#threat-intelligence

An email address looks like a single string. To a working OSINT operator, it's a key that unlocks a phone number's last two digits, a Google review trail, three breached passwords, a GitHub commit signed with a real name, and a Skype handle the target forgot they ever had. PERSINT email investigation is the discipline …

Open TikTok with an investigator's eye and you stop seeing dance trends. You see a billion-user search engine that ships every video with a hidden timestamp, a sound graph that links accounts the user never thought to hide, and an algorithm that quietly narrates which narratives are being pushed where. The platform tha…

Telegram is not a messenger. It is the open graph of every conflict, every leak, and every crime market that doesn't want to live on the open web — and most of it is publicly readable if you know where to point the camera. That is why SOCMINT on Telegram stopped being a niche skill around 2022 and became table stakes…

Discord stopped being "just a gamer chat" a long time ago. A 22-year-old airman leaked classified Pentagon documents on a server called Thug Shaker Central. The 2017 Charlottesville rally was planned over Discord servers. A scraper called Spy.pet sold over 4 billion messages from 620 million users for $5 a query before…

Open-source intelligence (OSINT) is a discipline of restraint as much as discovery. Anyone can scrape a profile or run a username search, but professional investigators are judged on whether their work is scoped, lawful, repeatable, and safe — for them, for their subjects, and for the integrity of the case. This guid…

On August 10, 2025, soxoj pushed version 0.5.0 of Maigret to PyPI, bringing the username-investigation tool to its most capable state since the project forked from Sherlock in 2021. By the time Michael Bazzell's IntelTechniques team updated their OSINT virtual machine on April 4, 2026 — modifying user.sh, linux.txt, …