A founding member of the OSINT Curious Project joins us to give practical tips and advice for researchers. We discuss tools, tradecraft and trends with Micah Hoffman.
Micah Hoffman is the Principal Investigator of Spotlight Infosec, the founder of the My OSINT Training company, the co-founder of the OSINT Games experiential learning organization, and has been working in the OSINT and cyber fields for decades.
As a leader in the open-source intelligence community and the current President of The OSINT Curious Project non-profit, Micah engages, educates, and entertains audiences around the world by combining his broad OSINT and cyber knowledge with stories and humor. Whether he is demonstrating a specific OSINT skill or revealing new tools and techniques, Micah infuses his speaking and teaching engagements with energy and delivers talks that influence, amuse, and educate. His passion is learning, sharing OSINT tactics and techniques, and giving back to the communities he helped to create and strengthen.
MICAH HOFFMAN
So one of the coolest things that I've tried to do over the years is introduce the term OSINT to people that had never heard it. But we're doing some of the same things we did, whether it's penetration testers and offensive security, people doing recon, which is OSINT, or cyber defenders and cyber threat intelligence, people that are looking up adversaries and trying to figure out who's hacking them or attacking them, or that's all open source intelligence types of skills as well.
[music plays]
MATT ASHBURN
Welcome to Needlestack, the podcast for professional online research. I'm your host, Matt Ashburn.
JEFF PHILLIPS
And I'm your co host, Jeff Phillips. Today we're joined by Micah Hoffman, president of the OSINT Curious Project, and also a few other entities along the way. Micah, welcome to the show.
MICAH HOFFMAN
Thanks, Jeff. Thanks, Matt. I appreciate you having me on, of course.
MATT ASHBURN
And last season we actually had a colleague of yours join us on the show from the OSINT Curious Project to discuss the Dark Web. But for listeners who don't know, can you tell us a little bit about the OSINT Curious Project and the mission that you guys have?
MICAH HOFFMAN
Absolutely, and I appreciate the opportunity to to talk about it. The OSINT Curious Project was created back in 2019 as a response to some people that were sharing some open source intelligence blog posts and other things that were lacking analysis, lacking substance. And myself and five other people that were in the industry thought, hey, why don't we get together to create a solid, technically accurate source of information that people could trust within the OSINT world or the open source intelligence. World, a place where they could go learn things. Trust that there's good analysis, that we're really creating thought provoking content and where we're teaching them for free. So we created the project in 2019, blogged a bunch at OSINTcurio, us or OSINT Curious. And then we started doing videos. So we have these short ten minute videos where people can learn a skill, or we have some longer videos where we've done interviewed interviews with people in the OSINT world, people that use OSINT. And also we've done some live streams that range from very short to 3 hours long, where we explore OSINT topics, OSINT news and play the wonderful Geolocation game. Geogueser.com.
JEFF PHILLIPS
I've seen that game. I've watched a few of those videos. That is amazing what people are able to pull out of those photos and use their skills. It's fun to watch and see what again, see the tools and their skills. You mentioned the catalyst. You weren't seeing a lot of analysis going along with some of the OSINT, which is great. So then can you talk a little bit about who's utilizing it? Who do you see as the audience? Are there certain types of people? Are they all professional? Or who's in there watching this and learning?
MICAH HOFFMAN
Yeah. So the OSINT Curious is a project for everybody. Since all of our material and content is free. I frequently hear from people of really any different part of the world, from different geographic locations to different jobs to different points in their careers, from people that are just interested. And they heard the term OSINT. They had. No idea what it was learning from our blog posts. We also see some refers come to our website from university pages that might use some of our blog posts and some of their references. We have people in law enforcement around the world that may not have any budget for quality OSINT training, that use our tools and techniques, and blog posts that we've written to help them solve crime. And we have cyber and just everybody out there that I've talked to really enjoys OSINT Curious and what it's been and just all of the resources that it's done. One of the things that we do that it's not just pushing out data to people but also bringing them together is our OSINT Curious Discord, which we've had for several years now. And it's a wonderful place to come and to just watch what people are posting from around the world.
