. He found out that by simply changing the URL where the Bitmoji is stored, he can retrieve previous versions. And right after that Micah Hoffman fired up his notepad, VSCodium, PyCharm or whatever he uses, and created 'Backmoji', a page where you can quickly retrieve an overview of all previous versions.

Finding previous versions of Bitmoji's
Finding previous versions of Bitmoji's

Article: https://hatless1der.com/...

Backmoji: https://backmoji.osint.ninja

Links: Threat Intel

Last week Start.me shared a large list of links, this time targeting the realm of cyber threat intelligence. This page contains sites, reports and news items from a lot of different threat intel companies, and contains a wealth of information. A lot of information within this line of work contains open source information, and I love to learn from other disciplines to enhance my own game. Thank you Rahmat Nurfauzi for collecting these resources!

Sites and news on threat intelligence
Sites and news on threat intelligence

Link: https://start.me/p/wMrA5z/cyber-threat-intelligence

Tutorial: Clean Images

Steven 'nixintel' Harris has written another great blog post on a geolocation challenge. This time he shows us that with the use of online tools, it is possible to clean up pictures and enhance search results by reverse images searches. He then continues to explain how he answered the other questions, and you get a good look at all the processes involved when dealing with open source investigations in general.

Cleaned up Cleaned up
Original Original
Comparison before and after using https://cleanup.pictures

Link: https://nixintel.info/osint/...

Tutorial: Geolocation Cheat Sheet

The SEINT has been busy again! Last time, back in issue 2022-42, I shared a geolocation cheat sheet. And this time, he releases the second one, aimed at pivot points you might be able to find inside a location. It contains lots of different things to think about, from cellphones and clothes, to toys and TV's. An amazing job, creating another great cheat sheet. Thank you for sharing these with the community!

Another geolocaton cheatsheet with useful tips
Another geolocaton cheatsheet with useful tips

Link: https://github.com/seintpl/osint

Media: Genealogy

Last week I listened to an episode of Science Vs, a podcast that is all about science, fact checking, and scientifically interesting stories. The episode that aired on October 20 is called "The Mystery of the Man Who Died Twice". It dives into the story of how genealogy, together with the DNA databases over at GEDmatch, solved a mysterious case that baffled the police. This story shows the power of genealogy, and I highly recommend listening to this episode.

Listen to the episode on Spotify

Link: https://pod.link/1051557000

Episode: https://pod.link/1051557000/episode/...

Tip: Mastodon Intro

With the current dumpster fire that is going on over at Twitter, a lot of people have exclaimed they would transfer to Mastodon. This social media platform has been around for some years, and is slightly different from Twitter, in the way that it uses decentralized platforms. It is possible to run your own server, called an 'instance', or find one that suits your needs, and create a profile. Messages, called 'toots', can be shared locally or public, by having them shared with other servers. The platform communicates via the ActivityPub standard, and can be used to communicate with other platforms using the same standard, like PeerTube, PixelFed or WriteFreely. With this social media platform, there's quite a bit of new terminology, so here is a small list of terms to remember:

Term Meaning
ActivityPub The open and decentralized protocol designed for social networks. It has options to create, edit or delete content and has server-to-server communications for so called 'federation'.
Boost Mastodon's term for re-sharing a message. It is comparable to Twitter's retweet function.
Federation Federated servers within Mastodon are servers that communicate with each other. Content from one server can be seen, shared or interacted with from other servers that are 'federated'. It can be seen as a network of trusted third party instances.
Fediverse The term for the network of connected instances, that communicate with each other.
Instance Server that is running a Mastodon server. There are thousands of different servers out there, each with their own community, agenda, ideology et cetera.
Toot A message posted on Mastodon, usually up to 500 characters long.
Username It is possible to have multiple accounts on different servers. The way a username is shown is like this: @[Username]@[MastodonInstance.Domain]. This does make it somewhat challenging when looking for someone if they have a generic username.

And with that, let's dive into som tips when you are searching on Mastodon for content of people!

Tip: Mastodon for OSINT

On (probably) most public servers, that are part of the large 'fediverse', for instance Mastodon.social, it is easy to search for content. This can be content on that particular server, or on the federated ones, thus giving you the option to quickly find accounts. And you don't even need to be logged in for this, but when you do have an account, it will give you some more options. Do search via other instances too, like Mastodon.online, since it may give you some extra results.

Searching for topics or tags
Searching for topics or tags

If you are looking for specific groups, people with certain ideas or ideology, then it may be a good idea to check out whether there are any instances of interest. Some servers that provide lists, or even a search option:

There are far more instances though, and searching them is a painstaking job, but with some creative searching it will be possible to find interesting servers.

If you still can't find something, then I do also want to point you out to the list with servers that are not federated over at Mastodon.social. This list contains servers that share content they do not want to show up in the public timeline, and can be found here, under 'Moderated servers'. Looking at the names of some instances, where some parts even have been redacted, I think this list is a great place to check out. Thanks Sinwindie for pointing this out to me!

Another list of banned or blocked instances, where some have sensitive of extreme content, can be found over here on GitHub. Some of these are offline now, but is possible to check what other instances they communicate with, using a specific API endpoint. It is called a list of 'peers'. And if the server still runs Mastodon, the peers can be retrieved by simply going over to the server and query the following API endpoint:

{mastodon instance}/api/v1/instance/peers

In case you are looking for another curated list of instances, that mostly overlap with the public list of peers of Mastodon.social, check out this list with close to 9000 fediverse instances. This also contains other ActivityPub platforms, like PeerTube, Misskey, Owncast and more.

There is a lot of information freely available, and searching within federated instances is quite easy. Diving into platforms that are more private, might give some extra challenges, where finding the correct platform might be the most difficult part. But with the current situation over on Twitter, I do think it is important to start looking at these decentralized social media a lot more, start learning how they work, and look at new innovative ways to investigate them.

Have a good week and have a good search!

Previous Post Next Post