Discover and read the best of Twitter Threads about #OSINT

Most recents (9)

Meet Tim Graboski, aka whiterook6. He works for AggregateIQ as software developer. If that name sounds familiar, it’s because they helped #CambridgeAnalytica during the 2016 election. And apparently they’re still interested in our elections. #Midterms2018 #osint #infosec
We know that part of the seed data for the models used by CA came from Facebook surveys users filled in as part of an app. Well doesn’t this look familiar....this is a project called Campaign Pillar aka Check-In. “AIQ” is plainly visible. As are the targeted election questions.
Well this little gem comes to us courtesy of Tim’s GitHub repository, found here : github.com/whiterook6/che… Currently available to the public (cloned in case it comes down).
Read 10 tweets
.@judicialnetwork is picking #SCOTUS for us, first #Gorsuch now #Kavanaugh. @ZeldaShagnasty shows here, the domain confirmkavanaugh(.)com was registered in 2/17. 3 similar sites (.net, .info and confirmkavanaughnow(.)com) in 7/18, all three on the same day. #osint #infosec
That date was 7/10/2018. Given that all domains were registered through GoDaddy’s anonymous registration service, WHOIS doesn’t tell us much. But the site is copywritten to @judicialnetwork, so we know they’re involved. Let’s take a look at the page source for the .com site:
Notice something? A template created for a Gorsuch themed site is being used for #Kavanaugh. Was there a confirmgorsuch(.)com too? Blank page currently, but sure enough one was setup 12/19/2016. And taken down 7/9/2018. Well, when did confirmkavanaugh(.)com go live?
Read 10 tweets
After the threads from @conspirator0 and @propornot re: @propornotapp (now suspended), decided to look for any interesting breadcrumbs they may have left behind. Wound up learning about #Nationalist parties of Bulgaria and a few other tidbits. #osint #bots #disinformation
First thing that turned up was this article from the site newsbeezer(.)com (site title: Bulgaria Evening News). As you can see in the screenshot, @PropOrNotApp is quoted discussing conditions during fires in neighboring Greece. Sure, why not?
What else is on this site? Well, they appear to be big fans of the National Front for the Salvation of Bulgaria, normally abbreviated to NFSB, though oddly they seem to alternate the abbreviation between NFFS and NPSB. Neither appear affiliated with another political party.
Read 17 tweets
I’ve been playing around with dehashed.com and it’s a great tool. Can search pretty much any identifier and can wildcard so really good for #RedTeam recon as well as straight up #OSINT investigation 1/n
It only brings back 5 results per page so is actually pretty difficult to just trawl results for something juicy. I wildcarded a few fairly large corporate UK domains and consistently got 2-3k results. That’s a lot of clicking to get through all of them 2/n
So it’s probably not quite the privacy nightmare I thought it might be even with the wildcard function and increased number of search parameters. From my limited testing I t looks like it has the same data sets as haveibeenpwned etc 3/n
Read 5 tweets
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit
fivethirtyeight.com/features/why-w… @ollie #infosec #osint #opsec
In the second wk of July 2016 #DemExit became a social media campaign & political movement in response to Bernie Sanders formally endorsing rival Hillary Clinton 4 president. Bernie Sanders supporters in particular were encouraged to leave the Democratic Party in protest #infosec
Read 14 tweets
The same #Russian T-62MV without ERA, that was spotted on a train at Kamensk Shakhtinsky on 31.8 was unloaded before noon 1.9 and spotted heading towards #Ukraine on a trailer.

Same road also showed several other Russian military convoys.
#OSINT
Sitä parempaa tekemistä @LauraHuu ;)
Read 7 tweets
#OSINT tool:
This is a short thread on how to use Microsoft's Video Indexer (VI) to easily extract valuable insights from videos. Analysing open source information, especially hours of video footage is time-consuming so tools like VI can come in pretty handy 1/6
For this exercise, I use a 1h51m long video from a far-right rally in London (Sat 14 Jul), which I downloaded from YouTube & then uploaded onto the VI platform. Uploading time was around 6-8 min, whereas indexing took 44 min (trial account). 2/5
If you take a look at the right side: VI lists all people appearing in the video and (for some) even provides a short bio. It also displays the exact time(s) the person appears in the video (an advantageous feature that could save analysts valuable time) 3/6
Read 6 tweets
In conjunction with @SlickRockWeb, now let’s take a look at #WalkAway from a different perspective. Who’s the man behind the curtain, and who’s backing him? His name is Brandon Straka, know here as @UsMinority. Let’s get to know him a bit. #infosec #osint #psyops
Before #WalkAway took off (with surprising rapidity), Straka was a performance artist and stylist in New York. His most recent work appears to have been this show, showing his evolution away from #TheResistance. Here’s a link to the GoFundMe gofundme.com/resist-a-rock-…
His first announcement of the #WalkAway campaign was on May 26th. However, shortly after the dates of his show, on a Facebook post dated 10/27/17, we see the following exchange after a post about @TheEllenShow, which appears to be the first public use of the “walk away” idea.
Read 14 tweets
So for the first time in quite a while a newcomer hashtag had top spot on the #Hamilton68 Dashboard -- #walkaway. We remembered seeing this hashtag in the past few weeks but didnt really know what it was or follow up on it. #infosec #opsec dashboard.securingdemocracy.org
The background story on this hashtag #walkaway is a little strange & the number of bots, trolls, & fake testimonial promoting this hashtag is even stranger. Here's an example of a completely fake tweet highlighted by @daveweigel #opsec #infosec
We decided to look retrospectively at our own reverse engineered #Hamilton68 data. This is a wordcloud of 22893 tweets from our main Hamilton68 troll subset going from June 24th until now & #walkaway takes the #1 spot. #infosec #opsec
Read 31 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!