MICAH HOFFMAN
You can participate in the online chats if you want or you can just lurk and not do a darn thing and just learn from other people. It's a really neat place and low pressure, very professional ish type of place as well.
MATT ASHBURN
Yeah, that's great. And you mentioned also one of the great resources that you guys have, which is the Ten Minute Tricks and everything from how to geolocate a photo to conducting research on Snapchat. Is there a best place for people to start with those? Is there a particular flow that they should follow or just kind of go in and find things there?
MICAH HOFFMAN
Well, over the years we've tried to organize the videos and we actually have a document on our website. If you go to the Ten Minute Tips section, there's a Google Doc that one of our previous members created that's essentially an organization of what is the video, what is it about, what are you going to learn, and then a link to the video. And that's in the resources section of the ten minute tips pages. That's a great place to start out because if you're interested, Matt, in learning how to use Linux tools for open source intelligence, you type in the word Linux and then you get all these Python programs or other types of things that you might use to go ahead and learn. So I would say that's the best place, although everything that we have is all of our videos are over on YouTube. So if you go to our YouTube channel@youtube.com at OSINTcurious, you can just search in there and find all of our videos. And we've tried to put keywords and hashtags and stuff where appropriate and know people's name so that would be good. Or Google search.
JEFF PHILLIPS
That's excellent. We were talking earlier that you also developed a tool, micah called what's my name app. Can you tell us a little bit about that and how it helps OSINT researchers?
MICAH HOFFMAN
Absolutely. I love this tool. It's been a pet project of mine since 2015, or even before that. I used to do cybersecurity, and in cybersecurity, one of the things that I would do is web application penetration testing, so security testing of websites. And I always used to have to try to find certain information about the developers that made the application to research them. And so I started noticing that many applications like Twitter and Instagram and other social media, as well as other tools that we might use, having the URL like user names so like I'm Twitter, Combreacher, Instagram.com, Webreacher. And I thought, well, why can't we just specify one username and then just substitute in Twitter.com, Instagram.com and then look for the responses to see if there is an account or is not an account there. That's what what my name does, but it does it so fast in your browser and free. And so the application is called Whatsmyname app? That's app. And what happened was I made this great Python tool that very few people used. And then Chris Polter, the amazing Australian OSINT person that goes by OSINT Combine, he came along and said that's Python, let me make it webified.
MICAH HOFFMAN
And so he took that tool and made the Whatsmyname app site and has been hosting it ever since and did a great job. So that all people have to do is go to Whatsmyname app, type in the user names that they're interested, select the categories, and then their browser will reach out to over 600 different websites looking to see if that username is on those websites. And then they just have to figure out which of the positive responses are their targets.
JEFF PHILLIPS
That's amazing. And the efficiency that drives is awesome. So I encourage people to check that out.
MATT ASHBURN
Yeah, lots of good value there. One of the other things that I want to make sure we touch on, Mike, if we could. As a volunteer law enforcement officer myself, I'm interested in your work with the National Child Protection Task Force and wonder if you could talk a bit about that and how the OSINT skills that you've honed over the years can help to benefit law enforcement and help protect children.
MICAH HOFFMAN
Yeah, that's some really interesting work that I've been doing for months now. And I'm very happy and excited to be able to work with the Ncptf. They have a tremendous mission of helping people that are missing and exploited, whether they're children or adults. And they work very closely with international team of amazing law enforcement people to achieve their mission. So what Ncptf does is they have a collection of some free tools, some pay tools that have been donated, and then they have volunteers like myself, like I used to be, but now I'm an employee. They have people like me that come on and work cases that law enforcement either has an urgent need for, hey, this child has gone missing. We have no leads other than this, like a phone number or a user account or people that are being trafficked. And we might have a case that has some photos of a person that is abused or trafficked from years ago that we analyze and then we pull out details about where that picture was taken or with what type of camera and all. And then what we do is we take whatever we find using OSINT techniques, using social media tools, and give that back to law enforcement so that they can catch the people, find the missing people, or otherwise take their actions that they need to do.
