The OSINT Newsletter

Share this post

The OSINT Newsletter - March 2023 OSINT Review

osintnewsletter.com

The OSINT Newsletter - March 2023 OSINT Review

An overview of research in open source intelligence from March 2023

Jake Creps
Mar 15
6
Share this post

The OSINT Newsletter - March 2023 OSINT Review

osintnewsletter.com

Welcome to the first mid-month OSINT review. I’ll be publishing these every month in the middle of the month showcasing all of the interesting research and content I’ve looked into so far as part of my research into open source intelligence.

This issue is broken up into an OSINT Reads section that contains longer form content followed by OSINT Twitter which highlights the top research I’ve seen so far this month.

If there’s anything I left out that you think is worth mentioning, please let me know!

Thanks again for reading and if you haven’t already subscribed, here’s an easy way to do it.


OSINT Reads

How a Montenegrin Gang Used Open-Source Intelligence to Kill

Hitmen working for a criminal group active in Montenegro and Serbia used open-source intelligence techniques, poring over apartment listing sites, satellite images, and tourist photos posted online, to track down and kill the leader of a rival clan as he hid out in Greece. Read more

A Private Company Is Using Social Media to Track Down Russian Soldiers

Open-source investigations were once potent journalistic tools, but in Ukraine, they’re being used on the battlefield. Read more

Hands holding smartphones with speech bubbles

It took a TikToker barely 30 minutes to doxx me

Kristen Sotakoun found out way too much about me in a consensual test of my online security. Read more


OSINT Twitter

Tactical OSINT Analyst writes about confirming Google Groups and email addresses with Gmail accounts exist using existing functionality in Google Chat.

Twitter avatar for @OSINT_Tactical
𝚃𝚊𝚌𝚝𝚒𝚌𝚊𝚕 𝙾𝚂𝙸𝙽𝚃 𝙰𝚗𝚊𝚕𝚢𝚜𝚝 @OSINT_Tactical
Thread 🧵1/4: Confirming if Gmail addresses & Google Groups exist thanks to Google Chat 🔍. *Tried to search for this technique and did not find it mentioned anywhere. To start, head to Google Chat👇 mail.google.com/chat/u/1/#chat… #OSINT #GOSINT #Googleint
Image
9:06 PM ∙ Mar 13, 2023
56Likes18Retweets

I write about using ChatGPT for writing and reading regex for OSINT use cases.

Twitter avatar for @jakecreps
Jake Creps @jakecreps
☕️ Good morning. You can use ChatGPT to write regex for you. Here are some examples for OSINT. Emails: ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ Phone numbers: ^(\+?\d{1,3}[- ]?)?\(?\d{3}\)?[- ]?\d{3}[- ]?\d{4}$ Bitcoin wallets: ^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$
1:20 PM ∙ Mar 7, 2023
207Likes54Retweets

I also used ChatGPT to write a bookmarklet that extracts all email addresses on your active web page and saves them to a CSV including the source domain they were found on.

Twitter avatar for @jakecreps
Jake Creps @jakecreps
☕️ Good morning. I created a bookmarklet that extracts emails from a page, including the domain of the page extracted from, and saves the results as a CSV named the URL of the page it was extracted from. It's been a useful tool for #OSINT automation:
github.comosint-bookmarklets/Extract Emails at main · jakecreps/osint-bookmarkletsBookmarklets created for OSINT applications. Contribute to jakecreps/osint-bookmarklets development by creating an account on GitHub.
1:27 PM ∙ Mar 9, 2023
54Likes15Retweets

Ivano Somaini writes about using password recovery methods to disclose partial mobile phone number and credit card information from a PayPal account.

Twitter avatar for @IvanoSomaini
Ivano Somaini @IvanoSomaini
#OSINT🧵Tipp PayPal : How to diclose someone’s 5 digits of mobile and country prefix by email: - click on password forgot - insert target e-mail -...and the mobile phone digits are diclosed... -...in some cases even information about the credit card
Image
9:45 AM ∙ Feb 26, 2023
871Likes174Retweets

On the note of password recovery methodology, remember that this is a grey area and should be used carefully and ethically.

Image

I write about using the Bitmoji API to verify if a Snapchat, or any other Bitmoji-enabled account, is associated with an email address.

Twitter avatar for @jakecreps
Jake Creps @jakecreps
#OSINT Snapchat reverse email / verification 1⃣Request URL: bitmoji.api.snapchat.com/api/user/find 2⃣Request Body: {"email":"<email address>"} ✅ Response Body: If response, email match
Image
10:31 PM ∙ Mar 2, 2023
273Likes68Retweets

Nuclei creates a username module of their open source application.

Twitter avatar for @pdnuclei
nuclei @pdnuclei
#hackwithautomation #osint
Image
12:08 PM ∙ Mar 3, 2023
536Likes99Retweets

Cyb_detective shares a method for finding sites that allow you to use ChatGPT without registration.

Twitter avatar for @cyb_detective
Cyber Detective🇺🇦 @cyb_detective
Interesting trick from @fofabot (fofa.so search engine): This query will help you find applications that allow you to use ChatGPT without registration: FOFA Query: "loading-wrap" && "balls" && "chat" && is_domain=true en.fofa.info/result?qbase64…
Image
5:11 PM ∙ Mar 14, 2023
169Likes56Retweets
Share this post

The OSINT Newsletter - March 2023 OSINT Review

osintnewsletter.com
Comments
TopNew

No posts

Ready for more?

© 2023 Jake Creps
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing