Hi
#OSINT
#CTF
community.
I need your help. I'm trying to make a big list of OSINT Challenges for the community. I have this list (attached pic). Do you know any OSINT-focused challenges (CTF or other) not on here?
#PlsRT
Did you know that the CIA released a free PDF on how to analyze
#osint
? Well, it wasn't JUST for OSINT. It discusses bias and how to keep an open mind when performing analyses.
Worth a download and read. PDF is here:
The
#username
#OSINT
web site now has over 280 sites that you can check for a username from within your browser.
- Export results to a file.
- All checks from your browser.
- Free
- Fast
Doing
#OSINT
within
@shodanhq
? As an auth'd user, visit and use these filters:
- screenshot.label:desktop
- screenshot.label:ics
- screenshot.label:loggedin
- screenshot.label:login
- screenshot.label:terminal
- screenshot.label:windows
Use in combination!
Hey
#OSINT
and
#cyber
people. If you are using colored boxes to note certain areas of interest/similarity in your image analysis, consider using an additional technique as well.
Not everyone can see those boxes that you can see. Check out my blog post
Are you a bored OSINTer today? Nothing much going on? How about looking at people's public Google Calendars? That could be fun!
Enjoy and add this technique to your
#osint
arsenal!
After an amazing 10 years, I'm excited to let you know that I've resigned from my day job at Booz Allen.
Starting in December, I will be doing
#OSINT
and
#cyber
consulting through my new
@SpotInfosec
business ().
I was today-years-old when I learned that I could copy
#metadata
from one file (like a phone's photo) to another ( image) using the command-line command:
exiftool -TagsFromFile fromFile.jpg toFile.jpg
#osint
#sockpuppet
Credit to
My son offered to make my coffee this morning which seemed odd at the time as he never has done this before. My coffee tasted good until I saw this. Luckily I’ve been building up an immunity to iocaine powder. Whew. 😏
Well the
#osint
cat is out of the bag. Some of you have already been contacted by
@SANSDefense
to be beta testers for THE NEW OSINT CERT!!!
May I present, the GIAC GOSI (GIAC Open Source Intelligence) certification for the
#sec487
class!
Over the past years, I have enjoyed teaching OSINT to people through my SANS class, at workshops and conferences, and through the live streams of
@OsintCurious
With the new year comes a new opportunity to learn
#OSINT
more deeply with me (and eventually with other trainers)...
I'm thrilled to announce that the 3rd annual
@SANSDefense
#OSINT
Summit will be a 2 day, virutal, free event next year!
February 11-12, 2021
We are currently looking for people to speak/present at the event
#CFP
#osintcurious
I've just created a project called ORCS (OSINT Resource Classification System) () to hopefully bring together OSINT bookmarking site/resource classification systems into a standard.
#osint
#threatintel
Fun
#OSINT
#webscraping
tip:
You can get the email address and other details from the owners of pages by adding ".json" to the page name.
- Go to
- Click a link like
- Change to
is for ANYONE who loves open source intelligence, from those just starting out to career pros.
Our goal is to help expose
#OSINT
fans to experiences that follow common research threads, gathering available information for a specific target.
#ctf
1 Mar
#OSINT
tip: Using Google cache is great for recon. Understand it pulls images, JS and other pieces of the web page from the LIVE SITE (not cache) unless you add &strip=1 to end of cache URL.
Attached is a pic of the network traffic from my browser when I didn't use &strip=1
Happy to announce the WhatsMyName project () now has "political" sites it checks for users.
Tracking extremists as they move to less-mainstream platforms? Submit those sites and we will add them to the project!
#osint
#intelligence
Hmm. Just saw a tweet from
@ProtonMail
referencing a
@VICE
article about
Use this simple site to find out how to request what companies know about you for
#privacy
#OpSec
I'm thrilled to announce that I've accepted a Director position with the amazing
@NCPTF8
to continue the excellent work that they do in fighting human trafficking and child exploitation. Big thanks to
@Volk_NCPTF
and
@hatless1der
for all your efforts!
Thank you for all the wonderful wishes on my SANS promotion. I'm thrilled for the recognition of my work and truly love OSINT and the community we've built.
Just a quick reminder that is a great way to remove some of your data from the internet.
The anonymous author has updated it to have even more sites.
#osint
#privacy
#infosec
Thank you
@textfiles
for bringing me a little nostalgia.
