You want to build a Platform? ..What Platform Should I use?

You want to build a Platform? ..What Platform Should I use?

By Daniel Clemens | Aug 9, 2020 12:00:00 AM

The echo’s of investors had started the buzz of the need for new investigative / intelligence platforms a great deal more than there had been in the past few years. The buzz will only gain more...

Where does operational security begin?

Where does operational security begin?

By Elliott Anderson / May 20, 2020 12:00:00 AM

Over the course of the last few months, we’ve blogged about finding bad guys by guessing emails, mapping friends, understanding emotional behavior, and leveraging laziness and poor password habits. ...

Becoming Dark Web Rambo

Becoming Dark Web Rambo

By Elliott Anderson / May 6, 2020 12:00:00 AM

There’s a lot of mystery that surrounds the dark web–surprisingly, even in the information security space.  I’ve met a huge swath of capable engineers and developers who can explain the technical...

Data vs. Intelligence

Data vs. Intelligence

By Josh C / Apr 22, 2020 12:00:00 AM

It would take about 3 minutes to teach someone how to collect data on a single individual. That is easy to do. You poke around and find out all you can about the person. The difference between an...

Fishing with a Subaru

Fishing with a Subaru

By Elliott Anderson / Apr 15, 2020 12:00:00 AM

There comes a time in some OSINT investigations where we have accurately identified our target’s profiles, lifestyle, and communication platforms, but we still aren’t quite to the point of...

Filtering Out Noise

Filtering Out Noise

By Brooks M / Mar 25, 2020 12:00:00 AM

When starting a project in OIMonitor, you are tempted to cast a wide net and grab from every source. This will bring in a lot of hits and you may even think, “Wow, this is awesome! I am awesome! My...

Demystifying the Dark Web: Part 2

Demystifying the Dark Web: Part 2

By Josh C / Mar 4, 2020 12:00:00 AM

This is Part 2 of our 3-part series on demystifying the dark web. In Part 1, we looked at how the regular internet works at a networking layer. Today, we will be looking at how the dark web works at...

Password Maths

Password Maths

By Brooks M / Feb 26, 2020 12:00:00 AM

As a follow up to our last blog about password reuse and the recent data breach of Disney, I would like to talk about how to create strong passwords and why they are “strong.” Typically, we like to...

Unmasking a carder with OSINT

Unmasking a carder with OSINT

By Elliott Anderson / Feb 19, 2020 12:00:00 AM

Today, we will be exploring the world of carding a bit and following the path of a kid on his way to becoming a full-fledged carder.  I spent about an hour on the basics of the investigation. The...

Tracking an Outbreak

Tracking an Outbreak

By Brooks M / Jan 29, 2020 12:00:00 AM

I recently setup a project in OIMonitor to track the mentions of infectious diseases mentioned in the news. I immediately got results, though not all of it was good. One thing that did pop up...

ShadowDragon Podcast #07 - Matt Devost Interview | Disinformation Attacks Against Institutions of Trust, Turing Assessments for Datasets, Exploration of Red Teaming Innovation

ShadowDragon Podcast #07 - Matt Devost Interview | Disinformation Attacks Against Institutions of Trust, Turing Assessments for Datasets, Exploration of Red Teaming Innovation

By Admin / Jan 21, 2020 10:20:04 AM

Risk management strategies that work are hard to find in such a noisy infosec buzzword filled industry. Our guest Matt Devost, offers perspective on subjects which will be helpful for beginners,...

ShadowDragon Podcast #05 - Westward.AI,Incident Response, Long Time Investigations Need Story Telling & Innovation in Event Query Languages.

ShadowDragon Podcast #05 - Westward.AI,Incident Response, Long Time Investigations Need Story Telling & Innovation in Event Query Languages.

By Admin / Jan 21, 2020 10:20:04 AM

Incident Response and extended investigations need storytelling functionality. Westward.ai’s innovation in event query languages is discussed laced with candor, history, and strange hacker lore. The...

Iran and OSINT Hunting for Fun & Profit.

Iran and OSINT Hunting for Fun & Profit.

By Elliott Anderson / Jan 15, 2020 12:00:00 AM

Today, I’m going to go on a very basic hunting adventure. Every so often, I do stuff like this for “fun”.  There’s no deep takeaway here –– just some basic searching and the techniques involved. ...

What’s in an email address?

What’s in an email address?

By Elliott Anderson / Dec 17, 2019 12:00:00 AM

A few weeks ago we went over an interesting way to pivot from breached data passwords to a target by virtue of the lazy way many people reuse the same passwords for multiple emails.  In a very...

The Problem with Technology Keywords

The Problem with Technology Keywords

By Josh C / Dec 4, 2019 12:00:00 AM

Big data, AI, machine learning, block chain, and every other cool new tech words are all really just that–words. To a developer or computer scientist, they are a type of tool to solve specific...

