After this lesson, you will be able to: Use OSINT collection, for both defensive recon and red team prep.
OSINT (Open Source Intelligence) is the systematic gathering of publicly available info. Red teams use it to map your attack surface; blue teams use it to anticipate threats.
Search engines (Google, Bing, DuckDuckGo). Social media (LinkedIn for org charts, Twitter for breach announcements). Code (GitHub for leaked secrets). Web archives (Wayback Machine). Domain/cert (crt.sh, censys, shodan). Job postings (tech stack disclosure).
Search operators that turn Google into an OSINT engine:
site:targetcompany.com filetype:pdf # all PDFs on their sitesite:targetcompany.com "confidential" # leaked docssite:linkedin.com/in "Engineering" "TargetCo" # employee listsite:github.com "TARGETCO" password # leaked secretssite:pastebin.com "@targetcompany.com" # leaked emails
Run the same queries against YOUR org. What's public? What did employees post on LinkedIn? Are there secrets on GitHub? This is your attack surface.
Sign in and purchase access to unlock this lesson.