4 min readJust now
–
Today marks the beginning of my journey into Open Source Intelligence (OSINT). I’ve always been intrigued by the idea of gathering intelligence from public sources, and now I’m finally diving in! I’ve enrolled in Cybrary’s OSINT course to guide me through the process and learn from scratch. I’ll be sharing what I learn along the way, the tools I explore, the challenges I face, and my progress. I hope this journey helps others who are looking to learn OSINT, too. Why OSINT?
Indeed, that’s a good question. The thing is, I’ve always been a bit of a “stalker” (not in a bad way!), but I’ve always enjoyed finding information that’s available online. One day, I discovered that it’s actually a profession — something that people do for a living — and that by…
4 min readJust now
–
Today marks the beginning of my journey into Open Source Intelligence (OSINT). I’ve always been intrigued by the idea of gathering intelligence from public sources, and now I’m finally diving in! I’ve enrolled in Cybrary’s OSINT course to guide me through the process and learn from scratch. I’ll be sharing what I learn along the way, the tools I explore, the challenges I face, and my progress. I hope this journey helps others who are looking to learn OSINT, too. Why OSINT?
Indeed, that’s a good question. The thing is, I’ve always been a bit of a “stalker” (not in a bad way!), but I’ve always enjoyed finding information that’s available online. One day, I discovered that it’s actually a profession — something that people do for a living — and that by doing so, you can help society. That really intrigued my curiosity! I thought, Wow, I could actually help someone through this, or maybe even improve my own skills along the way. So, here I am, learning about OSINT.
I even went to ChatGPT and asked, “Give me some free OSINT resources.” It gave me a bunch, and one of them was Cybrary. So, let’s dive into what I’ve learned so far. What is **OSINT? **OSINT, or Open-Source INTelligence, refers to the process of gathering information from publicly accessible sources (open-source), whether for free or for purchase, and analyzing that information to develop insights about a target (Intelligence). OSINT is more of a passive form of work. Instead of actively scanning a network using tools like Nmap or performing brute-force attacks, OSINT is all about analyzing publicly available data. We gather information from open sources — like websites, social media, and public databases — and then analyze it for patterns, insights, or actionable intelligence. It’s a different approach than the hands-on tactics typically used in offensive security, but it’s just as crucial in understanding the bigger picture. OSINT in Practice
OSINT is used in many fields like cybersecurity, business, journalism, and general research. It’s based on the idea that people often share more information online than they realize, and much of that data is publicly accessible. This makes OSINT a powerful tool for gathering insights without needing any special access.
In cybersecurity, OSINT is often used during reconnaissance to learn about a target before launching any active attacks. This is especially important in Red Team operations, where gathering passive intelligence (data that’s publicly available) helps you stay under the radar and avoid early detection by the Blue Team.
The key to OSINT is knowing where to look. There are many public resources out there, but the key is to start with a clear goal. We can break this down into two parts:
- Information Categories: What type of information are you after? (Personal, technical, etc.)
- Information Resources: Where will you find it? (Social media, websites, databases, etc.) 2.1 Information Categories
So, when you start looking into OSINT, the type of information you’re after depends on the scope and the rules of engagement, but generally, it falls into two categories:
- Company — This is about the company itself. You’re looking at its structure, processes, and the people who work there.
- Things — This is all about the company’s digital infrastructure, like computers, servers, and other systems.
Basically, you’re trying to understand who they are and what they have.
2.2 Information Resources
Next, we need places to get this information. There are a ton of public resources out there, and some give info about both the company and its people. Here are the main ones I’ve started looking into:
- Company Website — Just explore it manually. You can find a lot of clues if you pay attention.
- Web Archives — These are old snapshots of websites, which is super useful for seeing past changes. Examples: Wayback Machine, Archive.is, Common Crawl.
- Search Engines — Google, Bing, DuckDuckGo, and tools like Censys or Shodan can help you find websites or devices connected to the company.
- Public Records — Stuff like WHOIS info, DNS records, certificate logs, or court records. You’d be surprised what’s out there.
- Leak Aggregators — Sites that collect sensitive info from past breaches. Examples: haveibeenpwned.com, dehashed.com.
- Social Platforms — People often share more than they think on social media or forums. Check LinkedIn, Facebook, Twitter (X), even Stack Overflow.
- File Repositories — Places where people store code or files publicly. Think GitHub, searchcode.com, Google Drive, AWS S3, Firebase.
- CTI Platforms — Cyber Threat Intelligence platforms scan URLs and aggregate threat data. Examples: urlscan.io, AlienVault OTX, VirusTotal.
LET’S NOW ANSWER THE QUESTION 1. d-open-Source Intelligence 2. A. Collection and analysis of information from public resources to develops insights about people and things. 3.C.Private emails