Nixintel
@nixintel.bsky.social
Steven Harris | OSINT & Cyber Security Specialist | Investigator | Teach OSINT @SANS
Blog: www.nixintel.info
Blog: www.nixintel.info
Reposted by Nixintel
MEIOC
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
January 10, 2025 at 10:47 PM
MEIOC
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
Reposted by Nixintel
The Predicta Lab team worked with NHK journalists to investigate the I-SOON leak. Using Predicta Graph, we mapped relationships between key figures.
🔗 Uncover complex data networks with Predicta Graph: predictagraph.com.
🔗 Uncover complex data networks with Predicta Graph: predictagraph.com.
January 7, 2025 at 3:19 PM
The Predicta Lab team worked with NHK journalists to investigate the I-SOON leak. Using Predicta Graph, we mapped relationships between key figures.
🔗 Uncover complex data networks with Predicta Graph: predictagraph.com.
🔗 Uncover complex data networks with Predicta Graph: predictagraph.com.
Reposted by Nixintel
The OSINTukraine archive #telegram data from 90+ Russian Telegram channels. Help us continue preserving this data:
Telegram Archive
the Telegram Archive with Video and media files on the open web
osintukraine.com
January 3, 2025 at 5:20 AM
The OSINTukraine archive #telegram data from 90+ Russian Telegram channels. Help us continue preserving this data:
Good to be reminded of a timeless investigative lesson: if two pieces of evidence seem to be contradictory it is usually an indicator that one of your assumptions is incorrect.
Obvious when you think about it, but sometimes hard to see when it's right in front of you 😉
Obvious when you think about it, but sometimes hard to see when it's right in front of you 😉
January 2, 2025 at 11:37 PM
Good to be reminded of a timeless investigative lesson: if two pieces of evidence seem to be contradictory it is usually an indicator that one of your assumptions is incorrect.
Obvious when you think about it, but sometimes hard to see when it's right in front of you 😉
Obvious when you think about it, but sometimes hard to see when it's right in front of you 😉
This looks like a chance for some #geolocation fun 👇
It's been almost 2 weeks, since we launched www.findthatspot.io as a publicbeta - and it's amazing to see how different people are testing it.
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
SPOT - the easy way to verify locations
Spot is a tool for finding combinations of objects in the public space world-wide.
www.findthatspot.io
December 18, 2024 at 9:33 PM
This looks like a chance for some #geolocation fun 👇
Reposted by Nixintel
It's been almost 2 weeks, since we launched www.findthatspot.io as a publicbeta - and it's amazing to see how different people are testing it.
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
SPOT - the easy way to verify locations
Spot is a tool for finding combinations of objects in the public space world-wide.
www.findthatspot.io
December 16, 2024 at 10:56 AM
It's been almost 2 weeks, since we launched www.findthatspot.io as a publicbeta - and it's amazing to see how different people are testing it.
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
We're taking another dive into feedback before the 🎄-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
Sure you're an APT who pwn governments all day but can you correctly configure parental controls for Alexa and Google Nest?
riddle me this riddle me that is written in yellow letters
ALT: riddle me this riddle me that is written in yellow letters
media.tenor.com
December 15, 2024 at 1:30 PM
Sure you're an APT who pwn governments all day but can you correctly configure parental controls for Alexa and Google Nest?
Reposted by Nixintel
I have organized (somewhat) an OSINT OPML feed. This will be updated periodically. The first version is linked here.
knowledgebase.plessas.net/OSINT-Feeds-...
knowledgebase.plessas.net/OSINT-Feeds-...
OSINT Feeds | Notion
The following are the OSINT blogs, podcasts and other feeds available in the database.
knowledgebase.plessas.net
December 13, 2024 at 5:05 PM
I have organized (somewhat) an OSINT OPML feed. This will be updated periodically. The first version is linked here.
knowledgebase.plessas.net/OSINT-Feeds-...
knowledgebase.plessas.net/OSINT-Feeds-...
