Week in OSINT #2023-40

Week in OSINT #2023-40

twitter domains osint conference health personal

As most regular readers have noticed by now, I started linking to people's social media profiles differently lately. Instead of linking to their Twitter account, I started providing multiple social media profiles where applicable. Wherever possible, I will be providing links to Twitter, Mastodon, LinkedIn and BlueSky. Since there isn't an icon for Bsky yet in FontAwesome, I'll be using a for that. That way, I am doing my share to make sure people can be found if X, or Twitter, decides to become a paid platform. Because I doubt that a lot of people will stay on there once that happens! Until then, it is time to share several of those social media profiles in these topics:

  • Back to Basics
  • Cached Tweets
  • Anonymous Twitter
  • OSMOSISCon
  • Suspicious Websites
  • Vicarious Trauma
  • OSINT Community

Media: Back to Basics

Once in a while people ask about the basics of OSINT, or how they need 'to do it'. That's a rather difficult question, but Gary Ruddell [ ] made an awesome video about one of the most important parts of it: The intelligence cycle. In a short video, he covers the different steps within the 'Intelligence Cycle'. He explains clearly what happens within each step, and how you apply it to your work.

Link: https://www.youtube.com/watch?v=B2wRbotog-Y

Tutorial: Cached Tweets

With X, formerly known as Twitter, it is getting slightly harder to view everything that someone posted. If you don't have an account, you are constantly stopped by a login screen. But Griffin, known as the 'hatless1der' [ ], wrote a tutorial about how to use Google's cached pages to view tweets.

Viewing cached tweets with Google
Viewing cached tweets with Google

Link: https://hatless1der.com/...

Tip: Anonymous Twitter

Reading the article above, got me thinking about how I view Twitter profiles when I don't want to be logged in. Because there is another way by using one of the many search engine bots User-Agents. Google would be one of my preferred ones to use, but I didn't get them to work with Twitter. Probably they are blocked since they don't originate from one of the official IP addresses. But using a Bing crawler as a User-Agent, gives me a mobile view, and unrestricted views of an account. Simply go to your favourite UserAgent switcher add-on or extension, and add the following one:

Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/

It does not look like the desktop version, and it seems to be sorted by the most popular tweet, but when you need to scrape Tweets or profiles, in an automated manner, the layout doesn't really matter. So go out there, and test some other crawlers that you could use for this and have fun!

Viewing Twitter/X without being logged in
Viewing Twitter/X without being logged in

Event: OSMOSISCon

In less than a week the ninth OSMOSISCon will be held in New Orleans, and I suspect it will be another great conference. With speakers like Ritu Gill [ ] and Chris Poulter [ ] flying in, and with Cynthia Hetherington [] as host, the attendees will have an awesome time. And don't forget the line-up over at the 'Bits & Bytes' speed networking talks too! Because some amazing people will be there to talk about several topics from the field of OSINT.

OSMOSISCon invites you

Link: https://l.osmosisinstitute.org/...

Event: Suspicious Websites

Later this month, over at SANS, Steven Harris [ ] will be talking about investigating suspicious websites. According to the intro he will be talking about topics like attribution, investigating infrastructure, translating content and more. No doubt he will also be diving in to the source code too, use analytics, reverse DNS, historical DNS records and archived pages and lots more! If you don't know how to research this, I highly recommend joining this webinar!

SANS Webcast with Nixintel
SANS Webcast with Nixintel

Link: https://www.sans.org/webcasts/...

Article: Vicarious Trauma

This blogpost was first shared on OSINTCurious in 2020, but Nico 'Dutch OSINT Guy' Dekens [] re-posted it last month over on his own website. And the post deserves to be shared again, and again. This is an extremely important article, and if you have read it before, I would suggest you read it again. With all the turmoil and conflicts in the world, and all the news articles and social media exposure, people are being confronted with the harsh reality every day.

Besides that, the researchers and journalists that are working day in, day out, on their latest stories, see way more violence in a few weeks or months, than a human should be able to see in a single lifetime. This exposure is unhealthy and will cause problems in the long run, and needs to be recognized. With this article in your mind, you can keep an eye on your colleagues. But even more important: Make sure there is room to talk, and to seek professional help if it is needed.

Link: https://www.dutchosintguy.com/post/...

Tip: OSINT Community

Over on Twitter/X the Quiztime [] crew is preparing to migrate to a different platform in the future. With all the recent developments of Twitter/X, and the rumour that it might become a paid platform, made us look for an alternative location in the future. Fiete Stegers [ ] decided to create a poll to ask the Quiztime audience what a good platform could be. If you want to leave your own input, you can fill in this Google form: https://forms.gle/8yYn84gWhaoKPGyz9.

But looking at the current social media landscape of OSINT practitioners, there are some big differences it seems. Where LinkedIn is well established, and mostly shares professional advice and solid tips, there are two other platforms worth mentioning. Of course there is Twitter/X, with the thousands of people sharing their insights and tips. And then there is Discord, where several servers host active community members sharing tips, tricks and tools.

And then we have Mastodon and Bluesky. A quick search by me this morning, the Monday this went live, Mastodon had 6 people using the hashtag #OSINT in the last two days. And when searching on Bluesky for #OSINT, it returns the last 30 posts for me, and that's it. There is one really great OSINT-feed by Ivan Silvestre [], but I have to admit I still have to get used to checking that one out. Do add this Bluesky OSINT feed to your account if you are looking for good content.

So where might Quiztime find a nice place to post their quizzes? There are people that would like a self-hosted platform, but that comes with a lot of responsibility and time to manage it. Bluesky and Mastodon might not yet be the place to land for now, but can be used to share the quizzes that are posted. Platforms that allow us to share a new quiz as a team, with multiple quiz creators, might be useful. Maybe LinkedIn? Substack, as a replacement for Wordpress or Medium? Or shall we maybe join a Discord server and see whether we can share quizzes there? Or set up our own?

And what about the rest of the OSINT community? Until now, Twitter/X has been the place to be. Not only to share information, but it was also an awesome platform for trolls and disinformation campaigns. The amount of information and intelligence that was created by researchers of the last decade, is huge! This platform has had its highs and lows, but it has had its use no matter what way you look at it. But, it is time for a change. There is no doubt about that.

FUNINT: This Week's Meme

With Halloween coming up in a bit, I decided to get in the mood already!

Every time you turn on your phone...
Every time you turn on your phone...

Have a good week and have a good search!

Previous Post Next Post