Threat Intelligence and OSINT


Open-source intelligence (OSINT) covers the techniques and procedures practiced to retrieve targeted information from open-source networks containing immense amounts of data. This course teaches participants how to collect and analyze information using various tools and unique methods and apply targeted cyber intelligence to defensive operations to act on threats proactively. Students will collect information from the DarkNet, social networks, classifying diverse sources, and creating their automated tools for a more advanced data gathering process.

Duration: 40 hours

Target Audience
The course targets participants with a foundation understanding of the internet, who wish to gain advanced capabilities in open-source intelligence. Primarily:
• Threat intelligence analysts
• Cybersecurity professionals
• Law enforcement personnel
• Private investigators


  • ThinkCyber Level-1 Courses


  • Providing students with the all-source methodology of employing open-source intelligence gathering
  • Discovering the tools, techniques, and technologies needed to generate highly relevant intelligence
  • Creating tools in Bash for precise and customized data gathering
  • Understanding how to collect information from various social networks
  • Exploring the Darknet for its “undercover” information bases


Module 1: Introduction to OSINT

During the first module, participants will learn the fundamental concepts of open-source intelligence and cover basic data collection techniques. Students will set-up the virtual lab to serve them throughout the course for data collection, anonymous browsing, and more.

  • Introduction to OSINT
    o Becoming Anonymous
  • Building your Lab
  • Setting Virtual Private Network (VPN)
  • Proxy Layer
  • Differences
  • Working with VPS
  • DNS Leakage Testing
    o Reconnaissance of an Organization
    o Open-source intelligence Terminology and Definitions
    o Gray Areas and Ethics in OSINT
    o Building an OSINT Plan
  • Categorizing and Cataloging Information
  • Organizing and Formatting Data

Module 2: OSINT Tools and Search Engines

In this module, students will work with practical tools and search engines they will handle during the course for collecting data. Students will deepen their understanding between various information sources, and will focus on gathering data from social networks. One of the key capabilities’ participants will gain during this part is setting-up search engines and OSINT tools to work more effectively using automation.

  • Searching for OSINT information
    o Dive into Metadata
  • Common Files Metadata
  • Web Sites Metadata
  • People Search Engines
    o Types of OSINT Sources
    o Reverse Image Search
  • OSINT Tools
    o Online Tools and Frameworks
    o Introduction to Basic Bash Scripting and Automation
    o Extracting Information From Major Social Networks
  • Facebook
    o Facebook Search
    o The public and Private Profile
    o Undergoing Social Media
  • LinkedIn Data
  • Twitter Data
  • Instagram
  • Geolocation

Module 3: Advanced OSINT Tools and Search Engines

In this module, students will become familiar with a broader and more advanced array of OSINT tools and search engines. Students will understand how to use metadata and maximize the use of different filtering and customization options for searching. By the end of this session, students will acquire advanced capabilities of locating and extracting information much of the desired information.

  • Mastering Google Search Engine
    o Google Search Engine Advanced Search
    o Geographic Information Gathering
    o Searching in Different Languages
    o Building a Google Custom Search Engine
    o Reverse Image Search
    o Legal Concerns and Privacy Issues
  • OSINT tools in-depth
    o Crawlers
  • SpiderFoot
  • Maltego
  • Recon-NG
    o Mapping
  • Openrefine
  • Foca
  • SearchCode
    o Passive Target Scanners
  • Shodan
  • Metagoofil
  • Creepy
  • TinEye

Module 4: The Darknet

The Darknet is considered the most prominent source of vast amounts of relevant information that is not accessible through the usual network. During this module, participants will learn to use the Darknet, how to pinpoint the information they are looking for, collect it, use avatars, purchase databases with sensitive information, and activate different automated tools for browsing and extracting information from the Darknet.

  • Darknet overview
    o Understanding Global Internet Layers
    o Surface Web and Deep Web
    o Installing and Configuration of the Tor Browser
    o Darknet Search Engines
    o Installation and Security Concerns
    o The Tor UI
    o Onion System
    o Find Hidden Services
    o How Crawlers Operate
  • URLs Crawlers
  • Darknet Crawlers
  • Freenet
    o Understanding Cryptocurrency Marketing
  • Bitcoin
  • Wallets
  • The Process
  • Analyzing Databases from the Darknet
    o Using Leaked Password Databases

Module 5: Creating OSINT tools

The ability to create OSINT tools that will fill the needs for a specific task is precious. In this module, the students will learn to create OSINT tools using APIs and getting familiar with information sources.

  • Automated OSINT Tools
    o Collection Techniques
  • Search Engines
  • Social Network
    o Manual Website Scanning
    o Bash Scripting for OSINT
  • Working with APIs
    o Passive Reconnaissance
  • Static Analysis of HTML
  • Google Custom Search Engine
  • Social Monitoring