The OSINT Newsletter - Issue #30
A closer look into the Community Notes program on X and how to investigate the content and accounts behind it
👋 Welcome to the 30th issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. My goal with this newsletter is to help promote the OSINT industry, develop better investigators, and raise awareness of ethical use cases for open source intelligence.
🙏 I wanted to extend a special thank you in this issue to all of those who chose to support me and this project by pre-ordering a copy of the first print issue of The OSINT Newsletter. I wasn’t sure if people would be interested in short-form content in OSINT; however, the number of people who preordered proved I might have been right in my assumption that 500-page books are amazing but are very intimidating and people are busy. You’ve inspired me to make this series as early and often as I possibly can.
🚨 The draft table of contents for the print edition of The OSINT Newsletter is now available. You can view it on the pre-order page of the issue. I wanted to make sure I covered a wide range of topics for people who have different interests and applications for open source intelligence. Topics covered include: person search, social media, geolocation, conflict, internet of things, leaked databases, operational security, case studies, and tools.
🏆 Geolocation challenge
In what city was this image taken? What are the specific coordinates?
🗒️ Look at the architectural style and age. Consider the make/model of the vehicle. See if you can decipher the signs and flags present. The style of cobblestone is also interesting.
The first person to provide the correct city gets 1 month of paid access to The OSINT Newsletter for free. The person with the closest coordinates to where the image was taken will also get 1 month of paid access.
Bonus: the person who provides the best write-up for how they geolocated the image (with the right location) will also get 1 month of free access and will have their write-up featured in the next newsletter issue.
🙋 Reply to this email with your answer; winners will be announced on Friday (or Saturday).
For those of you reading this on Substack or for those who subscribed after this issue was released, use the Substack comment section instead.
🪃 If you missed the last newsletter, here’s a quick link to catch up.
Let’s get started. ⬇️
📰 Separating Fact from Fiction on Social Media in Times of Conflict
You’ll see a theme throughout this issue. Proceed with caution. When new conflicts kick-off, many see this as a time to grow their social media account or their 15 minutes of fame. I typically stay away from conflict analysis for a variety of reasons. Bellingcat discusses this topic in detail.
📰 How Telegram Became a Terrifying Weapon in the Israel-Hamas War
If we recall the early days of ISIS, adding a shock factor was a significant part of the media strategy of the group. We saw this with early published, gruesome videos of executions. Similarly, Hamas posted gruesome images and videos that were designed to go viral on Telegram. Wired discusses this topic at length.
📰 Unlocking the Power of Shodan: A Comprehensive Guide for Beginners
If you’re new to IoT search engines or are looking for a refresher, Tomer Klein wrote an excellent guide to Shodan in this post on OSINT Team. If you don’t have a paid Shodan API key, don’t worry. There’s a 95% chance they do another Black Friday deal this year.
📰 3 Expert Shoemakers Say Ron DeSantis Is Probably Wearing Height Boosters
In this hilarious article, Politico consults several shoemakers to confirm that Ron DeSantis is wearing height boosters in his shoes out on the campaign trail. Ironically, Eliot Higgins suggested this is likely the best open source investigation of the year. He was joking.
📰 W1nterSt0rm: OSINT search for a missing person
First, make sure you have an ad blocker before viewing this. It’s noisy. That said, what a wonderful case study for investigations into missing persons. I’m very interested in the “Hackers Amber Alert” section. It seems pretty bold but the intent is very good.
📺 How open-source intelligence is co-opted to spread war misinformation
This is an interesting video. Not only does it share examples of when armchair OSINT investigators have jumped the gun, but it also shows that mainstream media is completely out of touch with what’s going on in open source intelligence. Watch because it’s important to learn what NOT to do, and try not to cringe at the OS-INT references.
🐦 Twitter/X is using an insecure protocol to do voice calls which can reveal your IP
Most of you have already disabled the feature of voice calls on X. For those of you who haven’t, you should probably do that now. Not only can anyone call you, but they’re using the same insecure protocol that plagued Signal and Telegram, discovered earlier this year where your IP can be revealed if the call connects. If you accidentally accept a voice call, you could have your OPSEC wrecked.
🐦 OH SHINT updated their list of OSINT resources on GitHub
OH SHINT has a very popular repository containing dozens of resources for open source intelligence. They recently updated their repository with many new resources spanning several use cases. See what you missed.
🐦 Wojciech published a new update for Open Source Surveillance
If you don’t know Wojciech, they were the developers behind Kamerka, which at the time was a cutting-edge open source tool for IoT and geolocation intelligence. They’ve been working on a more enterprise version for a while now and just recently published an update to their platform.
🐦 Follow FOFA bot for case studies on IoT OSINT
If you’re using Shodan and Censys in your investigations but not FOFA, you’re already behind. People call FOFA the Chinese Shodan. It’s not better or worse than Shodan or Censys, it’s just another lens. If you follow them on X, they regularly publish case studies or small examples you can follow to become a better OSINT analyst and expand your vantage point. Here’s an example.
🗒️ Use a VPN, please.
If you're not familiar with URL fingerprinting, consider reading this blog post on Digital Building Blocks. Shimon makes URL fingerprinting easy by aggregating several sources, such as Shodan and SecurityTrails, that fingerprint URLs in a single tool. Why? You can get unique identifiers such as certificates and favicons that can be excellent pivot points for your investigation.
If you’re doing domain-related investigations, give this tool a look.
🖥️ Unstoppable Domains
If you’re doing web3-related (blockchain, crypto, NFT, etc.) investigations, add this tool to your toolkit. Reverse search usernames into domains that are web3-specific and find pivot points you can use to expand your investigation.
Alright, for the non-technical OSINT people here, bear with me on this one. If you're making requests to a website using Python modules like requests, pycurl, etc. you’re often dealing with issues with blocked requests from robust websites. Using curl_cffi, you can make those same requests with better performance and more reliability. If you’re building OSINT tools that rely on web scraping, consider swapping your current methodology with this one to save on resources and aspirin.
If you’ve ever used the BuiltWith relationship feature, you’re familiar with looking at historical IPs and redirects. Fredirect follows those redirects so you don’t have to. This is an excellent tool to provide you with a pivot point from a domain or URL to another lead.
Phonetrack is an interesting tool that leverages data from OpenCage to do reverse phone number searches. If you’re struggling to pivot from a phone number, give this tool a try. If you’re building an OSINT tool, check out this code and how you too can integrate OpenCage into your toolset.
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
⚡ A closer look into the Community Notes program on X and how to investigate the content and accounts behind it.
🗒️ This will be the last issue in the X series before a print issue of The OSINT Newsletter is released as a detailed guide on the topic (Q1 of 2024).
👀 You get access to all paid posts in the archive. Go back and see what you’ve missed!
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Stay tuned for the geolocation challenge in next week’s issue to get a shot at free access.
Keep reading with a 7-day free trial
Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.