The OSINT Newsletter - Issue #23
The latest and greatest in OSINT news, tools, tactics, and techniques
π Welcome to the 23rd issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. My goal with this newsletter is to help promote the OSINT industry, develop better investigators, and raise awareness of ethical use cases for open source intelligence.
π Itβs unbelievable to think that The OSINT Newsletter already has over 6000 subscribers. When I relaunched the newsletter in March, I only had 2600 subscribers. Thank you for sticking with me and helping me grow this publication. The kind words from paid subscribers and the support from the community keep this thing alive.
π Geolocation challenge
In what city was this image taken? What are the specific coordinates?
The first person to click the βSolveβ button and provide the city gets 1 month of paid access to The OSINT Newsletter. The person with the closest coordinates to where the image was taken from will also get 1 month of paid access.
The solve button last issue didnβt work. It was supposed to lead you to the comment section of this newsletter. What people did instead was just reply to this email with their answer. Letβs do this moving forward.
Reply to this email with your answer and winners will be announced on Friday.
πͺ In case you missed recent newsletters, here are a few links to help you catch up.
Letβs get started. β¬οΈ
OSINT News
π° How to find the administrator of an Onion site
On Tor, Onion addresses have the folklore of being completely private, impossible to trace; however, by analyzing DNS traffic or looking for patterns in cryptocurrency transactions, you can easily identify the admin of an Onion site.
Read more on OSINT Ambitionβ¦
π° Geolocating Social Linksβ Co-Founder via OSINT techniques
There was a challenge by Ivan Shkvarun, the CEO of Social Links, to geolocate his exact location based on a photo. Ron Kaminsky was able to locate him and did a write up on exactly how he did it. He shares several tips and tricks for geolocation in this post that will make anyone a better investigator.
π° Geolocation and AI with StreetClip: introduction, country classification, and building a web interface
StreetClip is an open source geolocation model that classifies images by country with an accuracy of up to 91.96%. JeremyK writes about a script that can be used to classify images with StreeClip. The script takes an image as input and outputs a list of countries with associated confidence scores.
π° Give me your username. Iβll tell you who you are!
Techjournalist writes an essay about digital privacy and the use of OSINT in Germany. This is a great article for the OSINT mindset and for protecting yourself and others online.
π° When you need to search by nickname in public IP addresses search engines (Shodan, Netlas, Fofa etc.)
Cyber Detective writes about an OSINT workflow starting with a username or a first and last name (full name) and pivoting into more advanced techniques like searching for usernames across URLs not listed in search engines using tools like Shodan.
Read more on OSINT Ambitionβ¦
OSINT Community
πΊ World's best ai vs geoguessr pro
AI might be sophisticated enough to do complex geolocation. Itβs not 100% but itβs getting better every day. Letβs see how it matches up against Rainbolt (Geoguessr pro).
π PIGEON: Predicting Image Geolocations
On the note of AI being able to geolocate images, check out this research paper that started the conversation. I suspect a new wave of audio/visual investigation tools are just around the corner.
π¦ Google expands the list of supported filetypes in Google Search
Aleksandra Bielska shares an update from Google Search. The filetype: operator now supports extensions such as .csv, .mp4, and more. This will likely spark a whole new list of custom search engines (CSE) and Iβm looking forward to it.
π¦ A sizable list of Shodan Dorks updated for 2023
HackGit shares a large list of Shodan Dorks for 2023. If youβre not using Shodan already in OSINT, consider spending the time. Itβs not just for technical intelligence, Iβve seen people find tons of exposed datasets that have helped with investigations of all types.
π¦ Create more believable sock puppets with AI
Cyber Detective shares a list of resources that will help you create more believable sock puppets. This is also the list of resources that will likely be used by adversaries to create many fake accounts for large-scale mis/disinformation campaigns and worse.
π¦ Find the distance between a camera and an explosion with Python
David from GeoConfirmed shared new research (including a Python script) heβs doing to help investigators find the distance between where an explosion happened and where the video showing the explosion was filmed. It uses the sound delay between the flash and boom of the explosion to estimate.
β Thatβs it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, youβll get access to the following:
π± 2 manual mobile OSINT methods for reverse phone number
π 3 OSINT tools for images and social media intelligence
π₯Έ 2 OPSEC tools for enhancing digital privacy
π If you donβt have a paid subscription already, donβt worry thereβs a 7-day free trial. If you like what youβre reading, upgrade your subscription. If you canβt, I totally understand. Stay tuned for the geolocation challenge in next weekβs issue to get a shot at free access.
Keep reading with a 7-day free trial
Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.