Here's the blog post on my new tool: https://t.co/glSVd0u7Rr Unfurl takes a URL🔗 and expands ("unfurls") it to show all the data it contains. It's amazing how much can be hidden inside URLs! Take it for a spin and tell me what interesting stuff you find🔗🌿#DFIR #Python

@GergelyOrosz FYI that link in the screenshot is acquired by the user tapping "Copy Link" button from the Twitter app on iPhone. That's what the parameter "s=46" means. It's safe to also drop that from the final URL. Here's where I got the s-parameter table to look up: https://t.co/h9Dl8IgW7e

There's a new Unfurl release! v2022.11 adds: 🔹Parsing #Twitter "s" values - all 71 of them! 🔹Timestamps from #Mastodon IDs 🔹Decoding #LinkedIn identifiers 🔹Expanding #Substack redirect links 🔹Parsing common tracking parameters Blog: https://t.co/Teu90mycYF #DFIR #OSINT

With all the uncertainty @Twitter, I've seen more people talking about alternatives like #Mastodon. Like tweets, Mastodon IDs have embedded timestamps in them, and Unfurl can parse them: 🔗 https://t.co/y9enToHpgD #DFIR #OSINT

We are reviewing our @MISPProject warning lists and we are looking for a maintained list of hosts which are domain parking. Do you know someone doing such thing? or should we start to build one from scratch? #threatintelligence

A key mindset to grasp as you transition from junior analyst to a more experienced level is that you won't have all the answers, but you can ask the right questions and know where to start looking for the answers.

Nice little tidbit here about decoding #LinkedIn profile ids from URLs, then using their sequential nature to estimate profile creation time. I see an @unfurl_link update in the future! #DFIR #OSINT

Apparently TikTok uses the same ID scheme for job postings as it does for videos? Random, but kind of interesting.🤷‍♂️ Example: https://t.co/rrNmFgHXCS More info on TikTok timestamps: https://t.co/uNqtmNyqY4 #DFIR #TikTok #OSINT

Have a long URL to decode? Use https://t.co/5cY9yzMT3B. It decodes parameters & values in the URL. Ex: I used Amazon & ran a search, copied URL, pasted into Unfurl. It broke the URL down & revealed "qid" param (2) is a time stamp and a date (3). #osint #cyber #tools

If you want a refresher on the benefits of allowlisting vs denylisting, just ask a 5 year old to stop doing something.

Very cool! #DFIR #Python

Hey, thanks! Your #DailyOSINT looks really interesting too!

debugging strategy: write a message asking for help

IP address in the URL? Sure, why not. You never know what you'll find in a URL (until you look 👀). 🔗 https://t.co/EUOOKRUecu #DFIR #OSINT

If you need to pull out all the data in complicated URLs, Try the excellent Unfurl tool to extract and visualize each bit in the URLs. https://t.co/w4X6vVuYcr https://t.co/EeSJ84uQd0 @_RyanBenson #OSINT #DFIR #BlueTeam #ThreatIntel #intelligence #ThreatHunting #infosec

Wooo! Thanks!

On browser forensics in #DFIR: In https://t.co/PqHoU9s4Nq, just from the URL we can see the attackers installed Chrome the week of 2021-11-01. So much interesting stuff in URLs! Unfurl 🔗: https://t.co/zVu2DfeSEz h/t @phillmoore for the article and lots of nice Google research

<Thread> Today on the way to school, I accidentally deep-dived on threat modeling, attacker math, risk acceptance, password management, and ethics with my kids (6 and 4 years old). 6YO started with a simple question: how do we prevent our car from getting stolen? 1/x

For analysts, a few questions related to web browser-forensics... First, how often do you reach for web browser-related forensic evidence in the investigations you work?

Hi #OSINTSummit folks! 👋 Unfurl is a free, open source tool that you can use to "expand" complicated URLs and find interesting things inside them, like: 🕓 timestamps 🗜️ compressed strings 🔎 search params 🔀 shortlinks Check it out at https://t.co/UmwG7DrZDq! #DFIR #OSINT