Last week the Twitter account of Sarah Womer (UnleashedOSINT) went offline. The reason? She was pointing out right-winged accounts and companies active on Twitter, promoting their business. It seems that a mass report followed, and her account was permanently suspended. Then there's also the story of why three members of the Twitter Trust and Safety Council quit. Does free speech on Twitter means that more hateful accounts are being reinstated? Is this the end of Twitter as we knew it? I personally think so. But on the other hand, this will become the largest platform to keep track of, when looking at extremists. And the good thing is, we have had years of practice when it comes to OSINT. So it will be more than easy to find whatever we need on there!
Anyway, that is enough ranting in this last episode of 2022. Earlier this year I tried to come up with another end-of-the-year OSINT quiz, but I simply haven't had the time to finish one. So for the next few weeks, I will be checking out some interesting content on Mastodon (you can find me here by the way), or I will be very busy relaxing and enjoying the holidays!
Over on Mastodon Bashinho shared a tip about Zotero. This program is for saving and annotating information, and has a browser plugin for Firefox and Chrome. With a simple click of a button you can save pages, make notes, and save them offline. This way you can build a collection of locally stored web pages and quickly search through them. In his German video he also shows the export function, where he shows how to save a list of found resources to a CSV file. Thanks for this tip!
Steven 'Nixintel' Harris wrote a blog post about the 'AADInternals' tool, that was created by Dr. Nestori Syynimaa. The tool is used to administering Azure AD and Office 365, but for there is also an online tool to get a first glance at domains that are administered by a company. By simply searching on a domain name of interest, you can check whether they use Azure AD for their domains, which domains are managed or federated and what STS (Security Token Service) they use. From there, you can pivot for more information. Only the first 20 results are shown, but if you want to know more, then do install the AADInternals and run it directly within Powershell.
John McElhone spent some time looking at a photo of a new B-21 Raider, and came up with a nice idea. He wanted to try and find the location where the photo was taken, by looking at the constellations that are visible in the photo. By using Astrometry.net and Stellarium, and armed with some EXIF information, he managed to find and confirm the location where the photo was taken.
Link: Twitter thread
Sinwindie shared a nice tip on how you can still get some more insight into a locked Twitter account. By looking who is interacting with the account, or checking out archived or cached pages of a previously opened account, it is still possible to find more info. One extra tip: Within Google it is also possible to check the actual cache. It's a bit more hidden nowadays, but can be found by opening the little 'kebab menu' (the three vertical dots) and look for the option 'Cached'.
Zewen shared this tweet over on Discord. It's a 'golden oldie', but... This is just another great example of using open sources to solve a crime
Have a great holiday season and see you in 2023!