Don’t F*** with ThreatPipes

A handful of ThreatPipes modules you can use for OSINT investigations

3 min readDec 31, 2019

Star Wars, Frozen 2, (Don’t F**k With) Cats…

How many of the biggest film releases did you see last month?

My opinion. All were good. Particularly Don’t F**k With Cats.

Most of my family are now OSINT investigators, plugging images into Tineye and extracting the EXIF data to map them on Google Earth.

Inspired, here are a handful of ThreatPipes modules that you might find useful during your next OSINT investigation.

Search engines proved vital in identifying items in Luka’s videos.

Google, Bing, DuckDuckGo, etc. Each search engine has its own strengths. That’s why we search all of them.

If you’re looking to improve your OSINT search skills, check out my post on Google Dorks.

Example ThreatPipes modules you could use to automate web search

Location was a large part of the teams investigation, chasing Luka from North America to Europe, and back.

Mapping an asset, perhaps by IP address, to a location can be useful.

Example ThreatPipes modules you could use to automate location search

Luka used a number of online persona to spin a variety of stories.

Or accounts with the same user id using the following modules.

Example ThreatPipes modules you could use to automate account identification

SPOILER ALERT

Luka was caught after a stroke of luck when recognised at an internet cafe.

The arrest was captured by a web cam streaming from the cafe.

Webcams, doorbells, baby monitors… many can be discovered and accessed by tools like Shodan or Censys.

Example ThreatPipes modules you could use to automate asset discovery

David Greenwood, ThreatPipes Team

Originally published at https://www.threatpipes.com on December 31, 2019.