30 episodes

The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. Most of all, we want to inspire people to look outside of their OSINT-comfort zones and pursue their OSINT passions. We try to keep people curious about exploring web applications for bits of information or trying out new techniques to access important OSINT data.

We are an OSINT-learning catalyst.

OSINTCurious OSINTCurious

    • Technology

The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. Most of all, we want to inspire people to look outside of their OSINT-comfort zones and pursue their OSINT passions. We try to keep people curious about exploring web applications for bits of information or trying out new techniques to access important OSINT data.

We are an OSINT-learning catalyst.

    Episode 31: Jeff Lomas of BleuBloodHound, MWOsint demos the MSFT video indexer and more...

    Episode 31: Jeff Lomas of BleuBloodHound, MWOsint demos the MSFT video indexer and more...

    People in this Episode:


    Micah Hoffman (WebBreacher) 
    Dutch_Osintguy 
    Matthias Wilson (MwOsint) 
    Nixintel 
    Sector035 
    Special Guest: Jeff Lomas (@BleuBloodHound)  

    Links to what we discussed:


    Jeff Lomas talked about his blog on cell tower info, DFIR and OSINT https://osintcurio.us/2019/08/19/making-sense-of-osint-cell-tower-data-for-dfir/ 
    People being monitored by the geotagged social media trough Echosec https://twitter.com/KarlSwannie/status/1233092121822978048 
    An semi automated website for lookups on a domain, ip or email. Covers dns, location, whois and more. Opsec! don’t know if requests are tracked https://synapsint.com/ 
    OSINT CTF that gives people a chance to practice their skills. It covers a wide range of areas like government databases, social media, archived websites as well as some basic digital forensic and cyber security knowledge. https://ctf.cybersoc.wales/ 
    Vis graphing tool for win, linux and osx in beta. Sort of Maltego alternative made with help of occrp.vis.com https://docs.alephdata.org/guide/vis-desktop 
    Guideline by US DoJ : Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources https://www.justice.gov/criminal-ccips/page/file/1252341/download 
    Useful to manually create charts in your OSINT investigations https://www.draw.io/ 
    Bram (Aware Online) has been on fire this week, posting lots of quick OSINT tips. Might be worth a shout-out https://twitter.com/aware_online 
    Great detailed blog on how to build your own web scraper using Python https://hackernoon.com/how-to-build-a-web-scraper-with-python-step-by-step-guide-jxkp3yum 
    TikTok OSINT thread https://twitter.com/summer__heidi/status/1234308465662627840 
    The Cyber Intelligence Analyst Cookbook has some good information about CTI and OSINT process and analysis. https://github.com/open-source-rs/The-Cyber-Intelligence-Analyst-Cookbook/ 
    Scrapy: An open source and collaborative framework for extracting the data you need from websites. https://scrapy.org/ 

    Skills Demo: 

    Matthias a.k.a MWOsint – https://keyfindings.blog/2020/03/08/using-the-microsoft-video-indexer-for-osint/ demo 

    Self Promotion:


    Dutch_OsintGuy added new events to his website for several trainings and workshops https://dutchosintguy.com/events-and-blogs/ 
    Dutch_Osintguy : Workshop understanding Google’s search results and advanced searching techniques workshop (Dutch language only) together with Aware Online. March 20th in Amsterdam. https://www.aware-online.com/workshop-google-voor-gevorderden/ 
    Micah (WebBreacher) has multiple SANS SEC487 live classes (https://sans.org/sec487) coming up in the coming months and is looking forward to the GIAC GOSI OSINT certification (https://giac.org/gosi) moving into beta testing in April.

    • 1 hr 8 min
    Episode 30, A brief chat about WhatsApp, a new OSINT-dedicated Linux build and more..

    Episode 30, A brief chat about WhatsApp, a new OSINT-dedicated Linux build and more..

