The OSINT Newsletter - Issue #41
Discover hidden information for a Weibo profile such as gender, age, online status, and more
👋 Welcome to the 41st issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. My goal with this newsletter is to help promote the OSINT industry, develop better investigators, and raise awareness of ethical use cases for open source intelligence.
🚨 The batch of print issues of The OSINT Newsletter are on their way. The expected time of arrival is February 8 - 14th. Once they arrive, I’ll bag and board them, add in the free sticker, and ensure they’re all shipped to those who ordered. The print issues are nearly sold out. Stay tuned for next week’s update.
🪃 If you missed the last newsletter, here’s a link to catch up.
⚡ Download all active members of a channel in a Discord server and enrich their profile information with OSINT
Let’s get started. ⬇️
📰 There’s So Much Data Even Spies Are Struggling to Find Secrets
This is an important article for the OSINT industry. It highlights how significantly overlooked open source intelligence has been in the intelligence community (IC) and the need to emphasize it moving forward. There are even talks about creating a standalone OSINT agency outside of the IC.
🎩 H/T: Peter Martin, Katrina Manson
📰 Sextortion training materials found on TikTok, Instagram, Snapchat, and YouTube, according to new report
This article talks about a common use case that requires processing and analysis of open source intelligence. This article may have forced app stores from platforms like the iPhone and Android devices to remove Wizz, the application enabling sextortion, to be removed.
🎩 H/T: Lora Kolodny
📰 Using the Wayback Machine and Google Analytics to Uncover Disinformation Networks
Bellingcat showcases its tool, Wayback Analytics, to uncover disinformation networks found online. See how you can query the Wayback Machine for more than just a visual snapshot in time.
🎩 H/T: Justin Clark
📺 Using Satellite imagery, flight, and vessel data in investigations
In this OCCRP workshop, explore geographic data sources and analytical tools to investigate vessel and flight paths, recurring patterns, and correlations between deforestation and indigenous lands.
🎩 H/T: Eric Barrett
🐦 Things To Record & Research On A Social Media Account
If you’re new to OSINT or you’re looking for good reference material, consider reading this post by Neil Smith demonstrates how to deconstruct a social media profile for efficient data collection and organization.
🎩 H/T: Neil Smith
🐦 Ultimate OSINT Collection (Startme) update!
Griffin has either one of the most or the most popular OSINT-related pages on Startme. Recently, he published an update to the page. I applaud him for updating the page as so many of these Startme pages have link rot over time.
🎩 H/T: Griffin Glynn (hatless1der)
🐦 What is Dark.Fail, and who cares?
If you haven’t noticed, dark.fail has gone down. I mentioned in the last newsletter about tor.taxi, a similar alternative. Sam Bent writes about the story behind the disappearance of dark.fail.
🎩 H/T: Sam Bent
🌟 Sponsor: Kineviz
Find connections across 10 or 10,000 pages of documents so you know where to focus your attention.
SightXR not only extracts entities like persons, organizations, and events, but the relationships between them. Import PDFs, EMLs, DOCXs, CSVs, and quickly generate a map of the information that can be explored visually and via chat.
For more information or to arrange a demo, visit https://www.kineviz.com/sightxr
On the topic of the Wayback Machine, there are other archiving sources you should know about such as Common Crawl, Alien Vault OTX, URLScan, Virus Total, etc.
This tool aggregates all of them in a single search.
🎩 H/T: xnl_h4ck3r
Gideon is an open source script that has options for a phone number, car number (license or VIN equivalent), username, and IP address.
🎩 H/T: YouVBeenHacked
🗒️ This is primarily targeted at finding Russian profiles
🖥️ Tiny Scan
This tool scans a website and pulls valuable information such as SSL certificates, DNS records, web technologies, and HTTP headers in an easy-to-use web interface.
🗒️ This tool publicly exposes which websites were scanned, similar to URLScan.
🖥️ Merlin API
If you’re using several LLM APIs to build OSINT tools, consider checking out Merlin API. It combines all LLM APIs into a single API, allowing you to use Google, OpenAI, Mistral AI, or whatever you’re into.
🎩 H/T: Siddhartha Saxena, Puneet Bhatt
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
⚡ An advanced reverse username method for Weibo profiles
Find hidden profile information such as:
Profile creation date
👀 You get access to all paid posts in the archive. Go back and see what you’ve missed!
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Stay tuned for the geolocation challenge in next week’s issue to get a shot at free access.