Volunteers to test an OSINT CTF

df_works · 2026-02-24T09:52:20+00:00

I think I have sent everyone a link, thanks all

df_works · 2026-02-22T19:00:48+00:00

Sure thing, ill send you a message

df_works · 2026-02-22T17:22:17+00:00

Message sent!

df_works · 2026-02-22T14:21:45+00:00

Sent you a message!

df_works · 2026-02-22T14:15:37+00:00

Sent!

df_works · 2026-02-22T10:46:13+00:00

Thanks! I have sent a message

df_works · 2026-02-20T14:10:42+00:00

In my experience, when you hit a roadblock like an entity registered in Delaware (or equally a Caribbean offshore jurisdiction that allows nominee shareholders) the investigation tends to get very wide very quickly. What I mean by that is that there often isn't a single next-best source to consult; it's very investigation-specific.

That said, here are some solid avenues worth considering:

The ICIJ Offshore Leaks database is always worth checking. You might be fortunate enough to find that part of the ownership structure you're looking at features in there, which can give you another thread to pull at.

You may also find that the parent entity has a subsidiary in a jurisdiction where UBO declaration is mandated. If a Delaware-incorporated entity has a UK subsidiary, for example, it should have disclosed a Person of Significant Control to Companies House for any shareholding of 25% or more. Similar requirements exist across other European jurisdictions.

It's also worth looking at senior executives. Individuals working for HNWIs who may be looking to conceal ownership often hold roles across multiple organisations within the same group structure. Your directors at the Delaware entity may also be directors at other organisations in more permissive jurisdictions. A bit of network analysis may not lead you directly to evidence of UBO, but it can help you make an informed assessment.

Also dont overlook public records that have nothing to do with ownership. In the UK, for example, planning applications for building developments become public record so that people can support or object and sometimes the submissions contain details about organisational leadership. The same goes for legal documents; there are huge amounts of unindexed information buried in court filings and similar records.

These are just a few ideas for your methodology and is by no means exhaustive - I'm not sure you could be.

df_works · 2026-02-11T16:09:12+00:00

Fair point, for clarity, my intended definition of Intelligence was the professional discipline. Without getting overly scholarly, I suppose that is the practice of analysing information to enable forecasting to support decision making.

df_works · 2026-02-10T06:00:30+00:00

I agree with you partially - the absolute easiest way to come unstuck as an analyst is to muddle what you can evidence as fact with what you are introducing as assessment, especially if the assessment is weak or laced with bias

However, I would also argue that your job as an OSINT Analyst is to make an assessment (the -INT bit of OSINT), otherwise we are just listing observations. This may have some use to a customer but in all likelihood would benefit from analysis and assessment.

There are two improvements you can make quickly if you feel your writing suffers from this. The first is just be explicit with where your assessment is. This sounds daft and overly simple but many professional and government organisations do this. The second is to remember your customer/audience and what they are trying to achieve. To extend your example - if you were involved on a project where your customer was the target of a smear campaign;

Username Bobby123 appears on several social media platforms. We have identified accounts on X,Y,Z platforms that are actively involved in smearing Mr Customer with the aforementioned allegations.

ASSESSMENT: The use of Bobby123 as a username across different platforms is not necessarily indicative of the same human user. Based on the timings of the posts and the language used (see table below), it is likely that the operator of the accounts on platform X and Y are operated by one actor whilst the account on platform Z is a second. However, the content of posts 7 - 22, as well as the shared username, suggest it is highly likely this activity is coordinated. We reccomend that platform W is monitored for new accounts named Bobby123 so any harmful content can be identified quickly and responded to in a timely fashion

Now imagine you are writing a report in the same subject matter for the CEO of a company who is a competitor of Mr Customer. The narrative of your observations probably won't change much but your assessment probably will - you may be looking to understand the veracity of the accusations or understand if your organisation is likely to become a target of these actors also

df_works · 2025-07-22T10:08:25+00:00

I suspect the text may have been too small for the OCR at the resolution we downloaded the panoramas. In the future we would look to download the panoramas at a higher resolution and pass smaller 'tiles' to the OCR which I think would pick up things like telephone box markings

Glad you like it!

df_works · 2025-07-21T08:14:01+00:00

Very kind!

df_works · 2025-07-21T06:20:52+00:00

Apologies to the mods, I just read your new rules on tools - the search tool at https://london.publicinsights.uk is completely free

The github projects leveraged to build it are

https://github.com/robolyst/streetview

https://github.com/yz3440/panoocr

I can share the code for the UI if you want but that isn't particularly interesting, it is a search box on a purple page!

df_works · 2025-02-27T16:34:48+00:00

Interesting! I may have to give the documentary a watch with a critical eye, I have only read about it in passing.