The Delusions of Crowds by William Bernstein digs into this phenomenon and is well worth reading.
What we're seeing in New Jersey is mass psychogenic illness (mass hysteria), which is fascinating. I think people are reluctant to believe that so many NJers really are posting photos of obvious planes & helicopters and saying they're drones–because it's scary! www.404media.co/wtf-is-going...
WTF Is Going on With the New Jersey Mystery Drones? Maybe Mass Panic Over Nothing
The New Jersey drone situation is very interesting. We've also seen this story before.
www.404media.co
December 13, 2024 at 10:21 PM
The Delusions of Crowds by William Bernstein digs into this phenomenon and is well worth reading.
Reposted by Nixintel
The Office of the Director of National Intelligence issued a warning for industrial sabotage - one of the indicators points to online posts made by potential perpetrators.
December 4, 2024 at 3:02 PM
The Office of the Director of National Intelligence issued a warning for industrial sabotage - one of the indicators points to online posts made by potential perpetrators.
Reposted by Nixintel
One of my favorite search operators is „filetype:“ - PDFs or office docs often contain compressed and valuable information. Here‘s an example. Let‘s say I‘m looking into the Russian FSB and I want to find phone numbers and email addresses to conduct further research. Their domain is „fsb.ru“
December 3, 2024 at 7:28 PM
One of my favorite search operators is „filetype:“ - PDFs or office docs often contain compressed and valuable information. Here‘s an example. Let‘s say I‘m looking into the Russian FSB and I want to find phone numbers and email addresses to conduct further research. Their domain is „fsb.ru“
Reposted by Nixintel
I've put together an OSINT starter kit. Let's unite the OSINT community on Bluesky!
go.bsky.app/GaTRbT3
go.bsky.app/GaTRbT3
November 22, 2024 at 6:16 PM
I've put together an OSINT starter kit. Let's unite the OSINT community on Bluesky!
go.bsky.app/GaTRbT3
go.bsky.app/GaTRbT3
For those not familiar with Russia's weekly threats to launch nuclear weapons, United Media has been keeping track. Roughly 70 threats since the 2022 invasion.
The threat *is* the deterrence.
We will still be here tomorrow.
united24media.com/war-in-ukrai...
The threat *is* the deterrence.
We will still be here tomorrow.
united24media.com/war-in-ukrai...
A Timeline of Russia’s Nuclear Threats Against the West
While Russia frequently accuses the West of escalation, we look at all the times Russia has made nuclear threats against the West.
united24media.com
November 19, 2024 at 9:49 PM
For those not familiar with Russia's weekly threats to launch nuclear weapons, United Media has been keeping track. Roughly 70 threats since the 2022 invasion.
The threat *is* the deterrence.
We will still be here tomorrow.
united24media.com/war-in-ukrai...
The threat *is* the deterrence.
We will still be here tomorrow.
united24media.com/war-in-ukrai...
Fascinating use of ship tracking resources to link the Yi Peng 3 to the Baltic Sea cable sabotage. Currently looks like the ship has been stopped by the Danish navy.
Chinese-flagged cargo ship Yi Peng 3 crossed both submarine cables C-Lion 1 and BSC at times matching when they broke.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
November 19, 2024 at 8:04 PM
Fascinating use of ship tracking resources to link the Yi Peng 3 to the Baltic Sea cable sabotage. Currently looks like the ship has been stopped by the Danish navy.
Reposted by Nixintel
Chinese-flagged cargo ship Yi Peng 3 crossed both submarine cables C-Lion 1 and BSC at times matching when they broke.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
November 19, 2024 at 9:50 AM
Chinese-flagged cargo ship Yi Peng 3 crossed both submarine cables C-Lion 1 and BSC at times matching when they broke.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
Reposted by Nixintel
[ #SOCMINT #TELEGRAM ] Telegram For Cyber Investigators
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...