26 years ago I met a woman via the Digital Nation First Class BBS.
I proposed to her via a global banner displayed to all users of the BBS.
Despite all that, she and I will be married 25yrs this year.
#geeklove
This is a tremendously challenging post to write. After 9 years of working with the amazing people at
@SANSInstitute
, I've decided to move on and leave the org.
I'll be teaching the
#SEC487
#OSINT
class once more next week (31 Jan-5 Feb at the CTI Summit) and then ...
I'm both excited and proud to have created a 6 day, hands-on
#OSINT
course for
@SANSDefense
. Over 23 labs, a focus on gathering AND analyzing, and a
#CTF
on day 6 all make
#SEC487
a fun course for anyone!
@thegumshoo
and I are THRILLED that the free, global, virtual
@SANSDefense
#OSINT
Summit conference is THIS Thursday and Friday.
Our amazing speakers bring a diverse range of talks and experiences to the event.
Check it out and sign up at
#OSINT
Tip - With many of us not buying morning coffee from retailers at $5+/coffee, you may find yourself with an extra $49 in your wallet.
Highly suggest purchasing the
@shodanhq
"Membership" at a one-time cost of $49 (coincidence?). Greater access into a great tool.
Just saw that someone on Reddit said that, when they got a SPAM phone call, they told the caller who dies in
#Endgame
.
Spammer cursed them out and hung up.
I call that a win and am adopting that strategy immediately.
For all of you that asked for it, my
@SANSInstitute
#OSINT
talk from last night is now on YouTube. Link in this page .
Lots of fun things in there from my core content on Untappd to reverse whois with a twist to breach data!
#osintcurious
#5osintthings
We all should be trying to learn more about this crazy, wonderful world of ours.
What are 5 things you want to learn this year about
#OSINT
?
I'll start:
1 Image analysis
2 Video analysis
3 More python
4 Cryptocurrency Analysis
5 More social media
#OSINTCurious
May I take a brief moment of your
#cyber
,
#OSINT
,
#recon
,
#socialengineering
time?
If you aren't doing Google searches like: site: "keyword" then you are missing out!
International site...businesses and personal homes. WOW!
Have I mentioned that the 2021 FREE
@SANSDefense
#OSINT
Summit is a FREE 2 day, virtual, global conference?
Did I tell you registration is free and happening RIGHT NOW!
Really looking fwd to hearing the amazing talks people submitted!
#cyber
Check out this cool new blog post that
@shall_1
made about an
#OSINT
#mindmap
of mine he beefed up:
Some great content in there and in the doc. Thanks
@shall_1
for the guest post!
I'm doing some work on using traffic and security cameras for
#OSINT
. Love the site.
Currently, I just watched a person and a dog in Amsterdam inside an elevator and now I'm watching a bored person in a restaurant kitchen.
#geoint
I made a huge mistake today.... I challenged my math major, comp-sci minor child to Python something faster than I could.
Not only was their code better and their solution more elegant but they also optimized my original code to make it better.
I love learning from my kids!
Hey
#OSINT
peeps. One of my students in
#SEC487
showed me the amazing, free Microsoft Steps Recorder () that is in all versions of Windows and records everything you do.
Might be helpful to record what you do during an assessment.
70TB of Parler users' data leaked by security researchers. As I mentioned previously - The data is out there to identify those involved in planning last week’s attack on the Capitol. This is why government needs greater investment in
#OSINT
.
#geolocating
social media content is getting a whole lot more fun from an
#osint
perspective. Don't believe me?
The user in the image below didn't add his home city to his profile but I bet you can see where he lives based on his "check-ins" (red=more beers drank)
Its no secret that I've struggled with
#ImposterFeelings
for years.
If you are feeling you don't belong in your industry/job/career/life...take a moment and check out the resources I collected.
#YouAreNotAlone
Today is the day I hit 10,000 followers.
I'm truly blessed to have such a supportive, challenging, knowledgable, diverse set of followers that are constantly helping me grow.
Thank you!
You doing
#OSINT
and
#recon
work that takes you to Twitter? Check out this excellent blog () by
@labnol
on how to search more-deeply using Twitter search directives (like Google Dorks)
Doing
#OSINT
on things that happened in the US a while ago (>10 years)? You might want to hop over to the National Archives where they have ship manifests, death records (with SSNs), enlsitment records and more!
