Blog

In the third episode of season 2 of the ShadowDragon podcast, CEO Daniel Clemens and Director of Intelligence and Innovation Collection (aka Dutch OSINT Guy) Nico Dekens sat down for a one-on-one...

In a recentopinion piece for The Cipher Brief, Gregory Sims, former CIA Clandestine Service for over thirty years, including multiple field tours as Chief and Deputy Chief of CIA stations, shared his...

Daniel Clemens, Founder & CEO, ShadowDragon  Is climate change the cause of higher energy prices? Likely not. That being said, there is common confusion surrounding energy policy and basic economics....

Investigating integrity and criminality in commerce is a daunting task that requires access to vast amounts of information and complex organizational analysis. The scale rises considerably when...

Nico Dekens, Director of Intelligence and Innovation Collection, ShadowDragon

In the second episode of season 2 of the ShadowDragon podcast, CEO Daniel Clemens, CTO Elliott Anderson, and Director of Intelligence and Innovation Collection (aka Dutch OSINT Guy) Nico Dekens sat...

Global Ecosystem Includes The Largest Set Of Open Source Intelligence Partnerships In The Industry

After six weeks of investigation, on Dec. 30, 2022 authorities arrested Bryan Kohberger as the key suspect in the quadruple murders of four University of Idaho students. This case (which is ongoing)...

Jan. 4, 2023 - ShadowDragon™, a provider of open source intelligence (OSINT), unique datasets and APIs that reduce the friction of sourcing, collecting, and sorting publicly available information in...

Season 2 of the ShadowDragon podcast is here! In the first episode, CEO Daniel Clemens and CTO Elliott Anderson were joined by the Dutch OSINT guy, Nico Dekens. 

Market Leading Technologies Combine to Provide Powerful Investigative Solution

September 15, 2022 – Virginia Beach, VA – Chorus Intelligence (“Chorus”) has powered up their digital intelligence platform by embedding SocialNet from ShadowDragon within it. This combined...

Hoover, AL – As the sophistication of organized cyber threats increases, so does the need for cooperation to catch the perpetrators of these malicious acts. ShadowDragon™, a leading provider of cyber...

ShadowDragon and Kaseware are celebrating four years of partnership, a collaboration which has resulted in operational growth and advanced solutions for investigative case management and data...

San Francisco, California – December 6, 2021 – Sverica Capital Management LP (“Sverica”), a private equity investment firm, announced today that it has made a strategic investment in ShadowDragon...

ALEXANDRIA, VA, UNITED STATES, March 15, 2021 / -- Data and investigative platform companies King & Union and ShadowDragon today announced an integration agreement that gives cybersecurity analysts...

The echo’s of investors had started the buzz of the need for new investigative / intelligence platforms a great deal more than there had been in the past few years. The buzz will only gain more...

SoftStrategy and ShadowDragon Partnership Rome, Italy JUNE 22, 2020 – SoftStrategy and ShadowDragon partner together to provide advanced investigative training. As the world has become more...

## What is the DarkWeb The dark web sounds scary, but in reality, it is anything you cannot get to via Google, or that uses a masked IP address. The classification of the dark web is a subcategory...

Over the course of the last few months, we’ve blogged about finding bad guys by guessing emails, mapping friends, understanding emotional behavior, and leveraging laziness and poor password habits. ...

One of the most frustrating things to happen in any data visualization software is for you to run a query and get back the notification: “This result returns more nodes than you are allowed to...

There’s a lot of mystery that surrounds the dark web–surprisingly, even in the information security space.  I’ve met a huge swath of capable engineers and developers who can explain the technical...

We’ve talked in recent weeks about the importance of training and the methodology behind it.  Much of the OSINT work we do is focused on the social aspects and footprint of a target online.  As most...

In the past, we have looked into a hacker who comes from Iran by the name of Mrb3hz4d. Now if we take some of the information we saw from his defacement, we can create an extremely simple OIMonitor...

