Essential OSINT Resources in 2022 by@officercia

Essential OSINT Resources in 2022

July 15th 2022 1,113 reads
Read on Terminal Reader
Open TLDR
react to story with heart
react to story with light
react to story with boat
react to story with money
OSINT can be used in all spheres of life because it is only a method of working with, assessing and ranking information. Do not ever forget that we are all living in the Information Era. The essence of all directions is the same — the ability to notice in the flow of information valuable information, anomalies, see the differences, carefully analyze the facts and build a logical chain. Today I would like to give you the first lesson, all resources which I will advise you — I studied by myself earlier.
image
CIA Officer's Blog HackerNoon profile picture

CIA Officer's Blog

Investigations & Researches


Today I would like to talk about how to become a good OSINT investigator, but to continue the conversation I would like to make a small disclaimer — I will tell you only some aspects because the topic is very vast and I can not describe everything in one article, however, I will try to show you the way and how to pass this path.


To begin with, I want to say that I will consider OSINT as a set of skills or a mindset, because it can be directly related to doxing, military GEO-INT performed by a security company employee or just media OSINT performed by a VC fund employee in order to find new projects for investment, taking the theory of handshakes as a basis.


Or even a crypto forensics specialist investigating a major Web3.0 hack case. In other words, it can be used in all spheres of life because it is only a method of working with, assessing and ranking information — do not ever forget that we are all living in the Information Era.


image


All of what I said above you can develop in yourself, but the essence of all directions is the same — the ability to notice in the flow of information valuable information, anomalies, see the differences, carefully analyze the facts and build a logical chain. Today I would like to give you the first lesson, all resources which I will advise you — I studied by myself earlier:

Check out:


image


image



image


Didn’t everyone make cheat sheets at school? It’s time to do it again, because in the future it should evolve into a Maltego skill.


image



image

Tips from CIA_Officer:

I can recommend that you turn to an interesting subculture that is suitable for introverts! I am sure that everyone is interested in various strange phenomena in one way or another. Immerse yourself in a net-stalking environment. Sometimes ordinary people were able to solve crimes which the police could not solve for years with OSINT and GEOINT alone (I could put in here links to subreddits, movies and news bulletins but since you and I are now doing OSINT I advise you to find it yourself. A little tip — use searches with different IPs, over different time ranges on different search engines.


The main thing is to remember your health, it is above all, do not let your principles be shaken by what you see. You are an observer. Here well helps to understand the psychology of SCP researchers (when nothing is clear, but the scientific method helps to put everything in its place).


Some NetStalking Resources (use deepl.com for a better translation):




image


Keep in mind that in this part of the Global Internet (I mean OSINT in general, not only the Net-stalking), the percentage of people who are actively looking for problems or need to express their emotions is no different from other places. So, follow OpSec rules and don’t make too many mistakes. Conduct your activities from a separate, isolated device.


image


Once you can distinguish the information, sort it out then the next thing you can do is start practicing. As you know, good practice requires good motivation, and most likely at this point our paths will separate.

Good training materials:


Here is a very good brain-stretching game will help to train associative thinking — a very important skill for anyone in OSINT:


Check out OSINT communities:

Follow top OSINT specialists:


Some will enjoy analyzing imagessatellite images, calculating time and place from the angle of shadows from a photo, or measuring mountain peak size in order to perform private detective investigations. Or doing OSINT in crypto, for example, in which case your motivation will be money and self-fulfillment. Read my channel if you like this topic. Or someone can get into AD-INT which is growing day-by-day right now.

Explore data terminals:


image



image



image


You may want to de-anonymize telegram users (read this channel) or, conversely, join the ranks of counter-OSINT bros. But in doing so, I urge you not to forget the key skills of information retrieval, information analytics, and information application.


I’ll highlight some basic advice for you — evaluate information according to different criteria, always know your “base settings” — it’s good for the mental health, the things you find shouldn’t ruin your foundations. Practice it, do it in your daily life, apply OSINT where it seems un-obvious like mentioned below:


image



image


Join communities, of course and chat, chat! Above I’ve only mentioned English-speaking communities but there are also local ones like osintfr.com, do some research on your own. I’m 100% sure in you! You will succeed!



