MEIOC
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
The Predicta Lab team worked with NHK journalists to investigate the I-SOON leak. Using Predicta Graph, we mapped relationships between key figures.
π Uncover complex data networks with Predicta Graph: predictagraph.com.
The OSINTukraine archive #telegram data from 90+ Russian Telegram channels. Help us continue preserving this data:
Good to be reminded of a timeless investigative lesson: if two pieces of evidence seem to be contradictory it is usually an indicator that one of your assumptions is incorrect.
Obvious when you think about it, but sometimes hard to see when it's right in front of you π
This looks like a chance for some #geolocation fun π
It's been almost 2 weeks, since we launched www.findthatspot.io as a publicbeta - and it's amazing to see how different people are testing it.
We're taking another dive into feedback before the π-break today to see what we can improve.
Give it a try, if you haven't had the chance yet!
Sure you're an APT who pwn governments all day but can you correctly configure parental controls for Alexa and Google Nest?
I have organized (somewhat) an OSINT OPML feed. This will be updated periodically. The first version is linked here.
knowledgebase.plessas.net/OSINT-Feeds-...
The Delusions of Crowds by William Bernstein digs into this phenomenon and is well worth reading.
The Office of the Director of National Intelligence issued a warning for industrial sabotage - one of the indicators points to online posts made by potential perpetrators.
Tough on crime.
I've put together an OSINT starter kit. Let's unite the OSINT community on Bluesky!
go.bsky.app/GaTRbT3
For those not familiar with Russia's weekly threats to launch nuclear weapons, United Media has been keeping track. Roughly 70 threats since the 2022 invasion.
The threat *is* the deterrence.
We will still be here tomorrow.
united24media.com/war-in-ukrai...
Fascinating use of ship tracking resources to link the Yi Peng 3 to the Baltic Sea cable sabotage. Currently looks like the ship has been stopped by the Danish navy.
Chinese-flagged cargo ship Yi Peng 3 crossed both submarine cables C-Lion 1 and BSC at times matching when they broke.
She was shadowed by Danish navy for a while during night and is now in Danish Straits leaving Baltics.
No signs of boarding. AIS-caveats apply.
[ #SOCMINT #TELEGRAM ] Telegram For Cyber Investigators
(by @nixintel.bsky.social):
nixintel.info/osint/telegr...
#osint
Probably in the case of undersea cables. But the power stations, oil rigs, British Airways?
No evidence yet of coordinated sabotage. The coincidence is likely illusory.
I've started to add these and some other bookmarks to the CNI section of my #OSINT resource collection.
start.me/p/rx6Qj8/nix...
Cloud service provider status pages can also act as a proxy for undersea cable status.
In this case the CLion1 outage showed up in Hetzner's status page.
status.hetzner.com/incident/ec8...
Semantic Net is the source for Fiber Atlantic.
It shows the approximate route of undersea cables and their current status.
#CLion1 shown in the image below.
www.fiberatlantic.com
Here are few interesting #OSINT resources relating to undersea cables.
Semantic Net contains location and status information for undersea cables and data centres.
www.semanticnet.net
Share it & let the #OSINT community grow!
OSINT in general go.bsky.app/TSvKc6o
Flight Trackers go.bsky.app/NKZeoR9
Ship Enthusiastsπ’ go.bsky.app/ScoHkM9
π‘ #GEOINT #IMINT #SATπ°οΈ Enthusiasts go.bsky.app/PzSSWrC
OSINT βBREAKINGβNEWS ποΈ go.bsky.app/446515N
OSINT π» Cyber Enthusiastsπ€ go.bsky.app/N4W14ch
We also need much more information before deciding that today saw one of the biggest CNI attacks of all time.
/end
This does not exclude the possiblilty that the outages are malicious, but zooming out a little shows that NPP failures are regular occurrences.
Clustering illusions feel right, but we always need to seek evidence to the contrary.
6/
So is there are pattern, or are we seeing things?
#Loviisa has suffered three unplanned outages already this year.
#Olkiluoto has had four, including one this month already.
5/
umm.nordpoolgroup.com#/messages/3e...
umm.nordpoolgroup.com#/messages/e5...
Nord Pool provides up to date information about power availability across Europe.
The nuclear power plant failures at #Loviisa and #Olkiluoto both show up here.
umm.nordpoolgroup.com#/messages?pu...
4/
...also two Finnish nuclear power plants also went offline today.
Must be Russian sabotage, can't be coincidence right?
Maybe it is, but we need more evidence than mere happenstance.
There are some open sources that can help to determine the full extent of the pattern. #OSINT
3/
2/ Apophenia/clustering illusion is the tendency to see a pattern in data or events that does not really exist.
It is natural human behaviour but contrary to sound analysis.
Two undersea cables are cut - likely due to sabotage (but accident has not yet been publicly ruled out)...
2/
It's interesting to see how the cutting of two undersea cables in the #Baltic spirals.
We don't have any significant public comment from investigating officials yet, but already the eternal problem of analytical bias rears its head.
1/
