The OSINT Newsletter - Issue #21
The latest and greatest in OSINT news, tools, tactics, and techniques
👋 Welcome to the 21st issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. I’ll also be sharing a few OSINT methods you can add to your toolkit, your application or script, or any of your open source intelligence needs.
🙏 I wanted to say thank you to all current and new subscribers of this newsletter. It would be difficult to stay motivated without you. The OSINT Newsletter has over 5900 subscribers and over 100 have upgraded their subscription already.
I also wanted to thank Trace Labs for allowing me to sponsor upcoming CTFs and helping the newsletter grow by sharing on their Discord server.
🚨 I’ll be rolling out a new feature of the newsletter in coming issues to help people with low or no budget get access to the paid version of the newsletter. Starting with issue #22, there will be geolocation challenges at the very beginning of each newsletter. The first person to correctly geolocate the image in the comments will receive 1 month of paid access to The OSINT Newsletter for free.
😅 Don’t worry if you’re not familiar with Substack’s UI or how to comment. I’ll be adding a button like the one below to make this process easy.
🪃 In case you missed last week’s issue, here’s a quick link.
Let’s get started. ⬇️
OSINT News
📰 Exploring Satellite OSINT Tools: A Deep Dive into Satellite Intelligence
Viktor OSINT writes a detailed guide about using satellite images for OSINT. He goes over different platforms available, techniques for advanced analysis, and advanced topics in geospatial research.
📰 Tracking Adversaries: Scattered Spider, the BlackCat affiliate
BushidoToken writes about tracking adversaries using a variety of open source data. From data leaks to publicly released IOCs to driver-similarity analysis, BushidoToken covers several advanced topics in threat intelligence in this blog post. An interesting case study you don’t want to miss.
📰 Flooded dams, submerged villages: Satellite pics show swollen rivers in Himachal
The OSINT team at India Today investigated the cause behind a recent dam breach by analyzing satellite imagery of swollen rivers caused by heavy rains. The flooding was obvious but the extent of the flooding and the specific problem areas were insightful and useful to those analyzing the extent of future flooding. Another case study worth reading.
📰 A New Tool Shows What War Has Done to Ukraine’s Forests
Bellingcat launched a new tool called the OSINT Forest Area Tracker to help analysts investigate the destruction of forested areas caused by the war in Ukraine. Using satellite imagery, Bellingcat is able to identify changes in forest cover from shelling, the presence of unexploded ordnance (UXO), and other means of deforestation.
Earth is losing enough forest as is; Bellingcat is doing great work raising awareness of this natural tragedy in Ukraine.
📰 Inside Countercloud: A Fully Autonomous AI Disinformation System
Countercloud is a disinformation experiment that costs less than $400 to set up.
Here’s how it works.
An AI on a cloud server constantly scans the internet for content. It uses a gatekeeper module to decide which content is worth targeting. For the chosen content, the AI writes a counter-article, attributes it to a fake journalist profile, and posts it on the CounterCloud website. It also generates fake comments and posts links to the articles on Twitter, along with user commentary, conspiracy theories, and hate speech.
OSINT Community
📺 Techniques for Finding Missing People: Xbox Live
Cody Bernardy shares an Xbox Live tool that helps find additional information about missing persons. In this example, Cody demonstrates how you can provide proof of life by analyzing the last login date of a person’s Xbox Live account.
🐦 Aaron Roberts shares an OSINT case study
In a 9-tweet thread, Aaron Roberts shares how his team identified a malicious actor operating in the eCrime space (selling accounts, user:pass, etc.). This easy-to-read case study shows how you can apply OSINT in real-world scenarios.
🐦 Henk Van Ess shares a mapping tool and dataset
Overture Maps Foundation is powering current and next-generation map products by creating reliable, easy-to-use, and interoperable open map data. They have advanced information on places, buildings, transportation methods, and more.
🐦 Sector035 highlights news about TweetDeck
A recent article on the Verge states that TweetDeck will likely become a feature under Twitter Blue. This would remove free access to the tool and force patrons to upgrade their subscriptions for access. This announcement comes with news that TweetDeck will be enhanced, but details remain vague.
🤖 OldTweetDeck gives you 2015 TweetDeck back
Soon after I saw the news Sector035 shared, I found a repository of an open-source browser extension that will return the original TweetDeck for users for free. This tool is a bit complicated to set up if you’re not familiar but is still beginner-friendly.
🐦 Cyber Detective shares a repository of OSINT tools for Discord
This toolset includes search engines, bot repositories, exploits, templates, and more. If you’re doing investigations into chat services, definitely give this a read.
🐦 Justin Seitz shares a new resource for dark web research
The Hunchly team released an archive of 6 years of historical Tor crawls and over 60 million rows of CSV data. This archive is completely free. 2,395 days of monitoring and over 440,000 host names. You don’t want to miss this.
🐦 Microsoft enables Python in Excel
Guido van Rossum, a distinguished engineer at Microsoft, shared the news that Python will now be supported in Excel. For all of the OSINT investigators who have workplace restrictions on terminal use, this could be great news for you. For admins trying to stop malicious scripts from running within Excel, good luck.
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
💡 2 OSINT methods for username and email
🔎 5 new OSINT tools (scripts and web apps)
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Stay tuned for the geolocation challenge in next week’s issue to get a shot at free access.
Keep reading with a 7-day free trial
Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.