#osint
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...
#osint
Nixintel Open Source Intelligence & Investigations Telegram For Cyber Investigators
Telegram is one of the most important platforms for OSINT investigators. I joined the Needlestack podcast to discuss how Telegram works and shared some practical OSINT advice along the way.
nixintel.info
November 19, 2024 at 6:18 PM
[ #SOCMINT #TELEGRAM ] Telegram For Cyber Investigators
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...
#osint
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...
#osint
Here are few interesting #OSINT resources relating to undersea cables.
Semantic Net contains location and status information for undersea cables and data centres.
www.semanticnet.net
Semantic Net contains location and status information for undersea cables and data centres.
www.semanticnet.net
SemanticNet: Internet infrastructure data
SemanticNet - Detailed Internet infrastructure data to help untangle the complexity of the Internet’s global architecture. Data, analysis and reports.
www.semanticnet.net
November 18, 2024 at 10:52 PM
Here are few interesting #OSINT resources relating to undersea cables.
Semantic Net contains location and status information for undersea cables and data centres.
www.semanticnet.net
Semantic Net contains location and status information for undersea cables and data centres.
www.semanticnet.net
Reposted by Nixintel
Share it & let the #OSINT community grow!
OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiasts🚢 go.bsky.app/ScoHkM9
📡 #GEOINT #IMINT #SAT🛰️ Enthusiasts go.bsky.app/PzSSWrC
OSINT ❗BREAKING❗NEWS 🗞️ go.bsky.app/446515N
OSINT 💻 Cyber Enthusiasts🤖 go.bsky.app/N4W14ch
OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiasts🚢 go.bsky.app/ScoHkM9
📡 #GEOINT #IMINT #SAT🛰️ Enthusiasts go.bsky.app/PzSSWrC
OSINT ❗BREAKING❗NEWS 🗞️ go.bsky.app/446515N
OSINT 💻 Cyber Enthusiasts🤖 go.bsky.app/N4W14ch
November 13, 2024 at 9:15 PM
Share it & let the #OSINT community grow!
OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiasts🚢 go.bsky.app/ScoHkM9
📡 #GEOINT #IMINT #SAT🛰️ Enthusiasts go.bsky.app/PzSSWrC
OSINT ❗BREAKING❗NEWS 🗞️ go.bsky.app/446515N
OSINT 💻 Cyber Enthusiasts🤖 go.bsky.app/N4W14ch
OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiasts🚢 go.bsky.app/ScoHkM9
📡 #GEOINT #IMINT #SAT🛰️ Enthusiasts go.bsky.app/PzSSWrC
OSINT ❗BREAKING❗NEWS 🗞️ go.bsky.app/446515N
OSINT 💻 Cyber Enthusiasts🤖 go.bsky.app/N4W14ch
It's interesting to see how the cutting of two undersea cables in the #Baltic spirals.
We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.
1/
We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.
1/
SIX incidents in short succession now.
5: Olkiluoto NPP taken offline due to turbine issues yesterday
6: Emergency Shutdown (Scram) at Loviisa Finnish Nuclear Power Plant today 20:55 local time.
"Once is happenstance, twice is coincidence, three times is enemy action!"
5: Olkiluoto NPP taken offline due to turbine issues yesterday
6: Emergency Shutdown (Scram) at Loviisa Finnish Nuclear Power Plant today 20:55 local time.
"Once is happenstance, twice is coincidence, three times is enemy action!"
FOUR incidents today.
- Cinia Cable between .fi and .de
- Telia Cable between .swe and .lt
- British Airways IT outage
- Johan Sverdrup oilfield power outage
One can be a random event. FOUR?
No bueno.
- Cinia Cable between .fi and .de
- Telia Cable between .swe and .lt
- British Airways IT outage
- Johan Sverdrup oilfield power outage
One can be a random event. FOUR?
No bueno.
November 18, 2024 at 10:16 PM
It's interesting to see how the cutting of two undersea cables in the #Baltic spirals.
