You Can Run, But You Can’t Hide

Guest blog post by Aleksander (@aleksanderrr_) and Intel Inquirer (@intel_inquirer) STRAVA is one of the worlds’ most popular social media platforms, used by more than 50 million people to monitor and share their cycling/running exercises. Since the platform’s initial launch in 2009, it has recorded more than 4 billion activity uploads and throughout the COVID-19 pandemic, the number of new users have soared as people … Continue reading You Can Run, But You Can’t Hide

alphabet blur books close up

Staying Up to Date with OSINT Content

Open Source Intelligence is an ever-evolving field of work so it’s important to keep up-to-date with new techniques and tools available to us. Whether you’re new to OSINT or you have been engaged in the topic for a while, it’s natural to feel overwhelmed by the amount of OSINT resources shared online.  It’s important to note that while OSINT isn’t about collecting tools, and resources … Continue reading Staying Up to Date with OSINT Content

Basics of Breach Data

Guest blog by Rob Volkert In 2018 there were reportedly 1,244 data breaches totaling over 446 million exposed records, primarily targeting the business sector and health care fields. Cyber security systems may be growing more sophisticated, but so too are attacks designed to collect personal data. There may be a silver lining to breach data for those of us who conduct open source intelligence (OSINT) … Continue reading Basics of Breach Data

Basic OPSEC Tips & Tricks for OSINT researchers

Often i get asked if i’ve got some pointers and tools for OPSEC during online investigations. My primary answer would be first: I can’t give any tips or tradecraft pointers until I know what research questions you are trying to answer. In short, what is your threat model? First of all, one should know where the term OPSEC originates from. OPSEC stands for Operational Security … Continue reading Basic OPSEC Tips & Tricks for OSINT researchers

Certificates: The OSINT Gift that Keeps on Giving…

What are certificates? Everybody on the internet uses certificates, or public key certificates, whether you are aware of it or not. Certificates are documents that can provide proof of an identity, for instance a web server that is claiming its identity to your browser. These public keys can be used for encrypting data that is sent via, for instance, a connection over HTTPS but they … Continue reading Certificates: The OSINT Gift that Keeps on Giving…

OSINT on Deleted Content

When doing OSINT research, it might occur that the page you’re interested in, isn’t available anymore. Or that you get the request to research something that has already been deleted and no screenshots were taken. If you struggle where to begin or what tools might be helpful to use, here are some of our suggestions to help you start your research. The website I’m researching … Continue reading OSINT on Deleted Content

Using OSINT for your personal threat model

Recently, I gave a workshop at the SANS Security Awareness Summit in London, where I showed how one can conduct a simple assessment of him or herself by using some basic OSINT. In this post, I wanted to go a bit more in depth on that subject. Your adversary might be looking into you now. Do you even know what can be found online about … Continue reading Using OSINT for your personal threat model