Earlier this week FireEye/Mandiant had released a blog entitled “Insights into Iranian Cyber Espionage”detailing the targets within the Aerospace and Energy sectors being targeted. To compliment...

It would take about 3 minutes to teach someone how to collect data on a single individual. That is easy to do. You poke around and find out all you can about the person. The difference between an...

There comes a time in some OSINT investigations where we have accurately identified our target’s profiles, lifestyle, and communication platforms, but we still aren’t quite to the point of...

After looking at the structure of both the dark web and normal web, we can now start to see why so many people want the benefits Tor gives, especially the anonymity. With anonymity comes people who...

When starting a project in OIMonitor, you are tempted to cast a wide net and grab from every source. This will bring in a lot of hits and you may even think, “Wow, this is awesome! I am awesome! My...

Many years ago, when I was in college, I had a job at a large retailer.  It involved all of the normal retail-y things: stocking, checking, unloading trucks, helping customers, etc.  After working...

Since movies took over displaying intelligence, we have seen crazy maps and charts attempt to display intelligence and seem “futuristic.” Here, we can see an example of a heat map:  It is great....

This is Part 2 of our 3-part series on demystifying the dark web. In Part 1, we looked at how the regular internet works at a networking layer. Today, we will be looking at how the dark web works at...

As a follow up to our last blog about password reuse and the recent data breach of Disney, I would like to talk about how to create strong passwords and why they are “strong.” Typically, we like to...

Today, we will be exploring the world of carding a bit and following the path of a kid on his way to becoming a full-fledged carder.  I spent about an hour on the basics of the investigation. The...

This post is part of a 3-part series that explains the difference between normal internet and the dark web, and how some actors use the dark web. Today we are going to try and clear up some of the...

I recently setup a project in OIMonitor to track the mentions of infectious diseases mentioned in the news. I immediately got results, though not all of it was good. One thing that did pop up...

Risk management strategies that work are hard to find in such a noisy infosec buzzword filled industry. Our guest Matt Devost, offers perspective on subjects which will be helpful for beginners,...

Actor engagement and physical security intersect when active shooter situations or heightened security threats are targeted against executives or physical locations. Naturally, the topic of...

Incident Response and extended investigations need storytelling functionality. Westward.ai’s innovation in event query languages is discussed laced with candor, history, and strange hacker lore. The...

We have been monitoring COVID19 and observed that we need to dig in deeper with experts in the field.   In this episode we explore that dialogue. In our podcast, we aren’t always the experts in...

Nico, (dutch_osintguy) shares his origin story along with war stories old, and new. Topics the following: Leadership seems to want visualization, analyst don’t care. Discussions evolve about how...

Today, I’m going to go on a very basic hunting adventure. Every so often, I do stuff like this for “fun”.  There’s no deep takeaway here –– just some basic searching and the techniques involved. ...

2020 will be eventful and likely one of the most historical years containing change, balancing the tension between change, conflict, and hopefully peace in a long time. When reflecting on the...

On September 11th, 2012, US embassies had been hit with attacks known as the “Benghazi Attacks.” In online correlation, attacks that had been referenced as “Operation Ababil” had begun as a supposed...

A few weeks ago we went over an interesting way to pivot from breached data passwords to a target by virtue of the lazy way many people reuse the same passwords for multiple emails.  In a very...

Big data, AI, machine learning, block chain, and every other cool new tech words are all really just that–words. To a developer or computer scientist, they are a type of tool to solve specific...

Additional information is always needed on initial indicators for a SOC analyst or incident handler. In this case, initial indicators point to [ clear. co. ir and 79.127.125.179 ] engaging in...

We’ve all heard the advice a million times, “Don’t use the same password on different websites.” Unfortunately, (or fortunately, depending on our motivations) many users make this exact mistake. In...

The first lesson I was ever taught in programming is the need for scaffolding. Just like painting a house, even if you are certain you can reach every nook and cranny and cover every wall,...

In 1896, at the University of Lausanne in Switzerland, a young economist by the name of Vilfredo Pareto published a paper showing how 80% of the land in Italy was owned by 20% of the population....