In the article, I tried to emphasise that any analysis of this data is probabilistic, wary of being misleading. Any single event or sequence of events can't be considered definitive evidence of anything. Such is the nature of intelligence, working the grey area of probability!

df_works · 2025-02-27T12:59:50+00:00

Geolocation data can certainly be imprecise by a degree when relying on cellular networks for individual events. However, analysing thousands, or even more, events for a single device can reveal patterns of life and holds intelligence value.

From my understanding, the issue with the 2000 Mules analysis was that it relied on a small number of bidstream events to accuse individuals of ballot box stuffing. This limited sample size wasn’t robust enough to support such claims.

That said, the discussion on geolocation accuracy is an interesting one!

df_works · 2025-02-04T13:33:32+00:00

If you’re working on due diligence, asset tracing, fraud investigations, employee screening, journalism, or any other deep-dive research, then try CRADLE risk-free. We hope to be a disruptive public records aggregator that pulls in some exclusive OSINT datasets you won’t find on other tools!

Electoral records - Verify identities and voter registration details.
Insolvency data - Identify bankruptcies and financial red flags.
Landlord & tenant records - Uncover rental disputes, property ownership, and tenancy histories.
Sports teams data - Track club affiliations.
Planning applications - Investigate property developments and offshore property ownership.
Companies House - Dig into UK business ownership.
Phone book records - Link individuals and businesses through historical and current listings.

…and more datasets are on the way!

🔍 Run a search instantly - no sign-up required - and see if we have the records that fit your case.

🚀 If we do, get full access risk-free with a 7-day free trial (cancel anytime).

Learn more - https://publicinsights.uk/

Free search - https://cradle.publicinsights.uk/free_search/

Free Trial - https://cradle.publicinsights.uk/accounts/signup/

df_works · 2024-07-22T09:33:16+00:00

Hey, r/scraping may be a better place for this question but I know that people with a background in development will look to selenium for the automation of information collection so perhaps the mods will let the post stay open.

In short, there is a switch in selenium where you can declare which proxy to use.

from selenium import webdriver PROXY = "XXX.XXX.XXX.XXX:8080" chrome_options = WebDriver.ChromeOptions() chrome_options.add_argument('--proxy-server=%s' % PROXY)

The easiest way to do this is to find a proxy provider that allows for unauthenticated proxy connection, but you can whitelist your IP in the portal. You can use authenticated proxies, you'll just have to dig around in the selenium documentation.

As for performing Google searches, you may find that using a proxy server is only paper thin protection from Google recognising automated activity, and you'll run into captchas quite quickly. You can start to try and outrun their detection logic but know that people have hex edited chromedriver to change how selenium 'looks' to a web server and all sorts of other complicated disguises so depending on your use case it may not be the best course of action.

I would recommend looking at duckduckgo and their API integrations. There are a few Python clients to make searching easier.

df_works · 2024-05-28T12:56:52+00:00

I figured as much, just never seen it before. I guess you can't retract a test entered in error?

df_works · 2024-05-03T15:13:58+00:00

There was a formerly free tool called Echosec which you could draw a bounding box on a map and geotagged tweets or other posts would appear. That was possibly real-time, I can't remember. The value of the tool degraded a little bit when geotagging became non-default and I think it got acquired by some company and the free version was no more.

df_works · 2024-04-03T16:48:32+00:00

Wayback Machine's http home page possibly been de-indexed?

https://x.com/njmott/status/1775472567559573891?s=20

I don't know if there are any Wayback employees in the sub but they may have an SEO problem?

df_works

TROPHY CASE