Blockchain Investigations

| Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology:


image




  • Second, I try to set clusters to check them through Chainalysis or amlbot.com(investigation regime only). See more similar tools there.




Additional tips:

OpSec:

Use dangerzone.rocks if you are working with PDFs and please follow OpSec Guide!


Google Dorks:


References:


Personal Crypto Security & OpSec:

A) Understand that all sorts of blockchain.info, TrustWallet, MetaMask and other wallets are just interfaces.


B) Consider cold wallets, personally I do not trust Ledger or Trezor. There is a hardcore version BitLox Ultimate, which is literally stuffed with security-related features, lets the traffic through Tor, and has several levels of encryption. Or an ascetic cold card which is a good choice for those, who love simple and clear mechanics.


C) Make a cold wallet yourself. For example, from an old smartphone. You can also make a cold wallet with Electrum and let all the traffic through Tor. Know AirGap weak sides.


D) Check what are you signing, if we speak about ETH and similar chains, never use your main cold storage for casual work, but if you have to (for example, sign a gnosis-safe multi-sig (2) (3) transaction), always check if there are no allowance approve(which allows to drain your wallet) or proxy (behind which mentioned function may be hiding). Revoke approvals here. Also do not fall into eth_sign scam (different from approve which can steal only ERC20)!


E) Never use your main cold storage and «Back Office PC» for casual work, but if you have to do it (and you know why you are doing it), use only open-source wallets: alphawallet.comelectrum.orgsparrowwallet.comtryethernal.com


|Check out wallet rating: walletscrutiny.com


F) Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on. That is, ideally, you can not allow physical contact in any case. You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or using 2/3 multi-sig all the time from 3 different devices. Anyway remember, the device must not fall into anyone's hands. One could also create a honeypot wallet and have a script that listens for tx's originating from those addresses that alerts authorities, security companies and/or friends & family that you are under duress, perhaps even sending your location or last known location based off a GPS chip phone with the alerts.


G) Always double check an address you've copied to the clipboard. There is an evil software existing which is called a Clipper - it can replace an address in your clipboard to a very similar-looking hacker's address which has the same symbols in the beginning and in the end as your original address.


H) Be aware of modern attack methods, carefully read step-by-step my Guide and a Compendium, you don't need a deep understanding of how hacks work exactly but that's important to know how does it looks like to be a victim.


I) Cold wallet attacks & defense methods, reading list from CIA:


J) Study threat modeling (2) (3) and establish all possible threats even if they seem crazy to you. Being suspicion is always a good thing. After all, fake news only works best with those who carry it to their acquaintances, becoming a kind of donor. In the same way with attacks, very often you may try to be hacked through acquaintances, pretending to be acquaintances or acquaintances themselves. Always keep this in mind. This world is cruel and dangerous.


K)  For deals use escrow and tx alarm clock and with special services like safient.iosarcophagus.iosafehaven.io.


L) Use OpenSource password storage,reliable communication method from this sheet, use OpSec services, be aware of the latest anonymity and privacy techniques. Carefully read step-by-step my guide once again. Check out all user-side and smart contract side attacks. And NFT attacks as well.


M) Counter-OSINT is important. Read about it more here and here.


N) Go thorough my Auditor Guide.


O) Check out DeFi RoadMap:


image

P) Check out advanced methods here and here.


Use dangerzone.rocks if you are working with PDFs and please follow OpSec Guide!



Carefully study these resources and come back to them as you journey through the world of the hornets, don’t forget the roots. This article does not answer questions, but rather raises some rhetorical questions to encourage you to think about something.


Thank you so much for reading till the end, I will try to formulate my thoughts and write some more articles on this topic in future!


May the Force be with you!



image

Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users!



If you want to support my work, you can send me a donation to the address:


Thank you! ❤️


Also published here.

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!