My first post on Substack
Hello! My name is Soxoj. The exact phonetic transcription is [sɐk’sɔɪ].
I am an OSINT enthusiast with a background in cybersecurity and software development. I’m investigating different things since 2015: started with a hobby, but realized OSINT as a lifestyle.
Here in Substack, I will write about my projects and thoughts. Do I have something to say? Year, certainly! I am an author of OSINT tools & guides; creator of the "OSINT mindset" community: meetups, podcasts, and investigations; and just a guy, who wants to share his experience and vision. 🙂
For the first time, I will tell you a few important topics.
At one fine moment, I was disappointed in the lack of good enough for me tools for checking the presence of accounts with a certain username on social media and other sites (namecheckers).
I wrote an article with a comparison of existing tools and thoughts about good and bad aspects, and also added my vision of future abilities. I love making tools for information gathering and processing, so the next step was the creation of a “good enough” tool, and I called it Maigret (phonetic transcription [mɛɡʁɛ]).
In parallel, I was working on a universal tool for extracting information about a user from profile webpages and saving it in a machine-readable format. Combining these tools allow getting a powerful all-in-one (or very close!) method for gathering basic information about an owner of a username, and pivoting in other ways for investigation.
What is Maigret now? Currently, it supports more than 3000 sites, the default search is launched against 500 popular sites. It checks Tor sites, I2P sites, and domains (via DNS resolving), can do a recursive search by new usernames and other identifiers found, support tags as site categories and countries... And many more interesting things, see the project page.
Must not forget to say thanks to all the contributors and users of Maigret! And special thanks to the OSINT FR community, @navlys_ and @palenath, for the support.
Of course, I have more interesting OSINT tools to show, but not this time about it. Next time!
2. OSINT mindset
I started making some public notes about OSINT and investigations in 2020, in the Telegram-channel OSINT mindset. Always it was more a hobby rather than an everyday constant activity. But through time I realized a big request from auditory for various content, from tutorials and educational videos to places for communication about applications of OSINT in different professional directions.
A couple of words about an OSINT mindset as a concept. The article by Dutch OSINT guy got me hooked, and I decided to manifest the mission of my channel as “spreading of knowledge about open sources, analytical thinking, ways of do logical and transparent conclusions about happening around you”.
Now OSINT mindset is much more than just a channel with 12K subscribers. I prepared and read OSINT 101 courses for students and professional, and realized the real need for knowledge in these fields. That’s why I started monthly meetups, looking at the model of Defcon events (forgot to say that also I have involvement with the DC7495 community). Very different enthusiasts are coming to speak about his work and research: corporate security, threat intelligence, geolocation, and investigations. Talks records with subtitles you can find here. With some of the speakers I making podcasts with interesting persons from the community, look here.
Thus, our community has grown very rapidly. Last November our core community members created a forum of OSINT investigations in Telegram. We are regularly posting OSINT quizzes there, both in the classic GEOINT format you could see on Twitter and in the experimental format of exotic OSINT tasks. There are a hall of fame, educational content, lots of writeups, and the ability to flood in a separate chat. 😅
Our last update: public wiki with links to all community resources.
To sum up: the goal of the OSINT mindset is to grow a mature community of conscious professionals that develop OSINT to the next level.
Not only skills in the search and analysis of information are valuable, but also the ability to defend against a search. I began with some tips & tricks I’ve got from building personal protection based on my personal threat model. People asked me from time to time what they can do to protect themself against threats (especially after last year’s events), so I have immersed myself in this topic.
To my surprise, in general, people don’t understand how to define and prioritize personal threats and to think about adequate protection. Usually, in an anonymity in high focus in a privacy educational content, while it is very difficult to achieve and not always necessary. A good example is The Hitchhiker’s Guide to Online Anonymity, a very unvaluable guide, but mostly its topics are very hard to cover and implement for people.
So I start to make talks and articles about this, and the most famous one is the Counter-OSINT guide on GitHub. My goal was to make a simple explanation of privacy and OSINT risks, that you can show your grandma, and that she can use in her everyday life. I’ve already started to translate it into English, btw.
Of course, it’s not the only topic I want to cover, some of them you can check the playlist of my talks on YouTube.
I am deeply sure that knowledge dissemination in the areas of OSINT and Counter-OSINT should be pumped. So, I will do this as much as I can!
Thanks for reading Soxoj’s Substack! Subscribe for free to receive new posts and support my work.