Nixintel

MEIOC

#Python automation tool to extract information from EML files:

Headers
Detailed server relay hops (IP addresses involved)

Extracted URLS/domains
Attachments with calculated hashes.

SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)

github.com/drego85/meioc

The Predicta Lab team worked with NHK journalists to investigate the I-SOON leak. Using Predicta Graph, we mapped relationships between key figures.

🔗 Uncover complex data networks with Predicta Graph: predictagraph.com.

The OSINTukraine archive #telegram data from 90+ Russian Telegram channels. Help us continue preserving this data:

Good to be reminded of a timeless investigative lesson: if two pieces of evidence seem to be contradictory it is usually an indicator that one of your assumptions is incorrect.

Obvious when you think about it, but sometimes hard to see when it's right in front of you 😉

This looks like a chance for some #geolocation fun 👇

SPOT - the easy way to verify locations Spot is a tool for finding combinations of objects in the public space world-wide.

It's been almost 2 weeks, since we launched www.findthatspot.io as a publicbeta - and it's amazing to see how different people are testing it.

We're taking another dive into feedback before the 🎄-break today to see what we can improve.

Give it a try, if you haven't had the chance yet!

riddle me this riddle me that is written in yellow letters ALT: riddle me this riddle me that is written in yellow letters

Sure you're an APT who pwn governments all day but can you correctly configure parental controls for Alexa and Google Nest?

OSINT Feeds | Notion The following are the OSINT blogs, podcasts and other feeds available in the database.

I have organized (somewhat) an OSINT OPML feed. This will be updated periodically. The first version is linked here.

knowledgebase.plessas.net/OSINT-Feeds-...

The Delusions of Crowds by William Bernstein digs into this phenomenon and is well worth reading.

The Office of the Director of National Intelligence issued a warning for industrial sabotage - one of the indicators points to online posts made by potential perpetrators.

One of my favorite search operators is „filetype:“ - PDFs or office docs often contain compressed and valuable information. Here‘s an example. Let‘s say I‘m looking into the Russian FSB and I want to find phone numbers and email addresses to conduct further research. Their domain is „fsb.ru“

Tough on crime.

I've put together an OSINT starter kit. Let's unite the OSINT community on Bluesky!

go.bsky.app/GaTRbT3

A Timeline of Russia’s Nuclear Threats Against the West While Russia frequently accuses the West of escalation, we look at all the times Russia has made nuclear threats against the West.

For those not familiar with Russia's weekly threats to launch nuclear weapons, United Media has been keeping track. Roughly 70 threats since the 2022 invasion.

The threat *is* the deterrence.

We will still be here tomorrow.

united24media.com/war-in-ukrai...

Fascinating use of ship tracking resources to link the Yi Peng 3 to the Baltic Sea cable sabotage. Currently looks like the ship has been stopped by the Danish navy.

Chinese-flagged cargo ship Yi Peng 3 crossed both submarine cables C-Lion 1 and BSC at times matching when they broke.

She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.

No signs of boarding. AIS-caveats apply.

Nixintel Open Source Intelligence & Investigations Telegram For Cyber Investigators Telegram is one of the most important platforms for OSINT investigators. I joined the Needlestack podcast to discuss how Telegram works and shared some practical OSINT advice along the way.

[ #SOCMINT #TELEGRAM ] Telegram For Cyber Investigators
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...

#osint

Probably in the case of undersea cables. But the power stations, oil rigs, British Airways?

No evidence yet of coordinated sabotage. The coincidence is likely illusory.

Nixintel's OSINT Resource List - start.me Translation missing: en.startpage_default_description

I've started to add these and some other bookmarks to the CNI section of my #OSINT resource collection.

start.me/p/rx6Qj8/nix...

Cloud service provider status pages can also act as a proxy for undersea cable status.

In this case the CLion1 outage showed up in Hetzner's status page.

status.hetzner.com/incident/ec8...

Semantic Net is the source for Fiber Atlantic.
It shows the approximate route of undersea cables and their current status.

#CLion1 shown in the image below.

www.fiberatlantic.com

SemanticNet: Internet infrastructure data SemanticNet - Detailed Internet infrastructure data to help untangle the complexity of the Internet’s global architecture. Data, analysis and reports.

Here are few interesting #OSINT resources relating to undersea cables.

Semantic Net contains location and status information for undersea cables and data centres.

www.semanticnet.net

Share it & let the #OSINT community grow!

OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiasts🚢 go.bsky.app/ScoHkM9
📡 #GEOINT #IMINT #SAT🛰️ Enthusiasts go.bsky.app/PzSSWrC
OSINT ❗BREAKING❗NEWS 🗞️ go.bsky.app/446515N
OSINT 💻 Cyber Enthusiasts🤖 go.bsky.app/N4W14ch

We also need much more information before deciding that today saw one of the biggest CNI attacks of all time.

/end

This does not exclude the possiblilty that the outages are malicious, but zooming out a little shows that NPP failures are regular occurrences.

Clustering illusions feel right, but we always need to seek evidence to the contrary.

6/

So is there are pattern, or are we seeing things?

#Loviisa has suffered three unplanned outages already this year.

#Olkiluoto has had four, including one this month already.

5/

umm.nordpoolgroup.com#/messages/3e...

umm.nordpoolgroup.com#/messages/e5...

Nord Pool provides up to date information about power availability across Europe.

The nuclear power plant failures at #Loviisa and #Olkiluoto both show up here.

umm.nordpoolgroup.com#/messages?pu...

4/

...also two Finnish nuclear power plants also went offline today.

Must be Russian sabotage, can't be coincidence right?

Maybe it is, but we need more evidence than mere happenstance.

There are some open sources that can help to determine the full extent of the pattern. #OSINT

3/

2/ Apophenia/clustering illusion is the tendency to see a pattern in data or events that does not really exist.

It is natural human behaviour but contrary to sound analysis.

Two undersea cables are cut - likely due to sabotage (but accident has not yet been publicly ruled out)...

2/

It's interesting to see how the cutting of two undersea cables in the #Baltic spirals.

We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.

1/