Sign in Subscribe

OSINT Academy Week 1

I am so thankful to have the opportunity to participate in the training offered by the OSINT Academy and the Hetherington Group. Week one began on Monday, March 24th. I began my morning at 4 a.m., eager to dive into the training. I had already determined that I would

Professional Networking Tips

Let me just start off by saying that I am in no way an expert on "Networking". So why am I writing a blog post about this topic? The reason is that I want to help people who may be less familiar, or new to networking to build their online

OSINT-Advanced Search Operators

Advanced Search Operators are very powerful. Knowing how to properly use them could mean the difference between finding the specific information you are looking for and being overwhelmed with tons of not so relavant information. It is also very important to use multiple search engines to ensure that you have

Make the most of your mistakes

While recently watching a YouTube video created by my friend "Brews-n-Hacks" (Ryan) I saw that he had added a "Bloopers" reel to the end of his video. This made me laugh, and I started to think about mistakes I have made when recording videos. For those new to creating content,

uBlock Origin Alternatives

As of February 26, 2025, Google Chrome has begun disabling and suggesting the removal of extensions that are not updated for Manifest V3, particularly affecting popular extensions like uBlock Origin. Note: Manifest V3 (MV3) is the latest version of the extension platform for Chromium-based browsers (like Chrome, Edge, and Brave)

privacy

Using Expired Domains for OPSEC

A few years ago, after listening to the podcast by Michael Bazzell (which I really miss) I decided to explore using "expired domains" as a layer of operational security. I visited the website expireddomains.net and began looking for a domain that had a reasonable reputation, and a name that

Hands-on with My OSINT Training

If you are not yet familiar with Micah Hoffman and Griffin Glynn these two guys are great! They are the owners of My OSINT Training an amazing platform for learning about OSINT. Micah and Griffin don't just show you a list of tools, they are experts who are both passionate

LetsDefend training

I am always looking for a great deal on cybersecurity training. With the cost of living being so high, we are all looking for ways to level up our skills, without breaking our budget. I recently began studying for the CompTIA CySA+ exam using the course from Dion Training. While

TLDR Wazuh setup

Create two servers on Linode: * 1GB Ubuntu for the agent * 4GB Ubuntu for the server Note:This is the minimum requirement On the server machine 1. Connect to the "server" via SSH and run apt update 2. Next, run curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo

Publishing your first video

If you are passionate about technology like I am, you want to share with the community. But, what if you are an introvert, shy, or just not good at public speaking? How do you overcome the fear of stepping out of your comfort zone? I have heard people say that

FREE non-persistent web-based Firefox browser

Possible use case: Setting up a non-persistent stand alone Firefox web browser for performing OSINT research. You might be wondering what I'm talking about. Basically, I'm referring to running the Firefox web browser inside a Docker container. The "free" aspect comes from utilizing Amazon's EC2 (Elastic Compute Cloud). Why not

Hands-on with Crowdsec

Crowdsec is an amazing tool that allows you to enroll a machine or VPS and have "Curated Threat Intelligence Powered by the Crowd." They have a great "Community Edition" that will allow you to set it up and quickly secure your machines and servers. First, create an account at Crowdsec.

Why you need a blog right now

If you are interested in starting a career in IT, or more specifically, Cybersecurity, there are some important steps you should take. One of those steps is creating a blog, website, or somewhere to show what you are learning. If you have never created a blog, I can help. Here

Hands-on with Push Security

PushSecurity is an amazing tool that allows you to turn every employee's browser into a telemetry source and control point for defending workforce identities. I recently learned about PushSecurity from Dr. Gerald Auger on the Daily Cyber Threat Brief It is simple to setup, just create a free account and

Hands-on with Canary Tokens

Canary Tokens are a clever and inexpensive way to detect unauthorized access or malicious activity within a network. You can generate tokens for FREE at CanaryTokens.org Here are a few practical uses: 1. Detecting Unauthorized File Access * Use Case: Embed a canary token in a sensitive document (e.g.

Hands-on with Elastic SIEM

I recently found a great tutorial from Gerald Auger on setting up the Elastic SIEM. I have been trying to become more familiar with security solutions that I haven't used before. The great part about this tutorial is that Gerry provides you with three bullet points that you can add

Hands-on with Wazuh

Wazah is an amazing SIEM (Security Information and Event Management) tool. It is free to use as a self-hosted solution. In this post, I will be explaining some practical ways to use Wazuh to harden the security of an Ubuntu server. If you are unfamiliar with Wazuh, I recommend watching

Hands-on with Nessus

Last night, while doing some online training for Security+ I learned about Nessus Essentials. I have heard about Nessus for years on security podcasts, but always thought it was a paid-for enterprise tool. During my course, I learned about configuring Nessus Essentials. I was excited when I learned that this

osint

All-In-One OSINT for websites

This is a great tool that quickly reveals a lot of information about websites. Simply enter a domain name and click Analyze. The results include: * IP Info * SSL Chain * DNS Records * Cookies * Crawl Rules * Headers * Quality Metrics * Server Location * Associated Hosts * Redirect Chain * TXT Records * Server Status * Open Ports * Traceroute

Featured

Support OUR Rescue

I have recently discovered this organization and it is amazing. The work they do domestically and internationally is great. They are passionate about the work they do and genuinely care about the lives they help impact. They work in three areas: Operations They are on the ground assisting local law

Privacy and Security best practices

There are several simple ways that you can increase your security. Here are just a few products that have been vetted by leaders in the industry. Even though many of these products have a FREE plan, they can be trusted. Secure Email Options: ProtonMail FREE Proton Mail is an email

OSINT Podcasts

There are many good lists of OSINT podcasts out there among the various StartMe pages related to OSINT. The problem is, that many of the podcasts mentioned haven’t released any episodes recently. This doesn’t mean that they aren’t still a valuable resource. Here are two lists of

Doing OSINT 4 good

For many years now, I have been interested in using my technical skills to help with investigations of illegal activity. During my 10 years in Law Enforcement, I wanted to get into computer crime investigation. Unfortunately, there weren't any openings, so I decided to volunteer to help out in that

Tailscale for OPSEC

Tailscale is an amazing tool. It allows you to connect all of your machines, without opening ports, etc. One great feature is the ability to use a machine on your tailnet as an "exit node". This means if you have a VPS in Canada, you can enable the exit node

The Harvester

I recently discovered a tool called TheHarvester that conducts recon on domain names. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources. There are several passive modules you can use during your information gathering, however, some require an API key. You need to be sure