Iranian Watering Holes. Target Centric Analysis & Looking for Additional IOCs Related to clear.co.ir | 79.127.125.179 with ShadowDragon MalNet & ProofPoint Data

Iranian Watering Holes. Target Centric Analysis & Looking for Additional IOCs Related to clear.co.ir | 79.127.125.179 with ShadowDragon MalNet & ProofPoint Data

By Daniel Clemens / Dec 1, 2019 12:00:00 AM

Additional information is always needed on initial indicators for a SOC analyst or incident handler. In this case, initial indicators point to [ clear. co. ir and 79.127.125.179 ] engaging in...

Into the Breach

Into the Breach

By Elliott Anderson / Oct 16, 2019 12:00:00 AM

We’ve all heard the advice a million times, “Don’t use the same password on different websites.” Unfortunately, (or fortunately, depending on our motivations) many users make this exact mistake. In...

Scaffolding: The Basis of Everything

Scaffolding: The Basis of Everything

By Josh C / Oct 9, 2019 12:00:00 AM

The first lesson I was ever taught in programming is the need for scaffolding. Just like painting a house, even if you are certain you can reach every nook and cranny and cover every wall,...

The Vital Few and the Useful Many

The Vital Few and the Useful Many

By Brooks M / Oct 1, 2019 12:00:00 AM

In 1896, at the University of Lausanne in Switzerland, a young economist by the name of Vilfredo Pareto published a paper showing how 80% of the land in Italy was owned by 20% of the population....

Bad moods = Bad decisions

Bad moods = Bad decisions

By Elliott Anderson / Aug 25, 2019 12:00:00 AM

As a developer and OSINT investigator, I often come across other investigators that are researching a target online and have “hit a wall,” so to speak.  “I’ve hit a dead-end, I can’t figure anything...

Timeline Analysis | Epstein Death Reported on 4Chan Before Announced

Timeline Analysis | Epstein Death Reported on 4Chan Before Announced

By Daniel Clemens / Aug 10, 2019 12:00:00 AM

In my last entitled Illuminating Context with Timeline Analysis, I gave a rough sketch of the basics. In this post I will share a few specifics. The primary point to drive home is there won’t ever...

Illuminating Context with Timeline Analysis

Illuminating Context with Timeline Analysis

By Daniel Clemens / Jul 29, 2019 12:00:00 AM

In our training courses, we push ideas and investigative methodology more than we push our tools. Tools will change, but proper investigative methods will not change. Asking the right questions will...

It’s Hard Out There for a Pimp

It’s Hard Out There for a Pimp

By Brooks M / Jun 24, 2019 12:00:00 AM

Human trafficking, according to Wikipedia, is the trade of humans for forced labour. With the advent of the internet and high-speed communication, traffickers have found a new way to advertise their...

Forget About Deep and Dark Web Hype

Forget About Deep and Dark Web Hype

By Elliott Anderson / Jun 12, 2019 12:00:00 AM

Everyone has a different use case that needs to be monitored, and we enable a vast amount of use cases for tailored collection and monitoring with OIMonitor at a very high scale and have been doing...

Social Networks: Friends of Friends

Social Networks: Friends of Friends

By Josh C / May 31, 2019 12:00:00 AM

Today we are going to look at how we can build a network from a single starting entity and use that network to identify the actors in the network that are the most connected. For this example, we...

OSINT Challenges & Opportunities, Methodology on starting your Hunt.

OSINT Challenges & Opportunities, Methodology on starting your Hunt.

By Daniel Clemens / Apr 3, 2019 12:00:00 AM

Every investigation is different, but what never changes is how you have to treat an investigation much like the challenge of building something with a bucket of Legos. With each bread crumb, you...

Hype and the Deep Dark Web

Hype and the Deep Dark Web

By Daniel Clemens / Sep 25, 2018 12:00:00 AM

I had previously written about how we started with our our monitoring platform and how that grew into the beast it is today.  I didn’t leave much room to frame things in the most hip-infosec way,...

Investigator Methodology | Strategic & Tactical Vs. a Hopeful Change

Investigator Methodology | Strategic & Tactical Vs. a Hopeful Change

By Daniel Clemens / Aug 31, 2018 12:00:00 AM

If the world has a plethora of investigators and the success of prosecutors is hovering around 90% success rate  — why do we struggle with an increase in more complex crime, a rise in international...

Link Analysis Presentation No Nos and How Long Should I Deep Dive?

Link Analysis Presentation No Nos and How Long Should I Deep Dive?

By Daniel Clemens / Aug 3, 2018 12:00:00 AM

In “Understanding Link Analysis and Using it Investigations,” I detailed how to get started and some fundamentals on link analysis. What I didn’t cover was how long you should be involved in the...

Understanding Link Analysis and Using it in Investigations

Understanding Link Analysis and Using it in Investigations

By Daniel Clemens / Jun 21, 2018 12:00:00 AM

I started using link analysis for investigations somewhere around 2009/2010 when we were developing the first version of SocialNet.  A longtime friend, Roelof from Paterva, shared his vision for a...

Scroll to Top