🕵🏻 Sockpuppets are often essential in OSINT — but building them is tricky. That’s why we’re excited to welcome Espen Ringstad, OSINT expert and advisory board member at SockPuppet, as our next OScon speaker!
Curious about digital tradecraft? Don’t miss it: eventfrog.ch/oscon25
🚨 Tickets are now available! Secure your seat at our very first OSINT conference! eventfrog.ch/oscon25
Our goal is to highlight a wide range of OSINT perspectives so that everyone from curious newcomers to professionals from different fields can walk away with valuable insights and inspiration.
High-resolution photo of Compass Security’s IoT and industrial penetration-testing workspace: on a light wooden workbench a large-lens, black surveillance camera sits half-disassembled beside its white Synology® housing, revealing the internal printed-circuit board, image sensor and ribbon connectors targeted during firmware extraction and vulnerability analysis. A chaotic web of multicolored diagnostic leads, Ethernet patch cables, alligator clips, UART/serial breakout wires and power adapters snakes across the table, illustrating real-world hardware hacking, fault-injection and secure-boot bypass techniques used in red-team assessments of networked CCTV, smart-factory and critical OT devices. The blue pentagonal TROOPERS25 shield logo occupies the upper-right corner, signalling that this lab scene supports Compass Security’s conference presentation on Pwn2Own-grade research into surveillance-camera exploits, remote-code-execution vectors and zero-day discovery. The image underscores expert penetration-testing methodology—threat modeling, reverse engineering, embedded Linux analysis, secure-element probing and API fuzzing.
Thrilled for #TROOPERS25 Thursday! Emanuele & @yvesbieri.bsky.social share #Pwn2Own wins on #surveillance cams. Method, #exploit, lessons. Drop in, trade war-stories!
Talk: troopers.de/troopers25/t...
Compass pentest: www.compass-security.com/en/services/... #cybersecurity #iot #hw #fw #ot
🎉 We’re proud and excited to officially present OScon: our first OSINT Conference in Switzerland!
After founding the association last year, we’re taking the next step: a half-day, in-person event dedicated to Open Source Intelligence.
📍 Save the date:
Friday, 14 November 2025
Volkshaus Zürich
🎉 We’re excited to announce that our official merch store is now live. You can check it out here: boxprint.store/osintswitzer...
✨ We have personally tested the quality of the products and really like how they look and feel!
Have a nice start to the week!
🎉 We’re thrilled to welcome Loránd Bodó to our Advisory Board!
Loránd is a well-respected name in the OSINT world, not only for his expertise in researching violent extremist and terrorist entities online, but also for his engagement in the OSINT community.
Welcome aboard, Loránd!
🕵🏻 Yesterday we had our first General Assembly and it was amazing to reconnect with our members.
We discussed and presented several topics about what has happened so far and what will happen in the near future of OSINT Switzerland.
New blog: The Slow Collapse of Critical Thinking in OSINT due to AI
"OSINT used to be a thinking game. Now it’s becoming a trusting game and that should terrify you."
#OSINT #OSINT4good #AI
Read the blog here: www.dutchosintguy.com/post/the-slo...
Here I described the proccess I used to find it: bsky.app/profile/ivan...
Ich sage es seit einer Dekade: Tech-Journalismus ist Politik-Journalismus. Heute mehr denn je. Ich hoffe das ist jetzt endlich bei allen Redaktionen angekommen.
We discovered a way to find out the date when a profile picture was last uploaded or edited:
● Right-click on the image
● Save the image
● Parse the filename into a Unix timestamp
Even more fascinating is that this technique allows you to extract the exact date when any type of media was uploaded
🔎 We stumbled across a technique that allows to extract the exact date and time of a LinkedIn post on
● Get the post ID from the URL
● Convert the post ID to binary
● Convert the 41 "left-most" bits of the binary back to decimal
● Parse the decimal into a Unix Timestamp.
● That's it!
Thanks, that was actually just a fun side effect of trying to solve something completely different. As you know, I'm not a technical guy, so there's a better chance that teleportation will be invented and trains won't be needed than that I'll find a bug in a line of code :-)
Two displays appear to have possible anomalies:
-image from 22.02.2023 showing an S8 to Pfäffikon SZ twice in a row
-image from 25.10.2024 showing Biel as destination, which should be probabably Lausanne
They are all from displays on tracks 31/32 or 33/34 of Zurich HB. I haven't been able to find any other pictures of other tracks in other stations, and it seems that these error message have been appearing regularly for at least the last two years. Does anyone have additional evidence?
The other day @christian-folini.ch posted a picture of an error message on an SBB display. At first I thought it might be an interesting OSINT challenge to geolocate the image. But then it got even more interesting! I found multiple different picture of the same error and..
This could be a fun OSINT challenge. Just a guess, was this at Zurich HB, Gleis 31/32 Sector D this morning to catch the train to Bern at 08:02? If this is the case, it seems that the insufficient memory problem also caused the Lausanne information to be substituted with Rorschach.
Thx :-)
Welcome to @quiztime.bsky.social and it’s #MondayQuiz
🌶️ What is the most expensive dish?
📮reply just to me with an answer
🤝 reply to all for collaboration
🌈have fun
Yes, I ran the process in the image to extract the Chinese characters. This is how I identified that it was Wen Cheng. Then I used Google Maps to find out which of the four restaurants in Berlin it was. Finally I found an image of the menu, which could also be downloaded from the website.
If I saw it correctly there are two dishes: Biang Biang or Wen Cheng both with Lamb & Cumin for 17,00 € www.google.com/maps/place/W...
🕵🏻 As OSINTers, we are constantly learning new methods of gathering and deriving additional information in different ways. It's always important to test the effectiveness and correctness of the technique on test data (i.e. a fake account) where you know what the expected result should be.
The Compass #Pwn2Own team will be targeting the Alpine iLX-507 In-Vehicle Infotainment at Pwn2Own Automotive #P2OAuto in Tokyo. Turns out it’s a popular target and our colleagues were drawn by @thezdi.bsky.social to attempt an exploit as 8th out of 10 groups targeting the device. Schedule tba