MICAH HOFFMAN
So it's a wonderful support role for a very important job and a hard job that law enforcement has.
JEFF PHILLIPS
Wow, that's great stuff. And I had mentioned at the intro, besides OSINT Curious, and then now you mentioned Ncptf. There's a third area I know that our listeners will be interested in. If you could talk a little bit about your involvement at OSINT training and what kind of instruction does that provide and who that is targeted to.
MICAH HOFFMAN
You're hitting all my favorite topics here. Honestly, it's really a wonderful site for me. I had a course that I taught for another organization for years on Open Source Intelligence, and I found there were some limits in what I could teach and how I could teach it. So last year, right about this time, my OSINT training went live. And what I did was I put on there some recorded videos of me teaching some different types of material. And over the past year I've added more and more content and I've had some wonderfully talented people like Lizette Abercrombie, who goes by Tech Nazette Online, who's also an OS and Curious member griffin Glenn, who goes by Hatless Wonder, and some other people that are coming up this year making their own courses to be hosted on my OSINT training. So my OSINT training, what we have is recorded courses that should meet most people's needs if they're starting out in Open Source intelligence, if they're mid career, if they want to get into an area of OSINT that maybe they haven't ever delved into, we have recorded courses on that. And myself and Griffin, if anybody wants us to take some of those courses and go teach live, we do that as well.
MICAH HOFFMAN
So it provides us a great platform for giving some good quality training to the OSINT community.
JEFF PHILLIPS
If you don't mind, I'm sure there's it and I've seen it, there is lots of content. Can you highlight a few of the topics that are covered for people, spark their interest?
MICAH HOFFMAN
Oh, absolutely. So if you're just starting out in OSINT or you're somewhere in the middle of your career, we've got courses that scratch the surface or dive really deeply. For instance, we have courses on finding people. So doing research on email addresses, usernames phone numbers and addresses, introductions to social media. If you've never gotten onto a social media platform and really looked around as an OSINT investigator, we've got a class for you. Lizette Abercrombie, as I mentioned, has a whole bunch of classes on Facebook, and we're coming out with some more or she's coming out with some more later on this year on some other social media platforms. And then for the more technical people, one of the things that I've always heard is, hey, I really want to get into the python tools, but I don't know where to start. So we have some Python tools. I show how to set up a system to run Python, and then we go through several different tools, like Holy DNS, recon, and some other ones I'm sorry, holy DNS recon, and some others to really get used to. How do we download tools, run them, and use them for OSINT work?
MICAH HOFFMAN
And like I said, our repertoire of classes, we're just a year old now. We are continuing to add to it, and we'll be doing so in the coming year.
MATT ASHBURN
One thing you've touched on a couple of times here is some overlap between cybersecurity and OSINT. And I think if we can pull that thread a little bit there, are there some other trends that you've recognized over the years? Are there other similarities between the two?
MICAH HOFFMAN
Oh, absolutely, Matt. What I noticed back years ago was that people were using open source intelligence skills, but in other professions. I've told the story about when I used to work in an organization, and I worked closely with some recruiters trying to get those cybersecurity people that were really tough to find. I said, well, how do you do that? And she said, it was really funny. She kind of looked right. She looked left. She's like, all right, you can't tell anybody we do this. I'm like, oh, what's happening? And she's like, we use boolean queries. And she gave me a look and a nod. I'm like, what do you mean? She goes, okay, you go to Google, and you type in, quote, penetration space tester, quote or the or is the boolean or cybersecurity analyst. I'm like, oh, you're doing Google dorking. We've been doing that since 2000. They're like, no boolean searches. Okay. So one of the coolest things that I've tried to do over the years is introduced the term OSINT to people that had never heard it. But we're doing some of the same things we did, whether it's penetration testers and offensive security people doing recon, which is OSINT or cyber defenders and cyber threat intelligence people that are looking up adversaries and trying to figure out who's hacking them or attacking them.