    People in this Episode

    Ginsberg5150
    Nixintel
    Sector035

    Links to what we discussed

    WhatsApp invite debacle: https://twitter.com/JordanWildon/status/1230829082662842369
    Nixintel his short blogpost about it: https://nixintel.info/osint/whatsapp-dorks-and-tricks/
    Open source maps and satellite imagery used to verify claims about Chinese human rights abuses https://twitter.com/bayer_julia/status/1229441850781642754
    A Pastebin bot on Twitter: https://twitter.com/leak_scavenger (by https://twitter.com/rnd_infosec_guy)
    SN Radar http://snradar.azurewebsites.net – geolocation tool for VK posts.
    OSINT Summit 2020 – https://www.sans.org/event/osint-summit-2020
    New Buscador-style OSINT dedicated Linux build called CSI Linux: https://csilinux.com/features.html
    Sigint through satellites interference http://www.osinteditor.com/resources/sentinel-1-c-sar-interference-analysis-intro/
    Citizens find the attackers of the Jawaharlal Nehru University attack: https://medium.com/dfrlab/citizen-sleuths-in-india-unmask-perpetrators-behind-jnu-attack-2a053f0b7556

    • 23 min
    Episode 29: Interview with OSINTTechniques, Google dorking SSIDs, a look at the Kobe Bryant helicopter crash using OSINT and more

    Episode 29: Interview with OSINTTechniques, Google dorking SSIDs, a look at the Kobe Bryant helicopter crash using OSINT and more

    People in this Episode


    Micah Hoffman
    Dutch_Osintguy
    Sector035
    And our special guest: Ritu Gill aka OsintTechniques

    Links to what we discussed


    Tweet by Gonzo about searching SSID’s with a Google dork https://twitter.com/gonzos_int/status/1222541952413065216?s=11
    Another good name check lookup website https://twitter.com/dutch_osintguy/status/1223688324034060292
    Good read about deanonymizing TOR circuits https://twitter.com/x0rzkov/status/1224380928094613505
    Guest OSINT Curious blog by Jeff Lomas https://twitter.com/BleuBloodHound : https://osintcurio.us/2020/01/31/combing-through-video-faster-using-dfir-and-osint-skills/
    50 cognitive biases in the modern world https://twitter.com/i_intelligence/status/1224230855213830145
    OSINT explanation of Kobe Bryant’s catastrophic helicopter crash https://www.youtube.com/watch?v=XSHpbGhy3Ko&feature=youtu.be
    How to find the most recent satellite imagery on earth https://twitter.com/mouthofmorrison/status/1212840820019208192
    Trace Labs Global CTF 3
    Google Geolocation API now includes Wi-Fi and Cell data https://developers.google.com/maps/documentation/geolocation/intro 
    Tweet by Serge Courier: Scrape Google Maps (a tool and a browser extension to scrape results from a Google maps search – original blog post from Boolean Strings) https://twitter.com/secou/status/1225855494750818304?s=21
    10 minute OSINT Curious tip “Viewing LinkedIn Profiles Anonymously” https://youtu.be/bIAdx3CAjtM
    Identifying and tackling manipulated media – a free online course offered by Reuters https://twitter.com/LorandBodo/status/1225415356409372672
    OSINTCombine have put together an importable bookmark stack https://twitter.com/osintcombine/status/1225181330595430400 
    Ginger_T Article https://medium.com/@Ginger_T/my-journey-into-the-world-of-osint-is-now-just-over-one-year-old-ea6f6d90eda 

    Self Promotion


    SANS OSINT Summit – February 18th, next week! https://www.sans.org/event/osint-summit-2020/summit-agenda
    Dutch_OsintGuy Nico doing two OSINT workshops on March 20th and May 18th Google Advanced Searching and Monitoring (in Dutch) https://www.aware-online.com/workshop-google-voor-gevorderden/
    https://twitter.com/aware_online/status/1226504473310351360 Dutch_Osintguy Nico teaching in Amsterdam 21-22-23 OSINT module 1 in English

    • 1 hr
    Episode 28: Bitcoin with Bellingcat's Brenna Smith, Finding who is running Wordpress even behind Cloudflare, and more

    Episode 28: Bitcoin with Bellingcat's Brenna Smith, Finding who is running Wordpress even behind Cloudflare, and more

    People in this Episode:


    Ginsberg5150
    Dutch_Osintguy
    Sector035
    Kirby Plessas
    And our special guest: Brenna Smith 

    Links to what we discussed:


    Archive of Brenna’s CryptOSINT newsletters can be found here https://us14.campaign-archive.com/home/?u=c435f53a5568f7951404c8a38&id=7f8ca9c380 
    Our own technisette had a beautiful and healthy baby! Congratulations! https://twitter.com/technisette/status/1219631571851980801 
    Introduction to OSINT (video) Micah was very lucky to meet and get to work with the talented Ritu Gill, (@OSINTTechniques). At the recent Trace Labs (@TraceLabs) and SANS (@SANSDefense) Missing Persons CTF in Washington DC, they both noticed that many people wanted to participate but had no idea how to get started. After a few discussions, they decided to make an Introduction to OSINT video. https://osintcurio.us/2020/01/16/introduction-to-osint-video/ 
    Lorand Bodo tweeted about a paper that describes a content manipulation (chameleon) attack https://twitter.com/LorandBodo/status/1220359046374600704 with a demo of the attack on Facebook. 
    Blog by DJ Nemec about using pingbacks to umask a real IP address of a WordPress website that is behind Cloudflare https://t.co/DZY2yOiIRi?amp=1 
    nixintel wrote a blog about using OSINT techniques to find out who is behind a WordPress site https://nixintel.info/osint/osint-techniques-whos-behind-a-wordpress-site/ 
    New chrome extension that lets you see who posted a video on Twitter first (thread in french https://twitter.com/BriceLeBorgne/status/1217470986095861760) tool on github https://github.com/briceleborgne/OriginVideo (To install the extension, you can download the file I put on Github. Unzip everything in a local folder. Activate developer mode on the Chrome “Extensions” page. Click on “Load the unpackaged extension”, select the folder, en load) 
    “What is OSINT?” thread on Twitter https://twitter.com/WebBreacher/status/1219606025680101380 
    TraceLabs Global Missing Persons CTF III – https://www.tracelabs.org/2020/01/trace-labs-global-ctf-iii-an-osint-ctf-for-missing-persons/ 
    New SpiderFoot release https://twitter.com/spiderfoot/status/1221427688109375488 

    Self Promotion 


    Nico, Kirby, Micah, and others at SANS osint summit FEB 18th https://www.sans.org/event/osint-summit-2020 
    Nico joined the recorded future podcast, talked about osint and threat intelligence. You can listen to it here https://www.recordedfuture.com/podcast-episode-142/

    • 1 hr 8 min
    Episode 27 - OSINT Curious is a year old! And we have Vortimo's Roelof Temmingh!

    Episode 27 - OSINT Curious is a year old! And we have Vortimo's Roelof Temmingh!

    Webcast 20200112 – #27

    People in this Episode

    Dutch_Osintguy
    Ginsberg5150
    Micah Hoffman
    Sector035
    And our special guest: Roelof Temmingh (VortimoTech)

    Links to what we discussed

    Aware online blogs: Searching Telegram via location – https://www.aware-online.com/en/search-for-telegram-groups-based-on-location/ and creating your own flowcharts – https://www.aware-online.com/en/create-your-own-osint-flowcharts/
    Micah’s OSINT MindMap – https://webbreacher.com/2018/07/12/osint-map/
    OSINT : Using Certificate Transparency lists. https://twitter.com/catalyst256/status/1214590663037198336
    Shodan filter reference: https://beta.shodan.io/search/filters
    Facial recognition by Yandex (vai Nelson Minar): https://nelsonslog.wordpress.com/2020/01/07/facial-recognition-for-the-public-yandex/
    Are you wondering what Emergency Action Messages (EAM) over the US Military High Frequency Global Communications System (HF-GCS) are? Find out all you need to know at this blog from @MilcomMP – https://mt-milcom.blogspot.com/p/what-is-emergency-action-message-or-eam.html
    https://www.bellingcat.com/news/mena/2020/01/09/video-apparently-showing-flight-ps572-missile-strike-geolocated-to-iranian-suburb/
    Osint quiz by sector – https://twitter.com/Sector035/status/1211038518635614208
    The ‘Hindsight Files’ – https://twitter.com/HindsightFiles

