OSINT: Open Source Intelligence #

Certifications #

• https://www.giac.org/certifications/open-source-intelligence-gosi/

Methodology #

Intelligence Cycle #

1. Planning and Requirements
2. Collection
3. Processing and Evaluation
4. Analysis and Production
5. Dissementation and Consumption
6. Repeat

Subject Intelligence #

Intelligence about a person and direct metadata (address, name, email, accounts, …)

Tools #

• dehashed.com - data breaches and passwords

Social Media Intelligence #

Social Media of a Subject/business

• Note that especially younger generations might have multiple accounts for various audiences (friends, themselves, a business, ….)

• MIS/DIS/MAL-information

  • Misinfoformation: Misleading or incorrect information that is not knowlingly deceptive.
    • Example: Grandma posts article about vitamines curing cancer.
  • Misinfoformation: Misleading or incorrect information that is knowlingly deceptive/deliberate.
    • Usually entirely fabricated.
    • Example: Mascot from one team posts false information about competing mascot, about being arrested for assault.
  • Malinformation: Based in reality but is purposfully harmfull. It’s is based on reality but shared out of context or intent to cause harm.
    • Example: Political party post fake story of immigrant assaulting a native woman to ignite hated.

Tools #

• Telegram Stats
• Reddit Post Analyzer 1
• Reddit Post Analyzer 2
• Pro Twitter (Former Tweet Deck)
• Centre For Information REeslience
• Snopes: Debunk site
  • Snopes Fact Checks
• Fact Check.org
• Verification Handbook: Guide to verify digital content
• Spot Bot Like Behaviour on Twitter/x: Bot Sentienel
• Graph Tools For Analysis
  • Neo4j
  • Gephi
• Foto Forensics
  • Tool 1
  • Tool 2

Business and Organisational intelligence #

• Usual data points
  • Corporate/business structure disclosures
    • Parent
    • Subsidary
    • Holding companies
  • Contract disclosures
    • Government Contracts > Usually public by law > You can check if a given organizatio had government contracts
    • Sounds boring, but very juicy details can be found, especially in appendix
      • Technologies, subcontractors used, blueprints, contacts, building specs,…
  • Financial Records / annual reports
  • Affiliation and relationship disclosures
  • Procurement / supply chain disclosures
  • Innovative / proprietary technology disclosures
  • Business discretions and lawsuits
  • santions / illegal activity
  • Public disclosures
  • Published material disclosures
  • Public companies must submit reports, so that helps with public companies
  • Social media and other public info allows to pivot to subject intelligence
• Recognizing Oranizational Crimes
  • Guide 1
  • guide 2
• Be informed about sanctions to know if someone is doing shady stuff
  • UN Sanctions
  • ParisMou Sanctions
  • Financial Action Task Force (FATF) - global money laundering and terrorist financing watchdog
• Non profit are not allowed various things, non profits can be often used to attract funds for good things but in practice do other things that benefit private persons for example.
• Non profits usually have less oversight, that’s why they’re so tempting for fraud.
• In every country normally non profits have to do some declarations or statements that should be publicly available . Or they might self publish reports to attract trust.
• Organizations Domain / Site / IP
  • Look at robots.txt of any site for potential attempted hidden stuff
  • Search for a domain, you might find what other sites refer to the site, that can uncover stuff.
  • The content of a site can indicate if the site is fraudulent, just a quick shell, images and text can be analyzed or reverse searched to see if it’s stock or fake, fotoforensics etc…
    • If content is legit, it can tell alot about partners, customers, org, employees, structure, contacts, social media, …
  • Website metadata
  • Find hidden but public data by google dorking : site: tandbergeiendom.no ext:docx | ext:xlsx | ...
  • Use FOCA for screening a site
  • IPs can show connections or shared infrastructure between seemingly unrelated organizations . Remember, a single hosting can run for various companies sites that are unrelated to, rhey just use the same hosting (e.g wordpress).

Tools #

• Facebook Ads - See all current or past ads and who paid them
• Open Corporates
• DNB paid alternative to open corporates, but often. Has more data.
• EDGAR =>. All the public SEC data in US
• Project On Government Oversight
• USASpending.gov - US Federal Produrement data
• Open Tender EU
• LittleSis - Find connections/network between entities and people
• Whoxy.com - WHOIS lookup
• Nslookup.io - IP Lookup
  • The ASN (autonomous system number) is something you can pivot on
• FOCA fingerprint site
• DNSLytics

