1、confidential do not distributeKeeping it simple-Monitoringconfidential do not distributeTwo types of OSINT investigationsEntity EnumerationI have an entity(person,building,organization)and I want to know as much about them as possibleGenerally immediate results and feedbackWorkflows are(often)reprod
2、uceable,and the same tricks work over and over againGenerally,has some final point,i.e.Youve found what youre looking for or have a mostly complete profile builtMonitoringI want to sit back and wait for a person,organization,conversation to say something I care aboutVery rarely(sometimes never)immed
3、iate results and delayed feedbackSome similar workflows,but oftentimes you may find yourself going to wildly different places to track the conversationFinal point is vague.Depending on the investigation,you may continue to listen as long as time and resources allowconfidential do not distributeWhy i
4、s monitoring difficult?Communities seem to speak a foreign language(or sometimes literally speak a foreign language)They are on places on the internet you never visit(and arent even aware of)Hard to tell if your monitor is correct(and almost never is the first time)Noise,noise,noise,noise,noise,nois
5、eCan be a nightmare to do manually(many tools exist to automate)So.much.noiseconfidential do not distributeBest practices:#1 Start out by keeping it focusedToo often,people will begin their monitoring workflow with overly common words,and give up when they get nothing but noise“Im trying to monitor
6、a riot,so Ill put riot in as a keyword”Quiet Riot(70s English band famous for“Cum on feel the noise”Riot Games(American Video game publisher responsible for“League of Legends”and“Valorant”)Riot platforms(Bitcoin mining and digital infrastructure)Riot punch(Everclear,or other liquors,mixed with Kool-