A practitioner’s deep-dive on OSINT.industries — what it returns for username and email queries, how I use it for journalism and due diligence, and the ethics framework I won’t run a query without.
Jesse William McGraw
Jesse William McGraw
Jesse William McGraw, also known as GhostExodus, is a former insider threat and threat actor. He became the first person in recent U.S. history to be convicted of corrupting industrial control systems. Today he focuses on threat intelligence, OSINT, and public speaking, using his knowledge to bring awareness to the security risks that organisations and individuals face.
A practitioner’s tutorial for investigating a suspicious URL safely — fingerprinting the kit, attributing it to a campaign, and reporting it to takedown services. Real tools, step-by-step, no enterprise budget required.
A step-by-step tutorial for building a free malware analysis sandbox at home — Windows reverse-engineering with FlareVM, Linux analysis with REMnux, and automated detonation with Cuckoo.
A practitioner’s tutorial for assembling a working threat-actor profile from public sources — MITRE ATT&CK for TTPs, Mandiant and CrowdStrike for attribution context, Malpedia for malware lineage, plus a clean note-taking template.
A practitioner’s tutorial for checking whether your email, your domain, or your employees show up in fresh infostealer logs — using Hudson Rock’s free tools, IntelX, Have I Been Pwned, and a couple of paid options worth the spend.
A practitioner’s look inside the “cloud of logs” subscription model — what attackers pay, what they get, and the operational mechanics that turn raw infostealer output into a productised threat.
Stealing your password used to be the goal. In 2026 it’s the consolation prize — modern infostealers go for session cookies, which let attackers impersonate authenticated users without needing to defeat MFA. Here’s how the model works.
A practitioner’s forensic playbook for working backwards from a stealer log to the originating infection — what the log file structure tells you, where the malware sits, and how to clean it up properly.
Hospitals have been the worst ransomware targets for half a decade and the attacks keep getting worse, not better. A practitioner’s look at why the sector remains uniquely vulnerable and what’s finally starting to help.
A practitioner’s guide to ransomware negotiation in 2026 — what professional negotiators do, what amateurs get wrong, and how the conversation has changed since the 2024 takedowns.