Ryan Benson
@hindsig.ht
A new Unfurl release (unfurl.link) is here! v2025.08 has:
🆔 Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279
📝 Full release notes: github.com/obsidianfore...
🆔 Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279
📝 Full release notes: github.com/obsidianfore...
August 11, 2025 at 3:17 PM
A new Unfurl release (unfurl.link) is here! v2025.08 has:
🆔 Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279
📝 Full release notes: github.com/obsidianfore...
🆔 Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279
📝 Full release notes: github.com/obsidianfore...
Reposted by Ryan Benson
This story is absolutely insane. And we don't usually get a front-row seat to insider threat investigations
Spy got tricked by a honeypot and implicated the most senior leaders at the victim's biggest competitors.
I go through it all here: youtu.be/tDG1WfbSZFo
Spy got tricked by a honeypot and implicated the most senior leaders at the victim's biggest competitors.
I go through it all here: youtu.be/tDG1WfbSZFo
March 17, 2025 at 7:31 PM
This story is absolutely insane. And we don't usually get a front-row seat to insider threat investigations
Spy got tricked by a honeypot and implicated the most senior leaders at the victim's biggest competitors.
I go through it all here: youtu.be/tDG1WfbSZFo
Spy got tricked by a honeypot and implicated the most senior leaders at the victim's biggest competitors.
I go through it all here: youtu.be/tDG1WfbSZFo
Unfurl v2025.03 is live and adds new features, including:
🔎 Parsing #Google Search's UDM parameter
🐘 Recognizing #Mastodon usernames and parsing forks (like truthsocial[.]com and gab[.]com)
🧹 Utility parser to "clean up" inputs
Try it: unfurl.link
Blog post: dfir.blog/unfurl-parse...
#DFIR #OSINT
🔎 Parsing #Google Search's UDM parameter
🐘 Recognizing #Mastodon usernames and parsing forks (like truthsocial[.]com and gab[.]com)
🧹 Utility parser to "clean up" inputs
Try it: unfurl.link
Blog post: dfir.blog/unfurl-parse...
#DFIR #OSINT
Unfurl 2025.03
Unfurl v2025.03 adds new features, including
parsing Google Search's UDM parameter, support for Mastodon forks (like Truth Social), and a utility parser to "clean up" inputs.
dfir.blog
March 13, 2025 at 2:12 PM
Unfurl v2025.03 is live and adds new features, including:
🔎 Parsing #Google Search's UDM parameter
🐘 Recognizing #Mastodon usernames and parsing forks (like truthsocial[.]com and gab[.]com)
🧹 Utility parser to "clean up" inputs
Try it: unfurl.link
Blog post: dfir.blog/unfurl-parse...
#DFIR #OSINT
🔎 Parsing #Google Search's UDM parameter
🐘 Recognizing #Mastodon usernames and parsing forks (like truthsocial[.]com and gab[.]com)
🧹 Utility parser to "clean up" inputs
Try it: unfurl.link
Blog post: dfir.blog/unfurl-parse...
#DFIR #OSINT
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 Released!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
dfir.blog
March 11, 2025 at 5:08 PM
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
A new Unfurl release is here! v2025.02 adds:
🌐 Parsing encoded/obfuscated IP addresses
🦋 Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
🐛 Bug fixes & better bulk parsing
Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...
#DFIR #OSINT
🌐 Parsing encoded/obfuscated IP addresses
🦋 Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
🐛 Bug fixes & better bulk parsing
Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...
#DFIR #OSINT
unfurl
Extract and Visualized Data from URLs
unfurl.link
February 19, 2025 at 2:47 PM
A new Unfurl release is here! v2025.02 adds:
🌐 Parsing encoded/obfuscated IP addresses
🦋 Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
🐛 Bug fixes & better bulk parsing
Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...
#DFIR #OSINT
🌐 Parsing encoded/obfuscated IP addresses
🦋 Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
🐛 Bug fixes & better bulk parsing
Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...
#DFIR #OSINT
Reposted by Ryan Benson
Want to break down what is in a URL? Try Unfurl from Ryan Benson and gain further insights! dfir.blog/unfurl/
#DFIR
#DFIR
unfurl
Extract and Visualized Data from URLs
dfir.blog
February 10, 2025 at 11:42 AM
Want to break down what is in a URL? Try Unfurl from Ryan Benson and gain further insights! dfir.blog/unfurl/
#DFIR
#DFIR
Over the winter holiday, I was watching Netflix's Carry-On and got a bit nerd-sniped by a real Google Search URL on-screen... and then proceeded to "authenticate" it.
dfir.blog/authenticati...
#DFIR #OSINT #Unfurl #Netflix
dfir.blog/authenticati...
#DFIR #OSINT #Unfurl #Netflix
January 13, 2025 at 5:30 PM
Over the winter holiday, I was watching Netflix's Carry-On and got a bit nerd-sniped by a real Google Search URL on-screen... and then proceeded to "authenticate" it.
dfir.blog/authenticati...
#DFIR #OSINT #Unfurl #Netflix
dfir.blog/authenticati...
#DFIR #OSINT #Unfurl #Netflix
The Raiders can’t even be good at being bad…
December 23, 2024 at 12:52 AM
The Raiders can’t even be good at being bad…
Reposted by Ryan Benson
CTFs present challenges that you likely haven’t seen before. I’ve taken away new skills from every CTF I’ve ever participated in.
November 23, 2024 at 1:23 PM
CTFs present challenges that you likely haven’t seen before. I’ve taken away new skills from every CTF I’ve ever participated in.
Reposted by Ryan Benson
A new episode is live now of @dfnpodcast.bsky.social www.youtube.com/live/4H9TLL8...
YouTube
Share your videos with friends, family, and the world
www.youtube.com
November 21, 2024 at 11:05 PM
A new episode is live now of @dfnpodcast.bsky.social www.youtube.com/live/4H9TLL8...
Since I'm trying out #Bluesky, I figured I should add in support for it in Unfurl!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
November 21, 2024 at 4:19 AM
Since I'm trying out #Bluesky, I figured I should add in support for it in Unfurl!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
Reposted by Ryan Benson
New Timesketch release is out. Two highlights:
- Unfurl [1] integration, get information from URLs directly in your timeline.
- DFIQ [2] support with context aware SearchHistory.
Changelog: timesketch.org/changelog/#v...
[1] dfiq.org
[2] dfir.blog/introducing-...
- Unfurl [1] integration, get information from URLs directly in your timeline.
- DFIQ [2] support with context aware SearchHistory.
Changelog: timesketch.org/changelog/#v...
[1] dfiq.org
[2] dfir.blog/introducing-...
October 26, 2023 at 7:15 PM
New Timesketch release is out. Two highlights:
- Unfurl [1] integration, get information from URLs directly in your timeline.
- DFIQ [2] support with context aware SearchHistory.
Changelog: timesketch.org/changelog/#v...
[1] dfiq.org
[2] dfir.blog/introducing-...
- Unfurl [1] integration, get information from URLs directly in your timeline.
- DFIQ [2] support with context aware SearchHistory.
Changelog: timesketch.org/changelog/#v...
[1] dfiq.org
[2] dfir.blog/introducing-...