On today's Layer 8 Podcast, we have @shibasec.bsky.social from Maltego talking about CTFs and investigations, including one where he lifted the curtain on pig butchering scams. He found it to be a "scam as a service" offering with scripts, personas and more.
open.spotify.com/episode/3fKd...
Since our CTF closed yesterday, I thought I would do a quick recap of the problems I encountered (and how to solve them) when writing challenges.
medium.com/@shibaosint/...
Participants explored challenges with topics ranging from terrorist group, online casinos, WHOIS registries, PMCs operating in Africa to a Russian shadow fleet tanker. I had the pleasure to design the challenges along with the CIRAT team from @mercyhurst.bsky.social.
Maltego community CTF happened last Saturday, it was a wild 4h ride. If you missed it do not worry: we are leaving the platform open until February 17! Go to maltego.ctfd.io and give it a shot. There is something for everyone, regardless of your experience level. No paid tools needed.
Maltego is organizing an OSINT CTF. It will run tomorrow from 15:00 to 19:00 CET. Every level is welcome, no paid tools needed. Feel free to drop in and test the waters or to compete seriously and try to win a prize. Registration here: maltego.ctfd.io. You can also go to our Discord to find a team ⬇️
Ever wanted to explore the @icij.org Offshore Leaks Database in Maltego? You can now do so with this local integration.
➡️github.com/shibaOSINT/Offshore-Leak...
Both the school and the temple are in the same region, 40 km apart. Let's begin by exploring the road linking them on Google Street View: road number 2006. After a few minute we find the challenge's location: 13.9159829,101.8389441 (5/5)
The third sign will require a bit more work, OCR does not give us anything useful but both phone numbers give us a result for a web search: a school and a cattery. The cattery does not have an address listed on its page and has not posted since 2016, let's discard it. (4/5)
The first sign gives us"วัดโคกขี้เหล็ก" which after a quick web search leads us to a Buddhist Temple in Thailand (3/5)
First thing that we notice is the numerous signs in Thai script. After passing them through OCR and Google Translate we discover some useful information (2/5)
A short thread about an interesting geolocation challenge from Hack.lu CTF by @fluxfingers.net 🧵⬇️(1/5) #geolocation #geoguessr #OSINT
#BurkinaFaso
Geolocations of the JNIM attack on Tanwalbougou (12.0554, 0.7805) by @chrisadayton.bsky.social & @ influhunter (on X)
14.06 #Mali
According to a government communique, while returning from a mission yesterday (presumably taking part in the airstrike against FLA fighters near Aguelhok) the Su-24 was forced to ditch in the Niger river near Gao due to "adverse atmospheric conditions"
Cool open-source investigative tool I just learned about: alltext.nyc. It lets you search any text found in Google Street View images from 2007 to 2024— graffiti, shop signs, street text, you name it. Just type in what you see, and see what pops up.
a post by Vleckie: "Allright, time for me to go through the mud. Based on satellite imagery I'd marked this quarry as an underground base, and tweeted is out as such. I'm fairly certain Centcom doesn't take their targeting data from Twitter, but this still is a very severe mistake."
ICYMI: on Twitter, an OSINTer ('Vleckie') is being blamed for a US airstrike in Yemen that killed 8 civilians.
in a thread, she'd marked a group of houses as an underground bunker — from satellite imagery alone. those houses (not a bunker) were subject to a US airstrike. 8 innocent people dead.
"These are the first two fighter jets in history to be downed by an uncrewed surface drone, but they are unlikely to be the last."
As a bonus, we can also search for the picture of the rainbow flag they used: searching "гей-флаг" on Yandex yields the exact same flag withing the first page of results.
By doing a reverse image search on the content of the Facebook post, we find this picture, showing which flag the people in our original photo are really holding. Several videos of the event have also been posted, not a single rainbow flag in sight.
Searching the picture on Google Lens leads us to a Facebook post mentioning a demonstration in Tinzaouaten (Mali). It doesn't contain the original picture, but there is a similar one with some of the same people. An FLA (Azawad Liberation Front) flag can also be seen: cyan, yellow, red and white.
Whenever you suspect that an image might have been altered, Error Level Analysis (ELA) can reveal areas likely to have been modified. For more information on how to use ELA, check out this Bellingcat article from @annique.bsky.social
www.bellingcat.com/resources/20...
Caption: 🌴🇲🇱 Азавадские пастухи, как и их чубатые братишки, на самом деле стоят за западные ценности, чуждые здоровому человеку. Всë остальное, звучащее с их ротовых полостей, обман. ЛГБТ, бача-бази, скотоложество, наркотрафик, контрабанда золота и оружия, работорговля, терроризм - неполный перечень их борьбы.
🇲🇱🇷🇺 A Wagner affiliated Telegram channel posted this awkward photoshop yesterday, saying the people in the picture support LGBT rights, identifying them as "Azawad shepherds". Let's take this as an occasion to learn how to find the context of a doctored picture and prove the trickery 🧵⬇️ #Wagner #Mali
In this upcoming GIJN webinar, we’ll explore how investigative journalists can document human rights abuses in war zones, with a focus on methods to ensure the info gathered can later be used by legal investigators or international courts.
Register now: https://twp.ai/9PQx3o
Defend the Internet Archive. Protect the Wayback Machine. Tell the music labels: Drop the 78s lawsuit. Sign our open letter on change.org
📢 The Internet Archive needs your help.
At a time when information is being rewritten or erased online, a $700 million lawsuit from major record labels threatens to destroy the Wayback Machine.
Tell the labels to drop the 78s lawsuit.
👉 Sign our open letter: www.change.org/p/defend-the...
🧵⬇️
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
New blogpost about a military convoy (100+ containers) in #Mali.
#OSINT #Geolocation #FAMAs #AfricaCorps #WagnerPMC
For more on that subject you can read this thread by @tatarigami.bsky.social in collaboration with @casusbelli.bsky.social on a similar convoy from earlier this year.
The gas station in the background allows us to geolocate the footage easily. It was taken on a roundabout at 12.612658°, -8.044582°. Shown on the 3rd image is the position of the two video as well as the direction of the convoy.
We can confirm that this is the same convoy shown in the first video thanks to the painted marks on the trucks as well as their license plates. Here are a few examples.
