👋 Welcome to the 102nd issue of The OSINT Newsletter. This issue contains OSINT news, community posts, tactics, techniques, and tools to help you become a better investigator. My goal with this newsletter is to help promote the OSINT industry, develop better investigators, and raise awareness of ethical use cases for open source intelligence.
🪃 If you missed the last newsletter, here’s a link to catch up.
⚡ A deep dive into TheBigBrother, a comprehensive OSINT framework
Let’s get started. ⬇️
📰 Geolocating Taliban in the Afghan Desert
Ben walks you through a recent investigation he did in the Afghan desert. He steps through how he identified a base, tracked a flight, located a soldier drop off point, finding a dune strike location, and more.
🎩 H/T: Benjamin Strick
📰 How OSINT Verifies Viral Claims During Wartime Chaos
This video shows how to analyze a viral Reddit claim that Iran bombed its own girls’ school by identifying manipulation signals, evaluating online actors and naming patterns, comparing search results, and verifying wartime claims using government sources, fact-checkers, verification outlets, and cross-model AI.
🎩 H/T: Kirby Plessas
📰 How Wildlife Traffickers Are Using Coded Language to Sell Protected Animals On Facebook
Foeke walks through how to identify coded language on Facebook Marketplace that indicates the sale of protected animals, including screenshots and other evidence collected.
🎩 H/T: Foeke Postma
🔎 OSINT Rack
OSINT Rack is a collection of OSINT tools categorized by use case, blog posts, courses, books, events, and more.
🎩 H/T: Mario Santella
🔎 Tor Node Archive
Tod Node Archive gives you insight into the world of Tor Nodes with a search engine, downloadable dataset, and a changelog.
🎩 H/T:
🔎 CrowdCounter
CrowdCounter estimates how many people are in a photo, saving you the time it takes to count manually. Too bad it doesn’t have an API, Henk!
🎩 H/T: Henk Van Ess
🏁 New CTF Challenge Live – Digital Footprints
A new CTF challenge has been posted on our CTF website. This week’s challenge involves identifying multiple domains linked to a well-known threat actor using only its email address.
Start competing in our Capture the Flag (CTF)
🪃 If you missed the last CTF, here’s a link to catch up.
Last week’s CTF challenge featured a challenge titled “Tracing the Source” where participants needed to identify the username of the Telegram channel that published a promotional message and the name of the telegram channel that was promoted in that message, using only OSINT techniques.
Solution WU :
To solve this challenge, we need to use https://deaddrop.theosintconsultants.com/ to locate the original Telegram message.
By enclosing the message in quotation marks for an exact search (e.g., (”نات ابعثولي الخاص…”) and applying a date filter corresponding to the timestamp (From: 2026-04-01 To: 2026-04-01), we were able to pinpoint a search result that displayed:
-
The username of the channel that posted the message
-
The content of the message
-
The username of the promoted channel
This method allowed us to identify the Telegram channel solely using the message content and the timestamp, as required by the challenge.
✅ That’s it for the free version of The OSINT Newsletter. Consider upgrading to a paid subscription to support this publication and independent research.
By upgrading to paid, you’ll get access to the following:
⚡ OSINT Methods for Archiving and Searching Video by Keyword
-
Learn tools, tactics, and techniques for processing information from videos in a way that’s searchable at scale.
👀 All paid posts in the archive. Go back and see what you’ve missed!
🚀 If you don’t have a paid subscription already, don’t worry there’s a 7-day free trial. If you like what you’re reading, upgrade your subscription. If you can’t, I totally understand. Be on the lookout for promotions throughout the year.
🚨 The OSINT Newsletter offers a free premium subscription to all members of law enforcement. To upgrade your subscription, please reach out to LEA@osint.news from your official law enforcement email address.
