Where does operational security begin?
Over the course of the last few months, we’ve blogged about finding bad guys by guessing emails, mapping friends, understanding emotional behavior, and leveraging laziness and poor password habits....
Becoming Dark Web Rambo
There’s a lot of mystery that surrounds the dark web–surprisingly, even in the information security space.I’ve met a huge swath of capable engineers and developers who can explain the technical...
Cutting your teeth on ShadowDragon’s advanced CTF
We’ve talked in recent weeks about the importance of training and the methodology behind it. Much of the OSINT work we do is focused on the social aspects and footprint of a target online. As most...
Fishing with a Subaru
There comes a time in some OSINT investigations where we have accurately identified our target’s profiles, lifestyle, and communication platforms, but we still aren’t quite to the point of...
Background Checks & Due Diligence
Many years ago, when I was in college, I had a job at a large retailer. It involved all of the normal retail-y things: stocking, checking, unloading trucks, helping customers, etc. After working the...
Unmasking a carder with OSINT
Today, we will be exploring the world of carding a bit and following the path of a kid on his way to becoming a full-fledged carder.I spent about an hour on the basics of the investigation. The...
Iran and OSINT Hunting for Fun & Profit.
Today, I’m going to go on a very basic hunting adventure. Every so often, I do stuff like this for “fun”. There’s no deep takeaway here –– just some basic searching and the techniques involved. Iran...
What’s in an email address?
A few weeks ago we went over an interesting way to pivot from breached data passwords to a target by virtue of the lazy way many people reuse the same passwords for multiple emails. In a very...
Into the Breach
We’ve all heard the advice a million times, “Don’t use the same password on different websites.” Unfortunately, (or fortunately, depending on our motivations) many users make this exact mistake. In...
Bad moods = Bad decisions
As a developer and OSINT investigator, I often come across other investigators that are researching a target online and have “hit a wall,” so to speak. “I’ve hit a dead-end, I can’t figure anything...
Forget About Deep and Dark Web Hype
Everyone has a different use case that needs to be monitored, and we enable a vast amount of use cases for tailored collection and monitoring with OIMonitor at a very high scale and have been doing...