MICAH HOFFMAN
That's all open source intelligence types of skills as well. So that's one of the things I've tried to really work on, is telling everybody, hey, you might not think you're using the same skills we are, but you are. Yeah.
MATT ASHBURN
I'm glad you mentioned that, because that's something in the day job at Authenticate. That's something that we face. Right. How do you reach the right audience with these things that could make use of the platform? And so I always say very few people think that they're doing OSINT, but everybody is. Some people may call it research, some people may call it an investigation, but in the end, it's all the same stuff for the most part. So I'm glad.
MICAH HOFFMAN
Yeah. I think the biggest difference that I found is that a lot of people use the skills, but OSINT, as open source intelligence, focuses on that final product. You might be using tools that can help out innocent cases or using techniques, but that OSINT is a more formalized process. But you're absolutely right. Whether you're looking into who you're dating or who your child is bringing home or who's taking care of your aging parent in a nursing facility, these types of looking up people, looking at businesses, looking up websites, it's all things that we do well.
JEFF PHILLIPS
Mike our audience ranges from the beginner to the expert in the federal space to the commercial. And you've already given a lot of great resources and tips, but that's something that we like to focus on in the show. Before we wrap up, are there any other tools or tips that you'd like to pass along to the audience?
MICAH HOFFMAN
Absolutely. So there's several things that I can think of. First off, my biggest reply to people when they say, well, how do I get started in the industry? Do I need to buy this book or watch this video? I suggest connecting with the community because the reality is, if you join a discord like the OSINT Curious Discord or some of the other ones that are out there, you're going to hear different perspectives. You're going to learn how people are solving geolocation challenges and other things from these other people. Instead of just coming to Micah or somebody else and saying, hey, how do you do it? You hear a lot of diverse ways of solving problems, and that is very important in OSINT. So join some kind of group. That's my number one. Number two, you got to know where the things are, where the resources are, where the tools are. For me, there's two places I like to go. One is my buddy Griffin's Start Me page and I'll share the link with you all. It's an amazing page that shows who some of the main players in OSINT are that you can follow or read their blogs, shows their blogs, has trainings capture the flags that are all OSINT focused resources and more.
MICAH HOFFMAN
And one of the problems that I found over the years is that we have a lot of OSINT focused start me pages. There's hundreds of them. And so you and I and junior people end up going from start me to start me, and it's confusing. So my second resource page is something that I created. It's called smart OSINT training. What I did was I created another tool that it essentially every night goes around to everybody's Start me pages and grabs all their links and then organizes it in a single tool. So if you want to look up something on Telegram, the social media platform, you can just go to smart. My OSINT training type in Telegram, and it shows you all of the places everybody else's start me had a resource for. And it also says, hey, it's on that start me or that start me. So it's a way of searching across all of those start me pages very efficiently and very quickly. I think those are my main things. Discord. Join a group and those resources.
MATT ASHBURN
Yeah, that's excellent. Well, Micah, thank you so much for joining us today. Really appreciate your time and the tips you've given us today and helping to educate our audience a bit more about the OSINT and all the trends and tools that are available out there. If you and the audience, by the way, liked what you heard, you can, of course, view transcripts and other episode info on our website at authentic8.com/ needlestack. That's authentic with the number eight .com/needlestack. Also, be sure to let us know what you thought of the show today. You can find us on Twitter @needlestackpod. And, of course, you can always like and subscribe wherever you're listening to us today. We'll be back next week with more OSINT research tips. We'll see you then. Bye.
