Learn about the top 10 free OSINT resources for junior SOC analysts. Discover tools for threat detection, incident investigation, and cybersecurity analysis to enhance your organization's defense capabilities.

In the digital age, organizations across the globe are increasingly concerned with the security of their networks and data. Among the critical aspects of modern cybersecurity is Open Source Intelligence (OSINT), which entails collecting information from publicly available sources for use in a security context. A proper OSINT tool can assist in the detection of potential threats, the investigation of incidents, and the improvement of overall security posture. Below are the top 10 free OSINT resources ideal for junior Security Operations Center (SOC) analysts.

Shodan (https://www.shodan.io/): Shodan is a search engine for internet-connected devices, which can be used to find information about servers, routers, webcams, and more.
VirusTotal (https://www.virustotal.com/): VirusTotal is a service that analyzes files and URLs for viruses, worms, trojans, and other malicious content detected by antivirus engines and website scanners.
Have I Been Pwned (https://haveibeenpwned.com/): This site allows you to check if an email address has been compromised in a data breach.
Censys (https://censys.io/): Censys is a platform that helps information security practitioners discover, monitor, and analyze devices accessible on the internet.
Google Dorks (https://www.exploit-db.com/google-hacking-database): A collection of Google search queries to identify vulnerabilities, find servers, and discover sensitive data.
OSINT Framework (https://osintframework.com/): This tool is a collection of OSINT resources, categorized and sorted for easy navigation, covering a variety of information types and sources.
PublicWWW (https://publicwww.com/): PublicWWW allows you to search the source code of millions of websites, which can help identify sites with similar code, structure, or elements.
AlienVault OTX (https://otx.alienvault.com/): AlienVault OTX (Open Threat Exchange) is a crowd-sourced threat intelligence platform where security professionals and enthusiasts can share, research, and collaborate on emerging threats.
Whois Lookup (https://whois.domaintools.com/): Whois Lookup provides a way to determine who owns a particular domain name, including information such as the owner's name, contact details, and when the domain was registered.
Intelx.io (https://intelx.io/): Intelx.io is a cybersecurity search engine and data archive, providing access to various datasets, including the dark web, domain registrants, and more.

As we conclude, these top-tier OSINT resources provide a powerful gateway for detecting and investigating cyber threats and proactive cyber defence measures. Since they are free of charge, they are an excellent opportunity for budding SOC analysts to hone their skills and expand their arsenal of security tools. A proactive approach to cybersecurity is necessary in the current digital landscape, and these resources are an integral part of that strategy. Knowledge is power; mastering these tools will enable you to stay ahead of the ever-evolving threat landscape, granting your organization a crucial edge in security.

Keywords: #CyberSecurity #OSINT #SOC #SecurityAnalysis #ThreatDetection #IncidentResponse #DataBreach #VirusTotal #Shodan #HaveIBeenPwned #Censys #GoogleDorks #OSINTFramework #PublicWWW #AlienVaultOTX #WhoisLookup #Intelxio #ThreatIntelligence #InternetSafety #CyberDefence #InfoSec #DigitalSecurity #CyberThreats #OpenSourceIntelligence #DataSecurity #NetworkSecurity #IoTSecurity #MalwareDetection #DomainLookup #CyberRisk

OSINT - Fake ID Generator (information and even pictures)

February 9, 2021GeneralEdward Kiledjian

If you. are performing Open Source Intelligence (OSINT) or Signals Intelligence (SigInt), you may need to generate fake identification information.

The information in this article is being provided for educational purposes only. Don’t do anything illegal.

Fake Name Generator

This site generates believable fake identities with name, address, Date of birth, telephone number and much more. If you need a “complete” fake identity then this free site may be useful.

Screen Shot 2021-02-06 at 8.25.24 PM.png

Data Fake Generator also performs the same function.

Screen Shot 2021-02-06 at 8.27.02 PM.png

Fake IMEI

The International Mobile Equipment Identity (IMEI) number is a unique identification number that all mobile phones and smartphones have. If you need a fake one, this simple page may be useful. You click on generate and it creates a new one for you.

Screen Shot 2021-02-06 at 8.29.14 PM.png

Elf Wrin’s lair

This is a classic site that can generate a ton of useful fake information such as:

complete fake ID
credit card
Social Security Number
car license plate

Although the information is fake, all of the information will pass the generic algorithmic checkers.

