What do you read and who do you follow to stay on top of your OSINT game?
This time I’ve decided to share my own list (not exhaustive – see below for reasons why) of blogs that touch on subjects related to OSINT, privacy and cyber security in general.
Practicing OSINT is a bit like taking a shower – you don’t just take a shower once and stay clean forever. To remain knowledgeable and not get rusty, you need to regularly practice your OSINT tradecraft and stay informed of what is happening in the community and the industry at large.
So hopefully this list of reading resources (in alphabetical order) will help you achieve that.
- Bellingcat – a fine blog and a great newsletter by the famous, renowned and respected (or despised, in this case by the Russian government) collective of investigative journalists.
- Bleeping Computer – well known for their coverage of malware and ransomware, Bleeping Computer is often the very first outlet to comprehensively cover a breaking story. A1 level of infosec journalism.
- Bushido Token – a threat intel site ran anonymously by a well-experienced security researcher. Great insights on various tools and investigative methodologies. Multiple topics covered.
- Cyber Shafarat – they write about topics related to cyber security and investigations, relevant to the Middle East and Asia. Solid coverage of other issues such as jihadism or leaked intelligence.
- Cyber Threat Intelligence – weekly overview of past or on-going cyber security incidents, as well as some thorough analysis of emerging threats.
- Daniel Miessler – a versatile blog from a well known security pro and writer. Regularly covers infosec and privacy news. A unique voice that links issues of technology, futurism, philosophy and morality.
- Dark Reading – news, updates, commentaries and product releases. This is more of a news outlet than a blog, but decided to add it to this list due to valuable content they publish.
- DFIR Diva – contains info on events, certifications, learning materials as well as general advice. Written by a female infosec professional with more certs and creds than most men in the industry.
- E-Forensics Magazine – a blog with the abundance of content concerning digital forensics, online investigations, reviews of tools and more. They also offer a variety of online courses.
- Graham Cluley – a very well regarded independent author, speaker and podcaster with decades of experience. His content is often as entertaining as it is educational.
- Hackers Arise – literally, a ton of resources, guides and articles on the subjects of cyber security, OSINT, hacking – on top of various paid training options and books.
- Hakin9 – a sister website of E-Forensics Magazine, but with the focus on hacking. Regularly publishes articles of varying degrees of technical complexity. Good tools and methodology reviews.
- Hatless1der – another blog by a very active contributor to the OSINT community. He built a very useful list of tools and resources; his blog features some “in real life” applications of OSINT.
- Intel Techniques – a blog (plus a great podcast!) by one of the best book authors and a leader in OSINT and extreme privacy. A must-have addition to the reading list of any OSINT practitioner.
- Krebs on Security – a blog by the industry’s legend that requires no introduction. Great coverage of cyber crime, scams, frauds, malware and botnet attacks. Top notch investigative research too.
- NixIntel – a blog written by a fellow former LE investigator, with some great OSINT tips, example investigations and hands on advice. You better like Linux too!
- Offensive Osint – contains some fascinating deep dives into tools, techniques and some thorough investigations. High level of technical details plus some very useful tutorials.
- Osint Curious – a collective of OSINT professionals and enthusiasts, doing massive educational work for the community: from live streams, podcast, vlog and blog entries, to their new Discord channel.
- Out3r Space – a niche blog and not strictly OSINT related, yet with some very interesting insights and often highly technical expertise. Written by a person with years of experience in blogging.
- PhishLabs – threat intelligence news and updates. Detailed reports, accessible after signing up for the mailing list.
- Secjuice – weekly contributions by multiple authors. They have hundreds of articles on cyber security, technical guides, plus dozens of walkthroughs for various Hack The Box machines.
- Sector035 – regarded as one of the most regular and thorough contributors to the OSINT community. Known for the “Week in OSINT” digest, solid reviews and hands on walkthroughs.
- Skopenow – some really good news and updates from the realm of online investigations. Covers most recent scams and frauds on both the clearnet and the darkweb.
- Wondersmith_rae – a personal blog hosted on Medium by a well-known OSINT practitioner, author, public speaker – she is also an active contributor to multiple open source intel initiatives.
PS. There are many more blogs and websites that could have (and probably should have) made this list – however, some of those authors publish infrequently while others seem to take long breaks from their blogging activities. I decided to leave out those who have not published any new content in the last say 5-6 months, or who switched their websites to maintenance mode.
Have any good suggestions for other blogs or websites? Share them please in the comments below.