ShadowDragon is a privately-held software development company seeking a full-time training and curriculum specialist. ShadowDragon provides cyber security software tools to commercial entities,...

As a developer and OSINT investigator, I often come across other investigators that are researching a target online and have “hit a wall,” so to speak.  “I’ve hit a dead-end, I can’t figure anything...

In my last entitled Illuminating Context with Timeline Analysis, I gave a rough sketch of the basics. In this post I will share a few specifics. The primary point to drive home is there won’t ever...

In our training courses, we push ideas and investigative methodology more than we push our tools. Tools will change, but proper investigative methods will not change. Asking the right questions will...

Human trafficking, according to Wikipedia, is the trade of humans for forced labour. With the advent of the internet and high-speed communication, traffickers have found a new way to advertise their...

Everyone has a different use case that needs to be monitored, and we enable a vast amount of use cases for tailored collection and monitoring with OIMonitor at a very high scale and have been doing...

Today we are going to look at how we can build a network from a single starting entity and use that network to identify the actors in the network that are the most connected. For this example, we...

Redwood City, California – May 16, 2019 DataWalk and ShadowDragon have formed a strategic technical alliance to facilitate more complete and detailed investigations incorporating open source...

Every investigation is different, but what never changes is how you have to treat an investigation much like the challenge of building something with a bucket of Legos. With each bread crumb, you...

Catching the backscatter of conversation, keywords and data dumps have always been one of the driving goals in our OIMonitor project. While others have been quick to highlight one particular...

Shadow Dragon has created an automated document conversion tool that expands analysts’ capabilities, speeds analysis and investigations, and making the electronic transmission of files between...

I had previously written about how we started with our our monitoring platform and how that grew into the beast it is today.  I didn’t leave much room to frame things in the most hip-infosec way,...

DEF CON 26, Intel CTF (iCTF) had more participants than any other capture the flag challenge. With over 100 teams showing up, a select few escalated to the top of the heap showing off their  skills,...

This was my second year attending the Crimes Against Children Conference (CACC) in Dallas.  CACC draws a crowd proficient in the art of finding the bad guys and protecting the defenseless, and I...

If the world has a plethora of investigators and the success of prosecutors is hovering around 90% success rate  — why do we struggle with an increase in more complex crime, a rise in international...

Millions love the character Jack Ryan from Tom Clancy’s bestselling 18-book series (and a new TV show on Amazon!), but not as many folks know that there is a real, live Jack Ryan living in America...

Cheyenne, Wyoming and Denver, Colorado With more than 3.1 billion people across the globe actively using Social Media, it is no surprise that criminals utilize it and can be tracked down on it by...

In “Understanding Link Analysis and Using it Investigations,” I detailed how to get started and some fundamentals on link analysis. What I didn’t cover was how long you should be involved in the...

ShadowDragon is proud to be a co-sponsor of the Mission III Advanced iCTF Contest at Defcon 2018. iCTF has crafted a compelling and challenging scenario! Participating is a great way to hone your...

BANGALORE, India ALTEN Calsoft Labs, a next-generation digital transformation company, rolls out a plan to Prevent Cyber Attacks and Minimize Damage by leveraging ShadowDragon’s cyber intelligence...

I started using link analysis for investigations somewhere around 2009/2010 when we were developing the first version of SocialNet.  A longtime friend, Roelof from Paterva, shared his vision for a...

Yesterday, Matthew Meltzer, Sean Koessel, and Steven Adair @ Volexity released an excellent write-up on the Indian APT group known as Dropping Elephant.   The Volexity article detailed attacks...

ShadowDragon, a U.S.-based cyber threat intelligence solutions company, has enhanced its OIMonitor product to include secure and customizable monitoring of forums, open, closed source, TOR and...

When most security pros think of threat intelligence, they think of cyber crime – tracking down hackers and cyber criminals aiming to compromise networks to exploit credit card information,...

