Category: OSINT
-
Getting Data on Usernames
As an OSINT investigator, knowing a person’s usernames is like knowing their aliases. Oftentimes people reuse the same username, as an alternate ID, and this makes profiling and data gather a bit easier. One caveat, a user may use a username shared by others, but if it’s very specific then there’s less chance of pollution.…
-
Getting Info on Gmail Accounts
A lot of us balance privacy concerns vs. usability and in that regard some (maybe most?) are unaware of the data that can be obtained with their Gmail account. Gmail makes use of a Google identifier (Gaia ID), which stores publicly shared data. This data can be reviews, checkins, or various forms of geo tagging…
-
OSINT Toolkit
Developer dev-lu has created a web application called the “OSINT Toolkit.” While I feel the name is a mismatch to its functionality, this is still a very useful little application. With a tiny modification in the docker-compose.yml, it can be stood up on a server and used to investigate potential threats. It’s also very light-weight.…
-
Using WayBack Machine to Gain Access
Many years ago, a projected called “The Way Back Machine” (archive.org) was started. It was a simple concept, act as a search engine by indexing internet content, but do it by a timeline. This way, archive.org can show us what a website looked like 3 years ago, 5 years ago, 10 years ago and so…
-
Hunchly: OSINT Capturing Utility
Let me tell you about my favorite little browser extension: Hunchly. Hunchly is an extension that works in Chromium based browsers (Brave, Chrome, Chromium). Once added, you use the desktop app to setup a new case. Then in the browser extension, you pick the case you want to capture to. Once set, the browser extension…
-
OSINT: Sofia’s Exercise #3
In this exercise, Sr. Analyst Sofia Santos, asks us to name and give the location of an image. The image in question is one of two people (looks like people of importance) shaking hands. We’re even the headline for the photo, “Somalia President makes first International State visit to Turkey.” Reference to Sofia Santos’ Exercise…
-
Maltego: A Brief Intro
I had no idea the scope of power that Maltego brought to OSINT (open source intelligence), until recently. If you’re unfamiliar with the term OSINT, it is a process of passive data collection and analysis. Without using any active scans, or intrusions, data is collected instead from the public sector. “Couldn’t I just google it,”…
-
OSINT: Sofia’s Exercise 6
A very impressive Sr. OSINT analyst/investigator is Sofia Santos. She posts videos on Youtube about discovering truth about image and video data. She also manages a blog that has (among other things) OSINT exercises. Some, well most, of her exercises are very challenging. However, exercise #006 is tagged as “easy.” Check it out below, and…