OSINT: How to Find, Use, and Control Open-Source Intelligence

by Leonardo Núñez || Guest Author

This article was originally published in the InfoSec Survival Guide: Green Book. Find it free online HERE or order your $1 physical copy on the Spearphish General Store.

What Is OSINT?

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.). Information found on social media, in books, public reports, news articles, and press releases are good examples.

Best OSINT Practices

Keep it Legal: Ensure that all the activities performed comply with relevant data privacy and protection laws.
Stay Ethical: Ensure to respect the individuals’ privacy rights.
Think about Risk: Conduct a risk assessment before undertaking investigations to identify potential legal, ethical, and operational risks.
Information Protection: Implement robust information security measures to protect collected data from unauthorized access or disclosure.
Transparency: Document methodology, sources, and findings to ensure reproducibility of your process on how to find the information.

What Are Some Tools?

Search Engines: One of the most basic and useful tools, search engines index almost everything possible.
Social Media Platforms: Contain vast amounts of user-generated content.
Metadata Analysis Tools: Tools like ExifTool allow you to look at the metadata embedded in files.
TraceLabs’ OSINT VM: A virtual machine with numerous pre-installed tools useful for OSINT, but the main benefit is a separate system you can delete once you’re done with the investigation.
The OSINT Framework: Framework containing a comprehensive mind map of tools needed to discover different types of information such as usernames, email addresses, public records, and more.

Tips & Tricks to Perform Effective OSINT

Define Goals: Clearly define your objectives and the type of information you seek before starting, that way you won’t stray off from the information you’re seeking.
Use Multiple Sources: Finding information from multiple sources to verify its accuracy and reliability will keep it truthful.
Be Creative: Employ creative search strategies and utilize lesser-known sources to uncover hidden information. Exploring seemingly unrelated sources or using unconventional methods might be the key to finding that missing piece of information.
Protect Your Identity: Use VPNs and anonymous browsing tools to protect your identity while conducting OSINT investigations. Also, use sock puppets (sans.org/blog/what-are-sockpuppets-in-osint/) to search through social media.
Keep Records: Maintain detailed records of your findings — including timestamps, sources, and screenshots — to ensure accountability and reproducibility.
Collaborate: Engage with other OSINT practitioners and analysts to leverage collective expertise and resources.
Keep Learning: Make sure to stay up to date with novel techniques on how to find information. My OSINT Training, OSINT Combine, and TCM Security provide excellent courses which you can use to start, as well as improve upon, your existing OSINT skills.

How to Protect Against OSINT

Check Privacy Settings: Review the privacy settings of the OSINT sources you’re using, especially social media platforms, which tend to track as much personal information as possible.
Careful Sharing: Be careful of what and when you are sharing on the internet, and consider the possible consequences of oversharing.
Monitor Online Presence: Use monitoring tools to track your online presence and make sure that no sensitive information is available online.
Limit Your Public Information: Minimize the information shared on public platforms.
Protect Your Data: Employ secure passwords and MFA to safeguard against unauthorized access to sensitive data.

---

---

---

---