The OSINT Newsletter

The OSINT Newsletter

Share this post

The OSINT Newsletter
The OSINT Newsletter
The OSINT Newsletter - Issue #32
Copy link
Facebook
Email
Notes
More

The OSINT Newsletter - Issue #32

Manipulating website registration forms to collect open source information about an email address

Jake Creps's avatar
Jake Creps
Nov 27, 2023
βˆ™ Paid
7

Share this post

The OSINT Newsletter
The OSINT Newsletter
The OSINT Newsletter - Issue #32
Copy link
Facebook
Email
Notes
More
4
Share

πŸ‘‹ Welcome to the 32nd issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. This issue is very OPSEC-heavy. Operational Security (OPSEC) is an essential tradecraft every investigator must learn in order to stay safe while investigating online.

🚨 Over 100 people have pre-ordered the print issue of The OSINT Newsletter. That’s an amazing milestone. By the time this newsletter is published, I will have completed the initial draft of the community portion of the print issue. What remains is the category-specific workflows that I will add that are print exclusives.

Pre-order

πŸ† Geolocation challenge

In what city was this image taken? What are the specific coordinates?

The first person to provide the correct city gets 1 month of paid access to The OSINT Newsletter for free. The person with the closest coordinates to where the image was taken from will also get 1 month of paid access.

πŸ™‹ Reply to this email with your answer; winners will be announced on Friday (or Saturday).

For those of you reading this on Substack or for those who subscribed after this issue was released, use the Substack comment section instead.

Leave a comment

πŸͺƒ If you missed the last newsletter, here’s a link to catch up.

The OSINT Newsletter - Issue #31

The OSINT Newsletter - Issue #31

Jake Creps
Β·
November 20, 2023
Read full story

Let’s get started. ⬇️


OSINT News

πŸ“° πŸ₯Έ Access Location, Camera & Microphone of any Device

Be careful out there. There are a lot of tools that exist to unmask your identity online. You can use these as an investigator if the situation warrants it; however, in most scenarios, these tools will be used against you. This article is about Storm-Breaker, a powerful social engineering tool that allows hackers to access the victim’s location, camera, microphone, and IP address.

Read on Medium…

πŸ“° πŸ₯Έ How to Track Realtime Location of ANY Telegram User β€” 2 Methods

Telegram is a very popular messaging app. It has many features aimed at providing a better user experience for their users. Those features, though, sometimes come at a cost. This article talks about the β€œFind People Nearby” feature, the risks it presents, and how an investigator can use it to track the location of any user. It also offers you a defensive plan to avoid this exposure from impacting you.

Read on Medium…

πŸ“° πŸ₯Έ Debunking the Myth of β€œAnonymous” Data

This article is an interesting read from a digital privacy and OSINT perspective. Not only does it go through and define several different data points and how easily accessible that information is, but it also talks about how that information is accessed and by whom. How is personally identifiable information (PII) stored? How is it accessed? What’s the catch?

Read on Electronic Frontier Foundation…

πŸ“° The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

This is a very long article, so strap in. It tells the story of the 2016 internet outages of Netflix, Spotify, Twitter, PayPal, Slack, and more as well as the people behind it. If you’re a fan of Darknet Diaries, this will be an entertaining read. But why in The OSINT Newsletter?

The journey of how cybercriminals go from zero to criminal is important context when doing investigations into eCrime or similar. That context is what gives you the power to pivot when others can’t.

πŸ—’οΈ Wired paywalled the post. I’ve added a Wayback Machine link below.

Read on Wired…

πŸ“° πŸ₯Έ An Ultimate List of Rules Net Survivors Should Follow to Stay Safe!

If you’re new to OSINT or have found yourself slipping in your OPSEC compliance, give this article a read. It’s a great refresher on how to set up the proper environment to stay safe online and in public. It even extends into cryptocurrency.

Read on OSINT Team…


OSINT Tools

πŸ”Ž TikTokPy

This tool allows you to extract data from TikTok without needing any login information or API keys. Think of it like an unofficial API for TikTok. You can fetch video information, creator information, download video libraries, etc.

