OSINTPH BLOG

OSINTPH BLOG

Sign in Subscribe

Forensics on a Budget: Cryptocurrency Tracing Without a Chainalysis License

Introduction: The Myth of the Magic Button

Ghosts of Ayala

Ghosts of Ayala

How Chinese and Vietnamese cyber-fraud syndicates rebuilt the POGO economy inside Makati’s condominium towers, eighteen months after the…

The Invisible Backbone of Modern OSINT: Why Residential Proxies Are Non-Negotiable for Serious…

The Invisible Backbone of Modern OSINT: Why Residential Proxies Are Non-Negotiable for Serious…

An in-depth look at how residential IP infrastructure has quietly become the single most important OPSEC layer for threat intelligence…

The Top 8 OSINT Tools, Platforms, and Techniques Dominating the Investigative Landscape Today

The Top 8 OSINT Tools, Platforms, and Techniques Dominating the Investigative Landscape Today

A 2026 field guide to the platforms moving the needle for cyber analysts, journalists, and investigators, and why “open source” doesn’t…

The Advanced Wireshark Guide (4.6.5) aka Episode 2

The Advanced Wireshark Guide (4.6.5) aka Episode 2

Because the proof is still in the packets, but now we’re going to read what they’re actually saying.

The Ultimate Beginner’s Guide to Wireshark 4.6.5

The Ultimate Beginner’s Guide to Wireshark 4.6.5

Wireshark 4.6.5 just dropped 3 days ago, more than enough reason to revisit it, I wrote about and years ago but its time to do some new…

April 2026 Cyber Recap: The npm Bloodbath and other topics.

April 2026 Cyber Recap: The npm Bloodbath and other topics.

Monthly Cyber Recap — April 2026

93 Minutes on npm: Inside the Bitwarden CLI Supply Chain Attack

On April 22, 2026, for about an hour and a half, if you ran npm install -g @bitwarden/cli, you got malware.

The Factory Behind the Fake Bargain

The Factory Behind the Fake Bargain

How a global criminal industry turned online shopping into a trap — and why Germany keeps ending up in the crosshairs

The Axios npm Supply Chain Attack: A Complete Breakdown

The Axios npm Supply Chain Attack: A Complete Breakdown

On March 31, 2026, one of the most consequential software supply chain attacks in npm history unfolded over roughly three hours. The target…

Iran-Linked Handala claims the hack of the FBI Director’s Personal Email.

Iran-Linked Handala claims the hack of the FBI Director’s Personal Email.

If you were watching your cyber news yesterday, you already know. On March 27, 2026, an Iran-linked hacking group called the Handala Hack…

Telegram Channel Monitor Gets Keyword Scanning and Archive Search

Telegram Channel Monitor Gets Keyword Scanning and Archive Search

If you have been following this series, you know where we are. The first version was a command-line script. The second integrated…

Channel Monitor Gets a Standalone Web UI

Channel Monitor Gets a Standalone Web UI

If you have been following this series, you know the history. The first version was a command-line Python script — you ran it, it scraped a…

Building a Self-Hosted Dark Web Monitoring Portal Part 2 — The Darkweb Observatory

Building a Self-Hosted Dark Web Monitoring Portal Part 2 — The Darkweb Observatory

In Part 1, we built a basic self-hosted dark web monitor, a simple script scanning a handful of hardcoded onion links and publishing a…

The Iran Conflict and What It Means for Cybersecurity in Asia and Everywhere Else

The Iran Conflict and What It Means for Cybersecurity in Asia and Everywhere Else

If you have been following the news — and if you are in cybersecurity, you absolutely should be — you already know that February 28, 2026…

Weekly Update: Certificate Transparency, DNS Enrichment, OSINT Toolkit, and a Real Map in Your PDF

Weekly Update: Certificate Transparency, DNS Enrichment, OSINT Toolkit, and a Real Map in Your PDF

Weekly Update: Telegram Channel Monitor Is Now Built Into the Dashboard

Weekly Update: Telegram Channel Monitor Is Now Built Into the Dashboard

How I Built a Telegram Channel Monitor for OSINT During the Iran Conflict

Edit: I have added multi language support for this so i renamed this and dropped the Farsi from the title, it now supports:

Kali Linux Meets Claude AI: Is Natural Language Pentesting going to make a difference?

Kali Linux Meets Claude AI: Is Natural Language Pentesting going to make a difference?

Kali Linux Meets Claude AI: Natural Language Pentesting

Weekly Update: What Got Built on the Threat Intelligence Platform This Week

Weekly Update: What Got Built on the Threat Intelligence Platform This Week

February 22, 2026

Building a Threat Intelligence Platform for Philippine companies

Building a Threat Intelligence Platform for Philippine companies

Building a Self-Hosted Dark Web Monitoring Portal in 30 minutes

Building a Self-Hosted Dark Web Monitoring Portal in 30 minutes

In today’s article, we will turn a local box running Ubunto into an Automated Dark Web Monitor. It will scan a list of target onion sites…

Staying Informed on Cybersecurity: A simple Guide that everybody can use

Staying Informed on Cybersecurity: A simple Guide that everybody can use

You don’t need to be a tech expert to stay on top of cybersecurity threats. This guide has some great resources to help you keep up with…

Leveraging the Public Domain: Open Source Threat Intelligence (OSTI) for Proactive Cybersecurity

Leveraging the Public Domain: Open Source Threat Intelligence (OSTI) for Proactive Cybersecurity

Introduction: The Need for Proactive Defense

IntelBroker: A closer look into a Prolific Cybercrime Threat Actor

IntelBroker: A closer look into a Prolific Cybercrime Threat Actor