Certificate Transparency as a Timeline Source: Reading CT Logs Like a Forensic Notebook

When most people learn about Certificate Transparency, it gets framed as a browser-trust mechanism. CAs log every certificate they issue, browsers verify the proof, misissuance gets caught. That framing is correct but it buries the lead for OSINT work. For an investigator, CT is the single best chronologically ordered, publicly

RDAP vs WHOIS for OSINT: Why You Should Already Be Using the Modern Protocol

When a new investigation lands on my desk and the lead is a domain, my first instinct used to be whois example.com. Yours probably was too. That muscle memory served us well for thirty years. It also needs to go. As of January 28, 2025, ICANN no longer requires

Self-Hosting Changedetection.io for OSINT: Another one in the Why and How Series

In OSINT, what changes is often more telling than what's there. A scam site quietly swapping its wallet address. A target's bio losing a key phrase. A news outlet stealth-editing a quote three hours after publication. A vendor on a marketplace going dark for a week

Self-Hosting SearXNG for OSINT: Why and How

When you investigate, your search engine is part of your toolchain. Most OSINT practitioners spend more time in Google than in any specialized tool, and yet most of us pay almost no attention to what that means for the work. Google profiles you. It personalizes results based on your history.

Ghosts of Ayala

How Chinese and Vietnamese cyber-fraud syndicates rebuilt the POGO economy inside Makati’s condominium towers, eighteen months after the…

The Invisible Backbone of Modern OSINT: Why Residential Proxies Are Non-Negotiable for Serious…

An in-depth look at how residential IP infrastructure has quietly become the single most important OPSEC layer for threat intelligence…

The Top 8 OSINT Tools, Platforms, and Techniques Dominating the Investigative Landscape Today

A 2026 field guide to the platforms moving the needle for cyber analysts, journalists, and investigators, and why “open source” doesn’t…

The Advanced Wireshark Guide (4.6.5) aka Episode 2

Because the proof is still in the packets, but now we’re going to read what they’re actually saying.

The Ultimate Beginner’s Guide to Wireshark 4.6.5

Wireshark 4.6.5 just dropped 3 days ago, more than enough reason to revisit it, I wrote about and years ago but its time to do some new…

April 2026 Cyber Recap: The npm Bloodbath and other topics.

Monthly Cyber Recap — April 2026

93 Minutes on npm: Inside the Bitwarden CLI Supply Chain Attack

On April 22, 2026, for about an hour and a half, if you ran npm install -g @bitwarden/cli, you got malware.

The Factory Behind the Fake Bargain

How a global criminal industry turned online shopping into a trap — and why Germany keeps ending up in the crosshairs

The Axios npm Supply Chain Attack: A Complete Breakdown

On March 31, 2026, one of the most consequential software supply chain attacks in npm history unfolded over roughly three hours. The target…

Iran-Linked Handala claims the hack of the FBI Director’s Personal Email.

If you were watching your cyber news yesterday, you already know. On March 27, 2026, an Iran-linked hacking group called the Handala Hack…

Telegram Channel Monitor Gets Keyword Scanning and Archive Search

If you have been following this series, you know where we are. The first version was a command-line script. The second integrated…

Channel Monitor Gets a Standalone Web UI

If you have been following this series, you know the history. The first version was a command-line Python script — you ran it, it scraped a…

Building a Self-Hosted Dark Web Monitoring Portal Part 2 — The Darkweb Observatory

In Part 1, we built a basic self-hosted dark web monitor, a simple script scanning a handful of hardcoded onion links and publishing a…

The Iran Conflict and What It Means for Cybersecurity in Asia and Everywhere Else

If you have been following the news — and if you are in cybersecurity, you absolutely should be — you already know that February 28, 2026…

Weekly Update: Certificate Transparency, DNS Enrichment, OSINT Toolkit, and a Real Map in Your PDF

March 13, 2026

Weekly Update: Telegram Channel Monitor Is Now Built Into the Dashboard

March 6, 2026

How I Built a Telegram Channel Monitor for OSINT During the Iran Conflict

Edit: I have added multi language support for this so i renamed this and dropped the Farsi from the title, it now supports:

Kali Linux Meets Claude AI: Is Natural Language Pentesting going to make a difference?

Kali Linux Meets Claude AI: Natural Language Pentesting

Weekly Update: What Got Built on the Threat Intelligence Platform This Week

February 22, 2026

Building a Threat Intelligence Platform for Philippine companies

February 2026

Building a Self-Hosted Dark Web Monitoring Portal in 30 minutes

In today’s article, we will turn a local box running Ubunto into an Automated Dark Web Monitor. It will scan a list of target onion sites…