    Events

    From Kevin at National Child Protection Task Force Conference – “This is my conference that provides a bigger mix of OSINT with other legal methods. https://web.cvent.com/event/5b3168db-a94e-42f6-b1fa-ee35e90a6770/summary

    Self Promotion

    Kirby has a class in St Augustine Jan 21-22 – https://plessas.net/events
    Kirby will have her NDCAC law-enforcement only classes listed there soon as well.
    OSINT Summit this February https://www.sans.org/event/osint-summit-2020/summit-agenda – Use code OSINTPOD20 for special deal of $175 Summit tickets
    Webcast byDutch_Osintguy on operations security (OpSec) tradecraft and tips for online Open Source Intelligence (OSINT) Research – https://www.sans.org/webcasts/112735
    SecKC Tuesday 14th for workshops – https://seckc.org/#news-section

    • 1 hr 2 min
    Episode 25 - Breaches, TikTok, Vortimo and more!

    Episode 25 - Breaches, TikTok, Vortimo and more!

    Find all linked material here: https://osintcurio.us/webcast-20191201-25/

    People in this Episode


    Micah
    Dutch_Osintguy
    Kirby
    Sector035

    Links to what we discussed


    Tips on how to interpret leak data https://www.bellingcat.com/resources/how-tos/2019/11/06/massive-white-supremacist-message-board-leak-how-to-access-and-interpret-the-data/
    A new blog from MwOsint on investigating right wing extremists https://keyfindings.blog/2019/12/01/researching-right-wing-extremism-in-central-europe/
    An Emmy for the Bellingcat documentary https://www.dutchnews.nl/news/2019/11/two-dutch-documentaries-win-international-emmy-awards/
    Firstdraft article on identifying bots https://firstdraftnews.org/latest/the-not-so-simple-science-of-social-media-bots/
    Blogpost by OsintCombine on Foursquare https://www.osintcombine.com/post/foursquare-the-hidden-osint-gem
    Tutorial about Vortimo https://vortimo.wordpress.com/2019/11/08/vortimo-tutorial/
    LawFare Podcast https://twitter.com/kirbstr/status/1198804496660385793
    Diving into the TikTok API https://twitter.com/Sector035/status/1198692966333865987
    Automatic transcription of podcasts in iOS 13 https://twitter.com/chadloder/status/1194781978307911680 and a direct link: https://www.cultofmac.com/647598/search-podcast-transcripts-ios-13/
    Political ads information on Snapchat https://twitter.com/carljackmiller/status/1195306436529721345
    Tutorial on TikTok investigations https://www.secjuice.com/osint-investigations-on-tiktok/
    Small tutorial on the tool ‘bulkextractor’ https://digitalforensicstips.com/2019/11/using-bulk-extractor-for-quick-osint-wins/
    An SEO tool to analyze search results https://app.samuelschmitt.com
    A NYT investigation into the bombing of civilian targets in Syria https://www.nytimes.com/video/world/middleeast/100000006818506/russia-bombs-syria-civlians.htm
    The item we started this episode with was a tweet about interesting Google dorks. Feel free to share your favourite Google dork on Twitter using the hashtag #osintcurious. For example: https://twitter.com/sinwindie/status/1191493752113766401

    Self Promotion


    OSINTCurious is setting up a webshop https://www.redbubble.com/people/osint-curious
    Micah will be teaching at the SANS CDI (Washington, DC) event in December, anyone taking a class at the event can participate in the Tracelabs Missing Persons CTF! https://www.sans.org/event/cyber-defense-initiative-2019/bonus-sessions/19390/#bonus-box
    Micah will also be at the SANS OSINT Summit in Feb 2020 https://www.sans.org/event/osint-summit-2020 – Use code OSINTPOD20 to get a special price of $175 on you SANS Open-Source Intelligence Summit registration
    Kirby has a class for investigators in January in Jacksonville FL https://www.plessas.net/events

    • 50 min

Top Podcasts In Technology

Listeners Also Subscribed To