• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
2018-12-26 23_10_38-We are OSINTCurio.us – Helping the OSINT community stay curious.png

Curious about OSINT?

December 27, 2018

Check out https://osintcurio.us/. It’s a new site authored by several pretty well known names in the industry. How it got started is a mystery (how I got invited is even more of a mystery).

I’m really excited for the site. There are already 11 posts on the site (including my origin post), including one about Python and how to use it for OSINT purposes. As with other communities I’ve contributed to, there’s a lot of excitement to start. Then it dies off. I don’t think this is the case here. There’s a lot of people involved that are really into OSINT. Most of them are regular contributors. I hope I can match their energy for this site.

This post first appeared on Exploring Information Security.

In Media Tags OSINT
Comment
2018-10-11 20_07_58-OSINT - Google Search.png

OSINT resources for beginners

October 22, 2018

I know what you’re thinking, “not another resource for OSINT.” This post is more focused on helping people just getting started with open source intelligence (OSINT).

This is the second of several resource posts I’d like to do that point people to some getting started resources. This is not meant to be an exhaustive list. Instead I’d like to highlight some of the resources I have found useful and use on a regular basis. This is meant more as a gateway into the deep field of OSINT.

Websites:

  • Google

  • IntelTechniques

  • OSINT Framework

Google is the primary tool I use for doing searches. Learning how to Google Dork is one of the most useful skills to have in security, not just OSINT. IntelTechniques has a lot of useful tools for doing specific searches. OSINT Framework has over 1200 tools available for OSINT. Plenty of opportunity to fall into rabbit holes.

People:

  • Josh Huff

  • Tazz

  • Micah Hoffman

  • Justin Nordine

  • Kirbstr

These are all people I’ve interacted with regularly or had on the podcast previously to talk about OSINT and threat intelligence.

Training:

  • SANS SEC487

  • Social Engineer - Advanced OSINT

  • Justin Nordine’s course

I took SANS SEC487 earlier this year and it is exhaustive. Lots of information, tools, and methodology in the course. I also recently took Social Engineer’s Advanced OSINT course at DerbyCon. It’s a shorter and much more focused course. It provides opportunities to play with certain techniques (Google Dorking) and tools (Maltego). Recently, Justin told me he was doing an OSINT course. Follow him on Twitter (above) to keep up with dates and links.

Podacsts:

  • OSINT on Exploring Information Security

I think this is the easiest way to capture all the podcast content. Plus, it keeps this blog post a little shorter and more streamlined. I don’t want this to be a super long post. The links I’ve provided in this post will lead you to other resources, tools, and ideas in OSINT.

How to get started with OSINT

Something to think about is use cases. Penetration testers use OSINT for assessing and organizations security aptitude. Investigators use it to track down people and companies. Incident responders use it to track malicious domains. Threat hunters use it to identify threats and risks to an organization. Those are some of the things I’ve used OSINT for working on a blue team. I’ve heard of use cases for police, insurance companies, and organizations looking to make acquisitions.

Methodology is also really important. It’s what keeps us from jumping too far down a rabbit hole. Dutch OSINT Guy has a good post on methodology. It’ll take practice and experience, so really just go do it and learn.

This blog post first appear on Exploring Information Security

In Technology Tags OSINT, Resources
Comment
Snow in McLean, VA

Snow in McLean, VA

SANS SEC487 Open-Source Intelligence Gathering and Analysis

March 28, 2018

Last week I had the pleasure of attending the brand new SANS course for OSINT in McLean, VA. The creator of the course, Micah Hoffman, has been on the podcast a few times and someone I consider a friend. He'll make his fourth appearance in a future episode on the topic of the SEC487 course. I wanted to take this opportunity to give some impressions of the course, while it's still relatively fresh.

Micah created videos for help with the labs as part of the course. This was one candid moment from those videos.

Micah created videos for help with the labs as part of the course. This was one candid moment from those videos.

Simply put, the course is fantastic. I recommend it for those with OSINT experience and those without. I have some OSINT experience. As part of my job, I've investigated internal and external people. Working in a Security Operations Center (SOC) for the State of South Carolina, I did a lot of OSINT looking up IP addresses, URLs, and various other things. I've used it to figure out if a marketing or technical recruiter email is legitimate. I've used it in job hunting.

I still took quite a bit away from the course. I took 18 pages of notes. Another project idea came out of the course, OSINT for the Blue Team. I couldn't wait to get back to work to start building out some OSINT standard operation procedures (SOP). I've already taken my notes and built out a resource page for others to use.

I got to build my first sock puppet. Work on better documentation (I love mindmaps for documentation!). I used Tor for the first time and visited the "dark web." Got a ton of new tools and resources to check out. I'm excited to start using Hunchly and Spiderfoot as part of my processes.  The capture the flag (CTF) on day six was fun and engaging.

We laughed a lot. If you're in the area, I recommend Super Chicken and the food trucks on Pinnacle Drive. Center of the Universe brewing has got some really good beer. Which reminds me, Untapped is a gold mine for OSINT. I got to see snow (see above)! Best of all, I got to see Micah teach a five-day course on one leg. He got really good at the three-point turns towards the end of the week.

Enjoying #SEC487 with @webbreacher! Learning tons of OSINT goodness already.

A post shared by Timothy De Block (@timothydeblock) on Mar 19, 2018 at 8:02am PDT

The course was a beta, so it had it's rough moments. Those were rare. Most of the feedback I had was for improving the course. Moving content to earlier in the week rather than later. Maybe doing a little less on this topic here or more of that topic there. The course is solid and it's only going to get better.

Future dates include:

  • Denver, CO - May/June 2018(not listed yet)

  • Baltimore, MD - September 10-15, 2018

  • Las Vegas, NV - September 23-28, 2018

  • Singapore, Singapore - October 22-27, 2018

Click here for more details.

This blog post first appear on Exploring Information Security.

In Experiences Tags OSINT, SANS
Comment

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace