Blog

OSINT methodology for security professionals.

• projectdiscovery httpx: HTTP Enumeration at Scale

  2026-06-15

  How projectdiscovery httpx works, where it fits between subfinder and nuclei, how it compares to httprobe and EyeWitness, and a reproducible recon recipe.

• Who Runs The Gentlemen Ransomware Group?

  2026-06-15

  OSINT tradecraft and threat intelligence takeaways from Krebs's attribution investigation into The Gentlemen ransomware group—now second by victim count.

• OSINT Dojo: Reconstructing a Synthetic-Operator Chain

  2026-06-07

  A methodology walkthrough of an OSINT Dojo training scenario: username pivots, email artifacts, image analysis, and confidence statements at each step.

• maigret: Username Recon Across 3,000+ Sites

  2026-06-07

  How soxoj/maigret works, where it beats Sherlock and WhatsMyName, and a reproducible CLI recipe for building a structured identity dossier.

• Influence Operation Analytic Signatures: A DFRLab-Anchored Method

  2026-06-01

  How DFRLab structures influence operation attribution: narrative cloning, cluster topology, temporal anomalies, and confidence framing for working analysts.

• BBOT: Recursive Recon for External Attack Surface Mapping

  2026-06-01

  How blacklanternsecurity/bbot's event-graph model works, where it beats Amass and Subfinder pipelines, and a passive scan recipe you can run in 10 minutes.

• SS7 and Diameter: Mobile Network Espionage Tradecraft

  2026-06-01

  Citizen Lab and HPI's exchange on telecom-layer surveillance maps real SS7/Diameter attack patterns. Here's what it means for red teamers, defenders, and OSINT practitioners.

• CISA's Leaked GovCloud Keys: What Practitioners Should Do

  2026-05-25

  A CISA contractor deliberately pushed AWS GovCloud keys to public GitHub. Here's the offensive and defensive analysis—and the concrete steps that follow.

• MH17 BUK Route Reconstruction: OSINT Methodology

  2026-05-17

  How Bellingcat traced the MH17 BUK transporter using dashcam footage, social media imagery, and satellite corroboration — a step-by-step methodology breakdown.

• ivre: Self-Hosted Network Recon Framework

  2026-05-17

  ivre gives you Shodan-style querying over scan data you own. Here's how it fits an analyst's workflow and how to stand it up in under ten minutes.

• Patch Tuesday May 2026: What the Volume Spike Signals

  2026-05-15

  Near-record patch volumes from five major vendors in May 2026 aren't a fluke. Here's what the data signals for offensive and defensive security workflows.

• OSINT Methodology for Security Professionals

  2026-04-28

  A structured OSINT methodology for security professionals — from requirements through evidence packaging, source diversity, and confidence vocabulary across pentest, bug bounty, and threat intel.

• Domain & Infrastructure OSINT for Pentest Recon

  2026-04-28

  A practical guide to domain and infrastructure OSINT pentest recon: CT logs, passive DNS, Shodan, Censys, urlscan, certificate pivoting, and scope boundaries.

New posts roughly weekly. Subscribe →