Attack methods targeting businesses nearly doubled from 82,000 in 2016 to at least 159,700 in 2017 (the majority of cyberattacks are never reported), according to the Online Trust Alliance. 2017 was...

United States – ShadowDragon, a U.S.-based cyber threat intelligence solutions company, today announced that its SocialNet App is the first Social Media Forensics & OSINT mapping app available on...

The horrors of cybercrime can make even the savviest tech person shudder. Much like an accident on the side of the road, however, we just can’t help rubbernecking. That’s why the Clear Sky report...

ShadowDragon: Solving the Challenges of Modern Investigations Today, the internet is ubiquitous. It has revolutionized businesses and communications. It also has revolutionized crime....

Cheyenne, Wyoming – ShadowDragon, a U.S.-based cyber threat intelligence solutions company, has entered into a distribution agreement with GuidePoint Security LLC, a Virginia-based technology...

  It was the end of 2010. The Packet Ninjas’ team (the predecessor of ShadowDragon) had been making mad dashes on application assessments and penetration tests while deployed to a nowhere...

Cheyenne, Wyoming – ShadowDragon makes it to the list of 20 Most Promising Enterprise Security Solution Providers 2017 by CIOReview. CIOReview is a technology magazine with a mission to guide...

Votiro Labs and ClearSky CyberSecurity both based out of Israel, through use of MalNet have uncovered a slew of interesting TTPs and infrastructure believed to be used by the 1937CN group. Votiro &...

Accelerating Law Enforcement Capabilities DeliverFund’s iHTAC is a unique collaboration with corporate partners who bring innovative technology tools used to accelerate law enforcement capabilities...

In one case, I found myself in a country in Latin America investigating a complicated persistent business compromise being implemented through both electronic and human means. I had already been...

Cheyenne, Wyoming – December 15, 2016 ShadowDragon, a company that develops specialized digital investigations technology, and DeliverFund, a nonprofit dedicated to disrupting sex trafficking...

The buzz of cyber compromise has been booming since the AP released some interesting points on the Hillary Clinton email compromise. This was followed up by Brian Krebs on May 16th, 2016 noting less...

Perhaps the most nefarious, these attackers are driven almost exclusively by financial gain. These criminals typically target personal and corporate systems, and range in skill from Nigerian 419...

MalNet accesses the Proofpoint ET Intelligence™ comprehensive database that contains current and historical malicious IP addresses and domains. In this blog post we share screenshots of Maltego 4...

Below are a few screenshots of our flagship product SocialNet, integrated with the new Maltego M4 release. If you haven’t seen the video from Maltego, please go check it out now. Email Correlations

Our first artifact, begins with the email address rumored to be used by Jesse Pinkman, pivoting on one to one correlations between his favorite social media provider and others, we find his wish...

In 2007, Don Jackson while at SecureWorks had written about the Gozi Trojan, sharing details on the modularization and monetization strategies utilized by this family of malware. More recently,...

MalNet brings together the industry’s most up to date and extensive threat information from Proofpoint with Maltego link analysis capabilities from ShadowDragon. MalNet enables threat analysts and...

Cheyenne, Wyoming – March 8, 2016 ShadowDragon, a U.S.-based cyber threat intelligence solutions company, has entered into a partnership with Proofpoint, a leading next-generation cybersecurity...

Cheyenne, Wyoming – February 16, 2016 Packet Ninjas, a niche cyber security consulting and services company, today announced the formation of a sister company named ShadowDragon. ShadowDragon will...

Just a couple of weeks ago the world was rocked by the news that CIA Director John Brennan’s AOL email account (apparently that’s still a thing) had been hacked. Immediately, speculation began. Had...

Cyber Threat Types and Motivations There are several types of cyberwars going on at any given time. There are plain old hacking attacks, criminally-targeted attacks, nation state cyberwar, and...

Ordinary Info to You; Opportunity to a Cyber Criminal As its name suggests, OSINT is intelligence gleaned from publicly available sources such as social media, company websites, news sites, even...