Screen Shot 2021-02-06 at 8.34.41 PM.png

PIC/CIC Database

The site describes its usefulness as follows:

“Many PIC and CIC codes can be manually dialed before placing a long distance call by dialing 101 followed by the PIC/CIC code. This forces your call to be carried by that PIC/CIC code's carrier instead of your normal long distance carrier.”

This is a more niche service and will only be useful to a very small group of readers.

Screen Shot 2021-02-06 at 8.37.57 PM.png

Fake photo generator

There may be times when you need to create a fake profile (dating site, social media, etc) and this site will generate an AI (Generative Adversarial Network) created picture for you. Simply refresh the page to get a new image. If you like the image, save it as it may never come back. Also double check the entire image to make sure there aren’t any weird artifacts.

Screen Shot 2021-02-06 at 8.41.49 PM.png

OSINT - Disposable contact sites

February 6, 2021GeneralEdward Kiledjian

The purpose of this blog article is to share some useful sites that will allow you to create temporary contact mechanisms for OSINT, SIGINT or other cyber activities.

This is not an exhaustive list and I am simply listing these here to help you. This listing should not be considered a personal endorsement by me. Do your own research ;-)

Disposable email

10 minute email offers a quick way to receive email with an email address that disappears in 10 minutes. This free service can be useful if a site requires registration with email verification but you don’t want to give away your real email address and this is a one time use activity.

Screen Shot 2021-02-06 at 7.46.28 PM.png

Email forwarding service

There may be times where you want to protect your email address but need to regularly receive emails from an untrusted source or from a service you need to hide from. This is here AnonAddy comes in. They have a free plan for casual use and paid plans if you need a bit more functionality,

If you are technically inclined an require additional security or privacy, the service is based on an open source project so you can host this solution yourself as well.

Screen Shot 2021-02-06 at 7.50.43 PM.png

Send faxes anonymously for free

FaxZero is a fax service that allows you to send faxes for free. They do require that you click on an email confirmation link before they process your fax. Hence why I listed the other email services above. FaxZero does offer a paid service if you need priority faxing of higher volumes. The best recommendation is to use the free service during times when you believe they should be less busy therefore your faxes will go our sooner. In my testing (over 3 months), 95% of all my faxes (with the free fax service) were sent within 20 minutes.

Screen Shot 2021-02-06 at 7.54.38 PM.png

Send a Free anonymous text message (SMS)

Globfone is a free web based service that allows you to send SMS messages to almost any smartphone on any network anywhere in the world. it is anonymous and does not require a registration. It adds a small ad at the end of your SMS that reads “/try Globfone”.

The other services listed on their site seem much less reliable but the SMS one has worked every time.

Screen Shot 2021-02-06 at 8.00.26 PM.png

Receive SMS messages

There may be times when you need a temporary disposable inbound SMS number. This is where SMStoMe shines. It is a free service and requires no registration to use. Remember that inbound numbers are shared. Numbers are refreshed every 30 days and are capable of receiving SMS messages from any network in the world.

Screen Shot 2021-02-06 at 8.08.16 PM.png

Free WIFI cellphone number

There are many free WIFI calling and SMS services out there but the one I have found to be the most reliable is TextNow. You can buy an add free service with number protection for about $40 a year but the basic service (that should meet your OSINT needs) is free.

Screen Shot 2021-02-06 at 8.12.49 PM.png

If you live in the USA, your info is probably on this site and how to delete it

October 1, 2020GeneralEdward Kiledjian

There are lots of “less than reputable” websites that scrape the web for your information and then make it cheaply available to anyone willing to spend money.

I recently found a website that has a ton of information about many Americans including address, telephone number and even some relationship information.

Once you enter your name and state, it will show you a list of possible “victims”. You choose your listing and prepare to be astounded by the amount of information they have about you.

Now that your are properly terrorized, here is how to remove your information from Cyber BackGRound Check

Go here: https://www.cyberbackgroundchecks.com/removal
Agree to the conditions and enter his email address
Complete the CAPTCHA and then click “Start Removal Process.”
Find your records and click the Remove My Record button at the top of the page (must be on the details page of your profile to do this)
Check your email for the removal confirmation note and click the enclosed link
48-72 hours later, your information should be removed from the site

Top 10 Free OSINT Resources for Budding SOC Analysts