Twitter would not be Twitter without a daily dose of QAnon drama. Recently there were claims that since Q-drop archive site qmap.pub now shares the same IP as 8Kun proved that 8Kun owner Jim Watkins is Q. I’m not sure that a reverse IP lookup by itself can really stretch that far, but it does …
DNS Records, QAnon, and How To Handle Uncertainty In OSINT. Read More »
The term “OSINT” sometimes gets thrown around a little too loosely. The “open source” part of OSINT is straightfoward enough: there’s a world of information out there and with enough digging and practice you can find almost anything you could ever think of – but by itself this is not OSINT. The “intelligence” part of …
Website OSINT: What’s The Link Between Antifa.com and Russia? Read More »
The last blog post I wrote about Fake Twitter profiles is by far the most widely-read post I’ve ever published since I started this blog. It’s nice when people read your work but there was a little sour note with this post after it was pointed out to me that someone had been posting it …
Who Stole My Stuff? Finding Out Who Is Behind A Website Read More »
A few months ago I wrote about how you could use Carbon-14 to detect the timestamps for images published in webpages. By comparing the publication times of the images with the publication time of the page itself it is possible to construct a timeline of when various elements in webpage were put together and so …
Website Forensics: How To Detect Editorial Changes Read More »
WordPress is the base that 35% of the world’s websites are built on. If you’re ever going to investigate a website, then it’s really important to be able to know your way around a WordPress setup. In this tutorial I’m going to show how to identify user accounts on a WordPress-based website so that you …
OSINT Techniques: Who’s Behind A WordPress Site? Read More »
Automation or Augmentation? Automation is an increasingly important part of OSINT. Even the simplest of investigations can require large amounts of different data types to be gathered and analysed quickly. Yet it is not accurate to suggest that all OSINT work is going to be automated as time progresses. Good OSINT practitioners will do …
Crypto Scam Investigation: Using Spiderfoot HX For OSINT Automation Read More »
In my last Spiderfoot tutorial I wrote about how Spiderfoot HX could be used to gather information about a suspicious IP address and then analyse and visualise the data. In this guide I’m going to show how Spiderfoot HX can be used to investigate a domain linked to phishing. Despite a lot of high-profile …
Spiderfoot HX: Investigating A Domain Used For Phishing Read More »
Using OSINT to identify and investigate sources of malicious internet activity is a key part of cyber security. There’s a huge range of open source information out there to help with this, and Spiderfoot HX gathers it very quickly. This allows more time to spend on analysis of the data to help assess the nature …
Using Spiderfoot HX To Investigate A Malicious IP Address Read More »
The WhoIs system used to be a goldmine for OSINT investigators. It was usually possible to find out the address, phone number, and e-mail address of the person who owned or at least registered the website. However the increasing use of privacy services by domain registrars, as well GDPR, has drastically reduced the usefulness of …
Most OSINT investigations involve an e-mail address at some point. Some start with an e-mail and nothing else. E-mail addresses can sometimes be a bit of a challenge but they can also provide a wealth of information about a subject. The rest of this post will look at a range of different tools and techniques …