“OSINT Investigations: We know what you did that summer” Notes

OSINT Investigations: We know what you did that summer by Information Warfare Center is packed with OSINT advice and resources, including tools. It has step-by-step instructions with screenshots. Because it’s a collection of articles from several authors, it reads more like a magazine than a cohesive book. Two authors are contributors to CSI Linux.

My notes follow.

OSINT Investigations: We know what you did that summer by Information Warfare Center

This page contains one or more affiliate links. As an Amazon Associate, I earn from qualifying purchases.

OSINT tools

• ReconSpider: aggregate raw data, visualize it on a dashboard, facilitate alerts and monitoring
• OSINT VMs: Kali, CSI Linux, Deft, CAINE
• Dradis CE: project framework for collaboration and reporting, with integrations with many tools
• OpenCTI: knowledge management database for CTI and cyber ops
• Karma: passive OSINT automated recon framework
• Hunch.ly: collects, documents, annotates every website you visit
• Aware Online: search for lost/deleted tweets
• Maltego: visualize data for link analysis and data mining
• Karmerka GUI: IoT & ICS recon tool
• Sublist3r: subdomain enumerator
• DNSRecon: DNS data collection
• ReconDog: vulnerability scanner for website and web apps
• ThreatResponder Forensics: agentless software to see if Windows endpoint is infected, online, offline, on-prem, in cloud

Learning OSINT

OSINT experts

• @OSINTJustInCase
• inteltechniques.com
• osintcurio.us
• nixintel.info
• keyfindings.blog
• dutchosintguy.com
• medium.com/@sector035
• osinttechniques.com
• webbreacher.com
• technisette.com
• benjaminstrick.com
• bellingcat.com
• radter-osint.com

OSINT learning resources

• Search “OSINT site:medium.com”
• Search “OSINT site:site.me”
• Null Byte’s OSINT videos on YouTube
• training.csilinux.com, csilinux.com/tutorials

OSINT community projects

• @OpenSourceLeads
• europol.europa.eu/stopchildabuse
• tracelabs.org

OSINT practice

• @quiztime
• ctf.cybersoc.wales

Sock puppets

Sock puppet persona generators

• fakepersongenerator.com
• elfqrin.com/fakeid.php
• random-character.com
• rangen.co.uk

Persona photo generators

• thispersondoesnotexist.com
• boredhumans.com
• generated.photos

Sock puppet social media account creation

1. Use public Wi-Fi, not Tor or VPN
2. Use persona’s non-VoIP burner phone number for verification
3. Never tie account to your real accounts
4. Change account’s phone number to a VoIP number
5. Log out, then back in
6. Start adding info to account

Age account (make it look real) by using same Wi-Fi where you created account to create content and take actions (like, comment, share, add friends, etc.).

VPNs & Tor

Kape Technologies has contributed to malware and adware distribution, and has acquired ExpressVPN, Private Internet Access, Zenmate, and CyberGhost.

Connecting to VPN before Tor provides better security; connecting to Tor before VPN provides better anonymity. Both approaches have downsides.

Dark web

Dark web search engines: ahmia.fi, Torch, DuckDuckGo Dark Web

TorBox: dark web email service

OSINT Investigations: We know what you did that summer (Cyber Secrets)