Three of the most popular OSINT frameworks each take a different approach. Maltego is the visual link-analysis platform; SpiderFoot is the automated scanning engine; Recon-ng is the modular CLI workflow. Here is when to reach for each.
Jesse William McGraw
Jesse William McGraw
Jesse William McGraw, also known as GhostExodus, is a former insider threat and threat actor. He became the first person in recent U.S. history to be convicted of corrupting industrial control systems. Today he focuses on threat intelligence, OSINT, and public speaking, using his knowledge to bring awareness to the security risks that organisations and individuals face.
For investigations of organisations, infrastructure, threat actors, or attack surface, the DNS and certificate ecosystem is one of the most productive places to look. Here are the tools — Certificate Transparency logs, passive DNS, and modern recon platforms — and how to use them well.
Locating a photograph or video to a specific spot on Earth is one of the most distinctive OSINT skills. Bellingcat’s geolocation work has cracked everything from MH17 to Russian war-crimes investigations. Here is how the technique actually works.
Reverse image search is one of the most useful OSINT primitives. Google was the original; in 2026 Yandex, TinEye, Bing Visual Search, and a handful of specialised tools each find different things. Here is when to use which, and what limits each one.
Open-Source Intelligence is older than the internet but has been transformed by it. Here is what OSINT actually is, what distinguishes it from passive web searching, the ethical lines that matter, and the tools that practitioners actually use.
Differential privacy is the mathematical technique that lets a company compute aggregate statistics over its users while provably bounding what can be learned about any individual. Apple, Google, and the US Census Bureau use it. Here is how it actually works, where the guarantee holds, and where it fails.
The two mobile operating systems have arrived at recognisably different privacy postures over the past five years. Apple’s App Tracking Transparency, Google’s Privacy Sandbox, and the steady accretion of features in both have produced a comparison that is still close — but no longer symmetric.
Every connection on the internet starts with a DNS lookup, and for most of the internet’s history those lookups have been completely unencrypted. The shift to encrypted DNS — DoH, DoT, ECH — is one of the quieter but most consequential privacy upgrades of the decade.
Virtual Private Networks are aggressively marketed as solving privacy and security problems they often do not solve. Here is what a VPN actually does, the realistic threat model where it helps, and how to evaluate which providers are credible in 2026.
Even with all cookies blocked and all trackers disabled, the browser leaks enough information to be uniquely identified across the web. Browser fingerprinting is the surveillance technology that makes “private browsing” much less private than the name suggests.