Micah Hoffman's Blog
This short, resource-filled blog post is a companion to a SANS Institute live stream from 2 June 2021. About the speakers: Micah Hoffman (@WebBreacher) is the author of the SANS SEC487 OSINT (Open-Source Intelligence) course: https://sans.org/sec487Chris Crowley (@CCrowMontance) is the author of the SOC (Security Operations Center) Class: https://soc-class.com/ Abstract Whether you are an analyst... Continue Reading →
Just gave a SANS @MIC talk and wanted to share the links to the sites and tools I discussed. A video of the talk is below: https://www.youtube.com/watch?v=BVFhMqktkeE https://osintcurio.us/http://osintframework.dehttp://www.cnn.com/robots.txthttps://www.cisco.com/robots.txthttps://www.apple.com/robots.txthttps://map.snapchat.com/@30.943495,41.053944,3.75zhttps://whatsmyname.app/https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/https://untappd.com/NorthernMonkhttps://untappd.osint.ninjahttps://wifi.xfinity.com/https://viewdns.info/https://www.osintcombine.com/data-visualization-toolhttps://haveibeenpwned.com/https://dehashed.com/https://sans.org/sec487https://github.com/webbreacher/untappdscraperInstant Data Scraper Google Chrome Extension
I've been working with some of the amazing people in the OSINT world for a while. Most are amazing and so willing to share ideas. So we decided to create a trusted, online resource at https://OSINTCurio.us Definitions OSINT - "a method of using open source tools to collect information from publicly available sources and then... Continue Reading →
This is a guest post by David Mashburn (@d_mashburn, https://www.sans.org/instructors/david-mashburn), Certified SANS Instructor and cyber ninja! OSINT isn't just about doing pre-attack recon. It is often leveraged by defenders as part of the incident response and investigation process. One of the most common applications of OSINT for a defender is to perform lookups on available... Continue Reading →
For those of you that have been the targets of SPAM or phishing or perhaps for those of you that are cyber defenders, how many times have you heard "I have no idea how the attacker got my personal email address." I have a secret to share with you. [Come a little closer to the... Continue Reading →
At work I was given the task of figuring out at least one method to find some of the domains that were registered by my company's employees but that we may not have known that they registered. Anyone can visit GoDaddy or PSI or 1and1 and register a domain. We wanted to find out anyone... Continue Reading →