We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.
1/
We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.
1/
Extremely windy climb into #StormKathleen but worth it for the view.
April 6, 2024 at 2:54 PM
Extremely windy climb into #StormKathleen but worth it for the view.
Reposted by Nixintel
Another Monday filled with interesting articles, tips and news. This Week in #OSINT is brought to you by:
@mwosint.bsky.social @bashinho.de @fs0c131y.com @christinalekati.bsky.social @nixintel.bsky.social
sector035.nl/articles/202...
@mwosint.bsky.social @bashinho.de @fs0c131y.com @christinalekati.bsky.social @nixintel.bsky.social
sector035.nl/articles/202...
Week in OSINT 202410
Welcome to another very lengthy update from the world of OSINT, with some Google searches, strategy and a hint of Insta and Snaps...
One of
sector035.nl
March 11, 2024 at 7:01 AM
Another Monday filled with interesting articles, tips and news. This Week in #OSINT is brought to you by:
@mwosint.bsky.social @bashinho.de @fs0c131y.com @christinalekati.bsky.social @nixintel.bsky.social
sector035.nl/articles/202...
@mwosint.bsky.social @bashinho.de @fs0c131y.com @christinalekati.bsky.social @nixintel.bsky.social
sector035.nl/articles/202...
Reposted by Nixintel
it’s time to burn the incense,
it’s time to slay the sheep,
it’s time to wake the muppets,
from a thousand years of sleep.
it’s time to raze existence,
it’s time to banish light,
it’s time to call the void in,
on the muppet show tonight.
it’s time to slay the sheep,
it’s time to wake the muppets,
from a thousand years of sleep.
it’s time to raze existence,
it’s time to banish light,
it’s time to call the void in,
on the muppet show tonight.
February 10, 2024 at 7:02 AM
it’s time to burn the incense,
it’s time to slay the sheep,
it’s time to wake the muppets,
from a thousand years of sleep.
it’s time to raze existence,
it’s time to banish light,
it’s time to call the void in,
on the muppet show tonight.
it’s time to slay the sheep,
it’s time to wake the muppets,
from a thousand years of sleep.
it’s time to raze existence,
it’s time to banish light,
it’s time to call the void in,
on the muppet show tonight.
Reposted by Nixintel
Had a great time @hackerhotel.bsky.social !
Thanks for letting me talk about #OSINT and how #AI fuels #disinformation #hackerhotel
Thanks for letting me talk about #OSINT and how #AI fuels #disinformation #hackerhotel
February 11, 2024 at 7:14 PM
Had a great time @hackerhotel.bsky.social !
Thanks for letting me talk about #OSINT and how #AI fuels #disinformation #hackerhotel
Thanks for letting me talk about #OSINT and how #AI fuels #disinformation #hackerhotel
Reposted by Nixintel
Will you look at that! It is another episode of Week in #OSINT that suddenly appears… All thanks to the free roaming spirits of:
@osinttechniques.bsky.social @bashinho.de @tlmn.bsky.social @needlestackpod.bsky.social @webbreacher.com @trbrtc.bsky.social
sector035.nl/articles/202...
@osinttechniques.bsky.social @bashinho.de @tlmn.bsky.social @needlestackpod.bsky.social @webbreacher.com @trbrtc.bsky.social
sector035.nl/articles/202...
February 12, 2024 at 7:04 AM
Will you look at that! It is another episode of Week in #OSINT that suddenly appears… All thanks to the free roaming spirits of:
@osinttechniques.bsky.social @bashinho.de @tlmn.bsky.social @needlestackpod.bsky.social @webbreacher.com @trbrtc.bsky.social
sector035.nl/articles/202...
@osinttechniques.bsky.social @bashinho.de @tlmn.bsky.social @needlestackpod.bsky.social @webbreacher.com @trbrtc.bsky.social
sector035.nl/articles/202...