Here is an example to start you off:
I have a serious question for students in
#OSINT
courses. I'm seeing more and more OSINT trainers taking pictures of their students' faces and tweeting/IG'ing them out. As an OSINT instructor, putting my customer's faces on social media is the last thing I want to do.
If you do
#OSINT
or
#recon
and have not seen these fabulous, short Spiderfoot tool command line interface (CLI) videos that
made, you are missing out!
#OSINTcurious
Did you know that SANS has a list of free resources and scholarships on the page?
There is also the Work Study program () which offers reduced rates on training in return for some work during the events.
#cyber
#osint
#CTI
through recorded, skills-based trainings on the My OSINT Training () site.
These courses range from short topics like "How do I install and run a certain
#Python
OSINT tool?" to longer, step-by-step courses on...
Have a long URL to decode? Use . It decodes parameters & values in the URL. Ex: I used Amazon & ran a search, copied URL, pasted into Unfurl. It broke the URL down & revealed "qid" param (2) is a time stamp and a date (3).
#osint
#cyber
#tools
We are excited to announce that
#OSINTSummit
2022 registration is NOW OPEN! Join Summit Chairs
@WebBreacher
&
@dutch_osintguy
and learn how top
#OSINT
experts gather and analyze available information for their investigations.
Register now for FREE:
#OSINT
or
#Recon
tip of the day. Trying to harvest Google Analytics codes from web pages from the command line? Try the below from a terminal window (linux/unix/macOS):
curl --silent -L | grep -o -E "UA\-[0-9]+"
Change domain to your target.
#profit
Unfurl : It takes a URL and expands ("unfurls") it into a directed graph, extracting every bit of information from the URL and exposing the obscured : cc
@_RyanBenson
Hey all. I'm releasing the
@SANSDefense
#SEC487
Community Wiki for
#OSINT
resources. It can be found at
Always looking for content submissions and pull requests. In the coming weeks, we hope to add a bunch of resources to it.
OK...so many of your
#OSINT
people have heard me talk about using the free/nearly free
@obsdmd
in investigations for documentation, workflow, task management, and more.
Here is a little blog () with links and such for your viewing pleasure.
#cyber
Hey
#OSINT
and
#sourcing
people! Have I got amazing news for you!!
The 2020 SANS Open-Source Intelligence Summit is coming to Virginia AND you can use code OSINTPOD20 to get a special price of $175 on your registration.
Register now to save your seat:
#OSINT
Tip: Bing & Yandex have
#cached
data
The removal of Google's cached content is a set back for some but both Bing and Yandex search engines have cached pages. We also have amazing sites like and for full page captures
Check out
@osintcombine
's and my free
#OSINT
/
#cyber
/
#recon
#username
enumeration site.
Changes include site defaults to "all/no porn" for categories (1) to keep your searching safer and exporting content to files (2).
Reposting this for the
#OSINT
community. A OSINT page crawler that indexes them and lets you search them all together. With sortable results!! (and free!)
I know this might be premature, but I voted today via mail in ballot. Now I know some of you might ask,
"But Micah, there are 2 more debates still. How can you have already made up your mind?"
I've waited 4 years to vote this racist, lying blowhard out of office.
#VoteHimOut
For Facebook
#OSINT
- Still want to use the sowdust code on sites like
@_IntelligenceX
but cannot do to the new UI on FB?
Add all the filters to the sowdust tool, then copy the URL and replace "www." with "apps." at the beginning of the URL. It'll switch to the old/classic UI.
I used to treat my home networking like a lab. I'd reconfigure stuff, try new things out, attempt to optimize.
Now, with my family WFH and learning from home, my network has transformed into an essential lifeline, high-availability network that I dare not touch.
I love days like today.
- Work on OSINT cases.
- Do a live stream with
@dutch_osintguy
.
- Take some time to clean my desk after spilling hot coffee all over it
- Complain on Twitter.
Life is good.
Do you do
#OSINT
on TikTok? Then check out my blog post at and my
#10minutetips
at where I show how to extrtact JSON from the site and pull all the comments for a post just using a web browser!
#OSINT
/
#SocialEngineering
tip: Looking for data about a target? Check what utilities they might use at their home.
For instance, the site will show you the addresses of their customers and the WiFi network names.
Give me a 👍if you know about the site that allows you to recreate images from Google Street View imagery by placing virtual "cameras".
There are over 10,000 models of security and other cams it knows how to mimic!
#osint
#geoint
#imint