Week in OSINT #2023-04

Another tips about Telegram, diving into the dark web, and other interesting topics from the last week or so!

I have been dumpster diving for some interesting OSINT topics again, and actually chose to shorten it! I had a few more things that needed some extra testing, re-learning software I hadn't used in years, and a stubborn Jupyter Notebook that gave me some issues. But... That also means that I already have a little backlog of items, in case things dry up! For this week, I present the following topics:

  • Tips on Dark Web
  • ADS-B Exchange
  • Telegram Tip
  • Privacy Guides
  • Chronophoto

Article: Tips on Dark Web

Authentic8 recently wrote an article in which Michael James shared his knowledge about doing research on the dark web. Besides the article, Michael also featured in a podcast last year, that was shared on their site and on YouTube. In the podcast he talks about some basics about the dark web, gives some examples of previous investigations, but he also shares some very useful tips on staying safe while researching.

Dark web research tips with Michael James

Podcast: episode S1E16

YouTube: episode S1E16

Article: https://www.authentic8.com/blog/5-tips-osint-dark-web


Tip: ADS-B Exchange

A lot of people already read the story of ADS-B Exchange being sold to Jetnet. It could be that all the information will stay available for researchers, but in case things are changing, here are some alternatives, where most offer some free information going back several days to a few weeks.

Freedar is a completely free, live tracking site. It has global coverage, but doesn't have historical information for free. Do change the 'receiver' to 'world feed', to get global coverage though.

FlightAware has some free information, including history going back about 2 weeks. This might be enough for most people, and it is free.

OpenSky Network has an extremely large dataset of historical flights, and the open API is interesting for more tech-savvy people. An account is needed, but I did hear that they seem to have restricted the amount of information that they provide.

RadarBox also has some free information, including flights of given aircraft going back a week or so.

ADS-B.nl has free historical information too, but only on military or other government owned aircraft, like police helicopters.

Some other interesting links to transportation data, can be found on this GitHub page of 'atmdata': https://atmdata.github.io/sources

Besides the links mentioned above, people that capture ADS-B data opted to send the data to new platforms that are being created. One of these new alternatives is globe.adsb.fi. But undoubtedly more sites will follow in the coming weeks or months.


Tip: Telegram Tip

Last week I shared a tip on how to extract all the usernames within a Telegram export. Right away I received a question from Roman Höfner, asking whether it was possible to do something like that with a JSON based export, created by the Desktop version of Telegram. I took off and created another one-liner, using several standard tools, and where you only needs to install a nifty tool called jq. This could of course be solved by the use of a few lines of Python code, or any other program language of your choice. The result is this:

jq -r '.messages[] | "\"\(.from)\",\"\(.from_id[4:])\""' result.json | sort -u > output.csv
  • jq is a tool that can process JSON data
  • -r tells jq to use raw output
  • .messages tells jq to look in the JSON array of 'messages'
  • .from gives us the display names
  • .from_id[4:] gives the user id, stripping the first 4 characters ('user')
  • result.json is the input file
  • sort -u sorts the output, and only shows unique value pairs
Sorted result from an exported Telegram group chat
Sorted result from an exported Telegram group chat

This output is written to a file called output.csv and since I added double quotes in the output, it will be ready for your import. There are exports that seem to have a actors and actor_id. Only found that out just before publishing this episode, so just consider that your homework

Link: JQ Manual


Site: Privacy Guides

The following link was shared by Apex29989831 over on Twitter. The website Privacy Guides contains a lot of manuals, tips and overviews of tools, settings and general information on online privacy. The website is a treasure trove of information, and I strongly recommend anyone who is new to this topic to have a look at it.

Multiple guides on how to stay safe online
Multiple guides on how to stay safe online

Link: https://www.privacyguides.org


Site: Chronophoto

Twitter user waxy shared a nice online game, where you have to guess or estimate the year a specific photo was made. Besides geolocation, finding out when a photo was created can also be very useful. With this game you can test or train your skills, and it only takes a few minutes, unless you check every image with Google Lens of course. Thanks for sharing this link!

Guessing the year a photo was created
Guessing the year a photo was created

Link: https://www.chronophoto.app/game.html


FUNINT: AI OSINT

Twitter user Sander_2021 used Tome to create a presentation, after giving the AI engine the following sentence: "using AI to perform OSINT tasks".

Link: Twitter thread


Have a good week and have a good search!

Previous Post Next Post