GitHub

πŸ₯Έ Your Social Media Fingerprint

This is not only a tool you can use to improve your OPSEC, but it also presents an interesting idea. In a nutshell, websites behave differently depending on whether or not you’re logged in to them. This is especially true for the redirect process. Give this tool a try to learn more about a variety of topics.

Web App

πŸ–₯️ Alfred 5

Alfred is a research powerhouse. It does automation, Google Fu, expands the clipboard functionality (clipboard history), keyboard shortcuts, enhances file management, runs terminal, and more. I’m likely going to add their Workflow’s functionality to my terminal tools to run multiple Python scripts on a certain data point, for example.

πŸ’° This is a paid tool; however, it offers a one-time purchase price.

Desktop App

πŸ₯Έ Extension Detector

Similar to Your Social Media Fingerprint, Extension Detector uses your online digital fingerprint to detect which browser extensions you have installed. Both of these tools had me thinking about what could be accomplished with a spoofed digital fingerprint. Use this for OPSEC and to kick off some research around digital fingerprinting.

Web App

πŸ–₯️ πŸ₯Έ Telex

The final OPSEC-related tool in this issue is Telex. Think of Telex like a honeypot generator. If you’ve seen tools like Bitly, this is similar; however, Telex is specifically designed for threat intelligence research. Plant one of these seeds (ethically) in a place where a certain audience will find it and see what happens. Alternatively, study what’s possible to improve your own OPSEC.

Web App


OSINT Community

πŸ“Ί OSINT at Home #22: How To Measure Areas Using Free Satellite Tools

This is an amazing video. Ben shows you how you can use certain tools to measure satellite imagery. From calculating the area of wildfire damage to measuring the length of a ship, you can use built-in tools to gather open source information manually.

Watch on YouTube…

πŸ“˜ Detection Engineering Weekly

Detection Engineering Weekly is an OSINT Newsletter recommended read. If you’re in the world of cyber threat intelligence, asset identification, or detection engineering, this is a great publication to subscribe to. Check out their latest issue.

Detection Engineering Weekly
Det. Eng. Weekly #47 - My GPT is hallucinating again
Welcome to Issue #47 of Detection Engineering Weekly! This week’s recap:Detection Engineering Weekly is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. πŸ’Ž by Jon Hencinski on capacity modeling a SOC - it’s a great view into how SOC leaders think about triaging alerts, and how we as det…
Read more
a year ago Β· 3 likes Β· Zack 'techy' Allen

🐦 How to verify leak data

There’s a lot of leaked data out there for free and for sale. When there’s financial gain involved, there’s always the possibility of fraud. In this article, Techjournalist shows you how you can investigate leaked data to ensure it’s the real deal.

Read on Medium…

πŸ“˜ Bullsh*t Hunting

In this issue of Bullsh*t Hunting, Justin shows how you can scrape SSL certs using Google Sheets. This is a great introduction to how you can build a no-code web scraper for small scraping tasks.

Bullsh*t Hunting
Off the Cuff: Freak in the Google Sheets
Watch now (7 mins) | Hey folks! Here’s a quick video on how to scrape SSL certificate information from crt.sh with Google Sheets. This technique can help you discover interesting subdomains, domains that are connected to your target or phishing domains that are abusing your brand. Copy and paste the entire row of hostnames into your favourite reconnaissance or scanning tools…
Read more
a year ago Β· 4 likes Β· Justin Seitz

🐦 MetaOSINT will push a major update

MetaOSINT is a huge directory of resources for open source intelligence. It’s been a while since it’s been updated but a major update is coming soon. Make sure to bookmark the page and look out for the update when it comes out.

Read on X…


βœ… That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.

By upgrading to paid, you’ll get access to the following:

⚑Manipulating website registration forms to collect open source information about an email address

We’ll look at three examples that target three use cases:

  • Discord

  • OnlyFans

  • NameCheap

🏴 Objective: Determine if an email address is registered on either of these websites to confirm other information we already know (chat activity, potential infidelity, WHOIS data, etc.).

πŸ‘€ You get access to all paid posts in the archive. Go back and see what you’ve missed!

πŸš€ If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Stay tuned for the geolocation challenge in next week’s issue to get a shot at free access.

Keep reading with a 7-day free trial

Subscribe to The OSINT Newsletter to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Β© 2025 Jake Creps
Privacy βˆ™ Terms βˆ™ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More