Transport Intelligence #

… todo

Tools #

Transportation intelligence #

… todo

• What is SAR
• Difference GPS and GNSS
• AIS-VTS
• Jamming and spoofing GNSS
• JAmming GPS
• erminology: Parts of ships and equipment aboard ships
• Gloassary of Port and Shipping Terms
• Inustrial Control System
• THE GUIDELINES ON CYBER SECURITY ONBOARD SHIPS
• Military Aircraft Insignia
• Visual Aircraft Recognition
• Drone Survival Guide
• Off the Radar: Private Planes Hidden From Public View
• What to Know About Air Cargo Handling
• Airports & Operational Technology: 4 Attack Scenarios
• How to decode your VIN

Tools #

• Shipspotting
• Windy
• Landsat
• earthobservatory
• Sentinel Hub EO Browser
• Soar Satelites
• Google Earth
• Marine Traffic
• Vesselfinder
• National Vulnerability Database
• ArcGis
• AnyTrip - Live rail map Australia
• OpenRailwayMap
• Mobility Portal
• Travel Time Map
• Airline Call Signs
• Plane Spotters
• Flight Radar 24
• adsbexchange - World’s largest source of unfiltered flight data
• Flight Aware
• OpenStreetMap
• AirPortia
• Federal Aviation Administration (FAA)
• FNS NOTAM Search (FAA)
• Temporary Flight Restrictions List (FAA)
• Live Air Traffic
• Fire Information For Resource Management System
• Airport SCADA Solutions
• Model Recognition
• User submitted license plate database
• License Plate Lookup
• Licensen Plates Of The World
• LocaToWeb is a reliable real-time GPS tracker app for Iphone and Android that shares your position to web in real time.
• Trucking Database]

Critical Infrastructure and Industrial intelligence #

… todo

Tools #

Financial intelligence #

… todo

Tools #

Cryptocurrency intelligence #

… todo

Tools #

Non-Fungible Tokens intelligence #

… todo

Tools #

Tools - General #

Search #

• Google
• Bing
• Yandex
• Baidu

Archives #

• WayBackMachine
• Archive.ph
• Auto Archiver - Archive social media and other online content

Workflow #

• Browser Extension - Instant Data Scraper
  • Alternatives

Others #

• Bellingcat Toolkit
• GeoSpy
• https://fakepersongenerator.com
• Shodan.io
• Cyberchef (github)
• Thispersondoesnotexist.com
• Similarweb.com/top-websites
• Google.com/advanced
• Strava.com
• raebaker.net/resources
• PIPL
• https://whatsmyname.app/
• @nixintel
• Sherlock Github
• https://epieos.com/
• weekdays.works
• Whoxy.com
• Viewdns.info
• Emailrep.io (the lower the reputation, the less likely it’s legitimate)
• Haveibeenpwned.com
• IntelligenceX (search breaches)
• Spiderfoot
• Lexisnexis.com
• Https://legal.thomsonreuters.com/en/products/clear-investigation-software
• Sociallinks.io
• TheOrg - Find the org charts of companies
• Belliongcat Filename Finder - Show original file names on google maps

Norway Specific #

• PureHelp
• Finn
• Skattesjekk.no - Check tax of people
• anonymskatt - Check tax of people
• skatteetaten - Check tax of people - not anonymous
• Brønnøysundregistrene - Norway’s central register authority. Contains multiple registers such as the Register of Business Enterprises, the Register of Company Accounts, and the Register of Bankruptcy.
• Proff - A commercial website using data from the Brønnøysund Register Centre and other sources to present company overviews.
  • Maybe you can find here if someone owns or runs a business
• Einnsyn - A centralized service for searching through Norwegian government agencies’ public records (post journals)
• Kvartverket - National authority responsible for mapping, property registration, and geographic data.
• seeiendom - public-facing portal that combines property information from the Norwegian Mapping Authority, the Cadastre, and the Land Register
  • Boretslag Info
  • You can see when debts where made and the price something was purchased, refinancing is also visible
  • Bolig.ai
  • https://www.eiendomspriser.no/
  • Budstikka - Property Transers
  • Eiendom norge
• Domstol - Norwegian court rulings can be made partially available to the public, though privacy restrictions apply and many legal documents are anonymized.
• 1881.no - Online directories for phone numbers, addresses, and sometimes additional public info (e.g., businesses and individuals).
• arkivverket - Repository of historical and archival materials, both for governmental and non-governmental entities.
• NB.no - National repository of publications in various media, some digitized and freely available.
• Vegvesen - Contains Vehicle Information
  • You can check all the cars that someone has owned (require SSN)
  • You can check who (only name) ons a car with a given license plate
• https://www.digitalarkivet.no/
• https://www.doffin.no/ - Database for public procurement
• Public Tenders Database

Resources #

• Deep Dive: Exploring the Real-world Value of Open Sourc
• Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information (9th edition)
• https://www.bellingcat.com
• https://benjaminstrick.com/
• Renee Diresta Blog - If you give a mouse a cookie