The OSINT Newsletter - Issue #27
Learn how to extract detailed information about a Fiverr buyer or seller and create an OSINT module to scale this capability for any investigation
👋 Welcome to the 27th issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. My goal with this newsletter is to help promote the OSINT industry, develop better investigators, and raise awareness of ethical use cases for open source intelligence.
🙏 I’d like to extend a special thank you to the Human Rights Center at UC Berkeley, Darknet Diaries, and Black Hills Information Security for sending out awesome OSINT/infosec freebies that I’ve received in the last month or so. It’s inspired me to consider a print version of The OSINT Newsletter in the future. More on that later.
I also wanted to thank those who helped get The OSINT Newsletter’s LinkedIn page to over 1000 followers. I was at 998 and asked my community on X for the bump. Within 11 minutes you all stepped up to bring the follower count up to 1000.
🚨 After a very close call with a Stripe dispute, I’m fortunate to announce that The OSINT Newsletter will continue. If you missed the news, Stripe mysteriously closed my account without warning following what they deemed as unauthorized transactions present on my account. Considering all transactions are processed through Substack, I found this odd. After 4 hours of back and forth in the middle of the night (grateful at least for 24/7 support) I was able to get this resolved and have my account reinstated.
🗒️ I’ve changed my email address for The OSINT Newsletter to email@example.com. If you see an email reply from this email, know that it is me. I will only reach out to you to notify you that you’ve won a geolocation challenge or something else related to the newsletter.
🏆 Geolocation challenge
In what city was this image taken? What are the specific coordinates?
The first person to provide the correct city gets 1 month of paid access to The OSINT Newsletter for free. The person with the closest coordinates to where the image was taken from will also get 1 month of paid access.
Bonus: the person who provides the best write-up for how they geolocated the image (with the right location) will also get 1 month of free access and will have their write-up featured in the next newsletter issue.
🙋 Reply to this email with your answer; winners will be announced on Friday (or Saturday).
For those of you reading this on Substack or for those who subscribed after this issue was released, use the Substack comment section instead.
🪃 In case you missed previous newsletters, here are a few links to catch up.
Let’s get started. ⬇️
📰 Catching My Hacker via Leaked Databases
This article is a story originally written in 2016 but was resurrected and published recently. It tells the story of a person who was hacked and how they used leaked databases to discover the identity of their hacker.
📰 How To Find Timestamps For Verification
Often times the user interface (UI) of a website gives abbreviated information for user experience reasons; however, under the hood, more granular information is often available. Nixintel shows you different methods for timestamp discovery on popular social media platforms in his new blog post.
📰 How to Use OSINT to Identify Connections to Sanctioned Entities
This post is mostly a sales funnel; however, it’s an interesting look at how you can use open source intelligence to investigate sanctioned entities. It shows you an investigative workflow for how you can take a small amount of information and expand it into an entire investigation.
📰 Criminal Profiling Using OSINT
There’s been an unquestionable amount of romanticization of criminal profiling in entertainment. This has led a lot of people to get interested in psychology, forensics, and other disciplines. Criminal profiling can also be part of an OSINT investigation. This article gives an overview of open source intelligence through a profiling lens, discussing topics like pattern of life and word choice.
📰 How to find the right Chinese OSINT keywords
This article is also mostly a sales funnel for a Chinese OSINT course; however, it properly introduces the challenge of conducting open source investigations using Cantonese/Mandarin-native material. As geopolitical tensions rise globally, it’s worthwhile to diversify your skillset in this area.
📺 Satellite Open Source Intelligence with ChatGPT
Learn how to use ChatGPT to create API calls N2YO for Satellite OSINT. Use this to determine if the International Space Station will pass over the Eiffel Tower, for example, over a certain timeframe. It’s a short video, but introduces you to new APIs for OSINT.
🐦 Top Cybersecurity Search Engines
Mario Rojas shares the top cybersecurity search engines for threat intelligence, dark web, malware analysis, data breaches, and more.
🐦 36 geolocated videos in Israel during the ongoing conflict
Geoconfirmed shared that 36 videos have been geolocated in Israel related to the ongoing conflict. This number may be even higher at the time of this writing.
🐦 OSINT Support has a new browser extension
OSINT Support is known for making extremely useful browser extensions for open source intelligence. Their new project injects a context menu next to any YouTube video, extracting the video ID to dynamically generate Google search queries and dorks.
🐦 Relevant Telegram channels and groups for the ongoing Israel/Palestine conflict
Ari Ben-Am shares a Google Sheet with a list of Telegram channels and groups relevant to the ongoing conflict in Israel and Palestine. These will be added to the Telemetry app soon and contributors are welcome to add new sources.
🔎 Telegram get remote IP
This script uses Wireshark (tshark) to determine the IP address of a contact from your Telegram app. To determine the IP address, you must be in each other's contacts. This is for educational purposes only.
Generating usernames from a first and last name is often tedious. You can create variations based on first + last, f + last, first + l, etc. But if you want to do this at scale, it’s a lot of guess and check. BabelStrike uses many combinations to generate a possible username list in a very short period of time, saving you time and keystrokes.
📎 Username Generation Guide
If you’re unable to use BabelStrike or find the results aren’t suiting your needs, consider reading this guide. It steps through the methodology of username enumeration and how you can take a single data point and turn it into hundreds of leads.
CyberWise is a browser extension that’s a multilingual detector of phishing, adware, and malware on websites. It’s brand new and was featured on ProductHunt. I like the idea of taking personal ownership for countering phishing, not just relying on enterprise tooling. The multilingual aspect is also particularly interesting.
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
👤 Learn how to extract detailed information about a Fiverr buyer or seller and create an OSINT module to scale this capability for any investigation.
👀 You get access to all paid posts in the archive. Go back and see what you’ve missed!
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Stay tuned for the geolocation challenge in next week’s issue to get a shot at free access.
Keep reading with a 7-day free trial
Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.