Companion Post to the 2021 SANS Live Stream “Tips for Conducting OSINT Investigations in the EU with GDPR”

The links below are a companion to the live stream Nico Dekens (dutch_osintguy) and Micah Hoffman (webbreacher) conducted in July 2021. Links Official GDPR documents https://eur-lex.europa.eu/eli/reg/2016/679/2016-05-04 GDPR and OSINT related blogs https://keyfindings.blog/2019/06/11/how-gdpr-effects-osint/ https://osintcurio.us/2019/01/08/after-the-gdpr-researching-domain-name-registrations/ https://www.domaintools.com/resources/blog/post-gdpr-security-investigations-part-1 https://www.domaintools.com/resources/blog/post-gdpr-security-investigations-part-2 https://www.domaintools.com/resources/blog/post-gdpr-security-investigations-part-3 Research paper – The protection of privacy in civilian criminal investigations using OSINT (Open-Source Intelligence) https://amsterdamlawforum.org/articles/abstract/10.37974/ALF.353/ Article 8 European Convention on Human Rights https://fra.europa.eu/en/eu-charter/article/8-protection-personal-data Legal framework Law Enforcement https://eur-lex.europa.eu/eli/dir/2016/680/oj Continue reading Companion Post to the 2021 SANS Live Stream “Tips for Conducting OSINT Investigations in the EU with GDPR”

The new Facebook Graph Search – part 2

This blogpost is inspired by @djnemec‘s Github gist, which you can find here https://gist.github.com/nemec/2ba8afa589032f20e2d6509512381114. The next step In this part, we’re talking about combining searches. Just like in part 1, we will be translating JSON to Base64. And of course we’ll take you through it step by step 🙂 What to combine? Well, you can only combine when you stay in the same category. In … Continue reading The new Facebook Graph Search – part 2

Basic OPSEC Tips & Tricks for OSINT researchers

Often i get asked if i’ve got some pointers and tools for OPSEC during online investigations. My primary answer would be first: I can’t give any tips or tradecraft pointers until I know what research questions you are trying to answer. In short, what is your threat model? First of all, one should know where the term OPSEC originates from. OPSEC stands for Operational Security … Continue reading Basic OPSEC Tips & Tricks for OSINT researchers

Using OSINT for your personal threat model

Recently, I gave a workshop at the SANS Security Awareness Summit in London, where I showed how one can conduct a simple assessment of him or herself by using some basic OSINT. In this post, I wanted to go a bit more in depth on that subject. Your adversary might be looking into you now. Do you even know what can be found online about … Continue reading Using OSINT for your personal threat model