Infostealer malware quietly extracts saved passwords, session cookies, and crypto wallets from infected machines, packages them into “logs”, and sells them on Telegram for a few dollars. Here is what those logs actually contain, who buys them, and why they have become the dominant precursor to modern breaches.
Bellingcat has, more than any other organisation, defined what serious open-source investigation looks like in practice. The MH17, Skripal, and Russian-spy investigations are landmark cases. Here is the methodology they developed and how it can be applied.
Social-media OSINT was easier in 2018 than it is in 2026. Twitter’s API restrictions, Meta’s hardening, and the migration of communities to Telegram and Discord have reshaped what is possible. Here is the current state of the art across the major platforms.
Shodan, Censys, ZoomEye, FOFA, BinaryEdge, and a small set of others continuously scan every public IP on the internet and index what they find. They are essential tools for security research, attack-surface management, and OSINT. Here is the comparison.
Passive DNS is the recording of what DNS lookups have happened across the internet. For threat intel and OSINT investigations, it is one of the most powerful single data sources — it lets you see history that current DNS records cannot reveal.
Ransomware leak sites are the public-facing front of double-extortion operations. Tracking them — what’s posted, when, by which group, against which victim — is a useful OSINT skill for threat intelligence, journalism, and breach victim notification.
Three of the most popular OSINT frameworks each take a different approach. Maltego is the visual link-analysis platform; SpiderFoot is the automated scanning engine; Recon-ng is the modular CLI workflow. Here is when to reach for each.
For investigations of organisations, infrastructure, threat actors, or attack surface, the DNS and certificate ecosystem is one of the most productive places to look. Here are the tools — Certificate Transparency logs, passive DNS, and modern recon platforms — and how to use them well.
Locating a photograph or video to a specific spot on Earth is one of the most distinctive OSINT skills. Bellingcat’s geolocation work has cracked everything from MH17 to Russian war-crimes investigations. Here is how the technique actually works.
Reverse image search is one of the most useful OSINT primitives. Google was the original; in 2026 Yandex, TinEye, Bing Visual Search, and a handful of specialised tools each find different things. Here is when to use which, and what limits each one.