Week in OSINT #2023-12

This episode turned into a geolocation and OverPass special, with a little extra topping of OpenAI's GPT!

Geolocation is a very important part of the OSINT landscape, and besides manual investigations, there are also tools that can help you. One of the most helpful tools, is OverPass Turbo. By querying the OpenStreetMaps API, it is possible to find locations in any location of the world. But the query language isn't really easy to master for me, but luckily there are some things that will help, as can be read in this episode of Week in OSINT!

• Finding Sherlock
• OverPass and GPT
• More OverPass and GPT
• Learning OverPass
• Poastal

---

Media: Finding Sherlock

Gary Ruddell is a cybersecurity professional from Schotland, and has posted a few OSINT based videos on YouTube. His latest video is about Sherlock, and I don't mean the video where he talks about the username tool. I mean the American series Elementary, the modern take on Sherlock Holmes. He shares his thought process while geolocating the rooftop of a video production company that is used a few times in this series. Great video if you want to learn a bit more about this subject, and also a good training idea to use tv-series or movies to practice your skills.

Link: https://youtu.be/VzUDFM3K4Sk

---

Tip: OverPass and GPT

The latest version of Chat GPT-4 has been dominating the news lately, and I also have been playing with GPT-4, as well as the Bing Chat. But John Wiseman found something really neat, and that is the use of GPT-4 to create useful OverPass Turbo queries. Just like him, I'm also not great at writing queries, so every bit of help is useful in this case. So if you have access to GPT-4, do give this a try! I did find out that with more complex queries, it had some issues filtering the correct 'amenities' though, but since the AI is constantly improving, and it is possible to edit the query, this isn't a huge issue.

Link: Twitter thread

---

Tool: More OverPass and GPT

Yes, there is even more to come. Because how would you like to connect GPT-3 to a custom web-app, that focusses on OverPass Turbo queries only? Well, Ben Strong did just that! He wrote a small Python script that queries the GPT-3 model, adds a fact or joke, and displays the result of the query on a small map. Sadly enough, my paid API trial finished end of last year, and I haven't connected any payment options, so I haven't tested it myself yet. But if you do have a paid account, and you are willing to dive into this, have a good understanding of how to install and configure it, then this is a great opportunity to play a bit more with OverPass!

Link: https://github.com/earth-genome/ChatGeoPT

Blog: https://link.medium.com/rm0nVEvAtyb

---

Tutorial: Learning OverPass

Do you want to know more about OverPass Turbo? Well, there is an older interactive tutorial, where you can learn how to write some basic queries. I have followed it, and I found it does require careful reading, and some basic knowledge about the query language will absolutely help. But it is absolutely something I suggest you check out if you want to learn some basics of the OverPass query language. Besides an interactive tutorial, they also have useful documentation with lots of examples.

Link: Tutorial

Link: Documentation

---

Tool: Poastal

Jake Creps has been busy going over all kinds of platforms, to check API responses. He started writing a little tool that will be able to tell you whether an email address is already registered for a certain platform or not. I was lucky enough to have a sneak peak over the weekend, so I could try it out, and it works as intended. The code is very rough, there are false negatives, and can absolutely be improved, but I really like the idea!

Link (when it goes public later on): https://github.com/jakecreps/poastal

---

FUNINT: OpSec and Cake

Jordan Wildon, the maker of Telepathy, shared his moment of embarrassment when it comes to OpSec. Well played Nick, well played...

---

Have a good week and have a good search!