My OSINT Journey

My OSINT Journey

Sign in Subscribe

FREE non-persistent web-based Firefox browser

Possible use case: Setting up a non-persistent stand alone Firefox web browser for performing OSINT research. You might be wondering what I'm talking about. Basically, I'm referring to running the Firefox web browser inside a Docker container. The "free" aspect comes from utilizing Amazon's EC2 (Elastic Compute Cloud). Why not

Hands-on with Crowdsec

Hands-on with Crowdsec

Crowdsec is an amazing tool that allows you to enroll a machine or VPS and have "Curated Threat Intelligence Powered by the Crowd." They have a great "Community Edition" that will allow you to set it up and quickly secure your machines and servers. First, create an account at Crowdsec.

Why you need a blog right now

Why you need a blog right now

If you are interested in starting a career in IT, or more specifically, Cybersecurity, there are some important steps you should take. One of those steps is creating a blog, website, or somewhere to show what you are learning. If you have never created a blog, I can help. Here

Hands-on with Push Security

Hands-on with Push Security

PushSecurity is an amazing tool that allows you to turn every employee's browser into a telemetry source and control point for defending workforce identities. I recently learned about PushSecurity from Dr. Gerald Auger on the Daily Cyber Threat Brief It is simple to setup, just create a free account and

Hands-on with Canary Tokens

Hands-on with Canary Tokens

Canary Tokens are a clever and inexpensive way to detect unauthorized access or malicious activity within a network. You can generate tokens for FREE at CanaryTokens.org Here are a few practical uses: 1. Detecting Unauthorized File Access * Use Case: Embed a canary token in a sensitive document (e.g.

Hands-on with Elastic SIEM

Hands-on with Elastic SIEM

I recently found a great tutorial from Gerald Auger on setting up the Elastic SIEM. I have been trying to become more familiar with security solutions that I haven't used before. The great part about this tutorial is that Gerry provides you with three bullet points that you can add

Hands-on with Wazuh

Hands-on with Wazuh

Wazah is an amazing SIEM (Security Information and Event Management) tool. It is free to use as a self-hosted solution. In this post, I will be explaining some practical ways to use Wazuh to harden the security of an Ubuntu server. If you are unfamiliar with Wazuh, I recommend watching

Hands-on with Nessus

Hands-on with Nessus

Last night, while doing some online training for Security+ I learned about Nessus Essentials. I have heard about Nessus for years on security podcasts, but always thought it was a paid-for enterprise tool. During my course, I learned about configuring Nessus Essentials. I was excited when I learned that this

All-In-One OSINT for websites

All-In-One OSINT for websites

This is a great tool that quickly reveals a lot of information about websites. Simply enter a domain name and click Analyze. The results include: * IP Info * SSL Chain * DNS Records * Cookies * Crawl Rules * Headers * Quality Metrics * Server Location * Associated Hosts * Redirect Chain * TXT Records * Server Status * Open Ports * Traceroute

Support OUR Rescue

Support OUR Rescue

I have recently discovered this organization and it is amazing. The work they do domestically and internationally is great. They are passionate about the work they do and genuinely care about the lives they help impact. They work in three areas: Operations They are on the ground assisting local law

Privacy and Security best practices

Privacy and Security best practices

There are several simple ways that you can increase your security. Here are just a few products that have been vetted by leaders in the industry. Even though many of these products have a FREE plan, they can be trusted. Secure Email Options: ProtonMail FREE Proton Mail is an email

OSINT Podcasts

There are many good lists of OSINT podcasts out there among the various StartMe pages related to OSINT. The problem is, that many of the podcasts mentioned haven’t released any episodes recently. This doesn’t mean that they aren’t still a valuable resource. Here are two lists of

Doing OSINT 4 good

Doing OSINT 4 good

For many years now, I have been interested in using my technical skills to help with investigations of illegal activity. During my 10 years in Law Enforcement, I wanted to get into computer crime investigation. Unfortunately, there weren't any openings, so I decided to volunteer to help out in that

Tailscale for OPSEC

Tailscale for OPSEC

Tailscale is an amazing tool. It allows you to connect all of your machines, without opening ports, etc. One great feature is the ability to use a machine on your tailnet as an "exit node". This means if you have a VPS in Canada, you can enable the exit node

The Harvester

I recently discovered a tool called TheHarvester that conducts recon on domain names. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources. There are several passive modules you can use during your information gathering, however, some require an API key. You need to be sure

Kali Anonsurf

I recently watched a YouTube video hosted by David Bombal, with OccupyTheWeb. They were talking about how to take steps to remain anonymous while doing pen testing or OSINT. OTW mentioned a tool called Anonsurf that provided a layer of anonymity by forcing all traffic to go through TOR (The

Conducting recon with Omnisci3nt

Conducting recon with Omnisci3nt

After seeing a post on LinkedIn by DailyOSINT about a tool called "Omnisci3nt" I decided to check it out. It just took a few minutes to get it up and running. git clone https://github.com/spyboy-productions/omnisci3nt.git cd omnisci3nt pip3 install -r requirements.txt python3 omnisci3nt.py It

Emails for Privacy and OPSEC

Emails for Privacy and OPSEC

There are several reasons why you would want to have a virtually unlimited amount of alias email addresses. First of all, for privacy, giving out your personal email address will likely ensure a ton of spam emails. It's a good idea to have a personal email address that you only

Genealogy Fever

Genealogy Fever

I love genealogy and researching my family history. I feel myself wanting to dive back into my research. I have been passionate about genealogy for a while, but a few years ago, I discovered something amazing. While researching WikiTree, I connected with a distant cousin in Canada, who informed me

Researching phone numbers with Phunter

Researching phone numbers with Phunter

This morning I saw a post on LinkedIn that mentioned a program called Phunter for researching phone numbers. When I hear of a new tool, I always need to check it out. I downloaded it and began to test it out. This tool has several options: The Target function seems

Learning the ropes in OSINT

Learning the ropes in OSINT

I have been reading blogs, watching videos and taking a few courses on My OSINT Training. I downloaded Obsidian and then grabbed the Obsidian template from Micah Hoffman over at My Osint Training. At first glance, the template from Micah is a bit overwhelming. I decided to find a target,

Getting familiar with Sherlock

Getting familiar with Sherlock

After having completed the free OSINT courses at My OSINT Training I decided to look into some of the less expensive paid courses. I discovered a course on Sherlock, led by Micah Hoffman It was a fairly short course, but very helpful. Sherlock is a tool designed to run locally

Great OSINT Training

Great OSINT Training

As I began learning more about OSINT, I discovered some great FREE training. The website My OSINT Training was created by Micah Hoffman and Griffin Glynn This site has some great FREE training, as well as more advanced paid courses. There is a wide variety of courses, including Social Media,

OSINT tool of the week

OSINT tool of the week

As I have been digging through OSINT blogs, websites, podcasts, etc. I have found some really great tools. The most recent tool I have found was created by Micah Hoffman it's called Whatsmyname.app The way it works is amazing and saves a lot of time. You add a username

OSINT tips with Whoxy

OSINT tips with Whoxy

I have been diving into several blogs and videos to learn about OSINT. I have found some great resources that I will share at the end of this post. I have been familiar with WHOIS for many years. Typically, I use it in the command line to research client's domains