Intelligence

Open-source intelligence from domain records, Shodan, breach databases, geolocation and dark-web sources, plus the tools and methodology to bring it together.

1. 01OSINT foundations and methodologyWhat open-source intelligence is, the intelligence cycle, the passive/active distinction, legal constraints, and investigator OPSEC.~5 min read
2. 02Domain, DNS and infrastructure intelligenceWHOIS, DNS record enumeration, certificate transparency, Shodan, Censys, BGP/ASN lookups and tech-stack fingerprinting.~6 min read
3. 03People, identity and social media OSINTEmail discovery, username enumeration, LinkedIn and social media intelligence, reverse image search and phone number lookup.~6 min read
4. 04Search engine dorking and web archivesGoogle and Bing dork operators, the Wayback Machine, paste sites, GitHub secret scanning and document metadata extraction.~6 min read
5. 05Geolocation, imagery and physical intelligencePhoto geolocation from EXIF and visual clues, WiGLE, satellite imagery, aircraft and ship tracking, and cell tower databases.~8 min read
6. 06Breach data, dark web intelligence and OSINT toolingBreach data sources, dark web search, OSINT frameworks, automation tools (theHarvester, recon-ng, Maltego, SpiderFoot, Amass) and target-profile methodology.~8 min read