Articles, guides and updates.
Long-form pieces, tool reviews and operational notes. Every article declares its type, risk level and update cadence.
- total
- 23
- featured
- 2
- source
- lab.v_articles_base
Editor-picked.
Passive First: When Public Web Research Should Stay Narrow
A practical argument for staying narrow and passive as long as possible in public web research, before broader or more interaction-heavy methods start adding noise.
BuiltWith vs urlscan: Stack Hints vs Observed Page Behavior
BuiltWith and urlscan both help with public web research, but one is better for technology profiling while the other is better for seeing how a page actually behaves when loaded.
All articles · 23.
How to Use Sanctions and Risk Lists Without Overreading Them
Sanctions and risk datasets can be useful, but they are easy to misread. Here is a practical way to use them without collapsing adjacency into certainty.
A Practical Method for Domain and Infrastructure Recon
A practical framework for reading domains, certificates, DNS history, stack hints, and broader internet-facing context without turning infrastructure research into noise.
OpenCorporates vs Aleph: Which One Fits Which Research Job?
OpenCorporates and Aleph are both useful for company research, but they solve different problems. One is better for legal identity, the other for documentary context.
crt.sh vs SecurityTrails vs Censys: Three Different Ways to Read Infrastructure
crt.sh, SecurityTrails, and Censys all help with infrastructure research, but they answer different questions and belong at different points in the workflow.
Start Here: How to Use an OSINT Tool Catalog Without Getting Lost
A practical introduction to navigating an OSINT tool catalog without falling into random tool-hopping, weak assumptions, or unnecessary complexity.
A Responsible Method for Company Research with Public Sources
A practical framework for researching companies through public records, sanctions data, and document-led sources without turning the process into noise or overreach.
Wayback Machine vs SingleFile vs ArchiveBox: Which Preservation Tool Fits Which Job?
Three very different approaches to preservation: public web history, local page capture, and self-hosted archiving. Here is how to choose the right one for the job.
Building a Lightweight Evidence Capture Workflow
A practical workflow for capturing, preserving, and packaging public web evidence without overengineering the process or losing track of what matters.
Getting Started with Public Surface Analysis
A beginner-friendly walkthrough of what you can responsibly learn from a public URL.
What Security Headers Actually Tell You
Security headers are not magic. Here is what they do, what they don't, and how to read them.
SPF, DKIM and DMARC: What They Reveal and What They Don't
Email authentication records are not silver bullets. Here is how to interpret them responsibly.
SpiderFoot vs Maltego: Breadth, Structure and Workflow Maturity
SpiderFoot and Maltego both expand investigations, but one leans toward broad automated collection while the other shines when structured relationship analysis matters more than raw breadth.
Hunchly vs ArchiveBox: Evidence Packaging vs Archive Ownership
Hunchly and ArchiveBox both support preservation, but one is built around investigative evidence packaging while the other is better understood as self-hosted archive infrastructure.
TinEye vs Forensically vs ExifTool: Three Different Jobs in Image Verification
Reverse image search, image forensics, and metadata extraction are not interchangeable. Here is how TinEye, Forensically, and ExifTool fit different verification jobs.
VirusTotal vs OTX: Context, Detections and When to Use Each
VirusTotal and AlienVault OTX are often used for similar purposes, but one is stronger for detections and artifact context, while the other is stronger for shared intelligence and pulse-style signal enrichment.
Choosing Between Manual, Semi-Automated and Automated OSINT Workflows
Not every investigation benefits from more automation. Here is how to choose between manual, semi-automated, and automated workflows without losing context or control.
How to Read a Redirect Chain Like a Technical Analyst
HTTP redirects encode decisions, configurations and occasionally mistakes. Here is how to decode them.
Why Robots.txt, Sitemaps and Metadata Still Matter
These files are often overlooked. Here is why they are worth auditing and how they shape discoverability.
What a Tech-Stack Fingerprint Can and Cannot Tell You
Fingerprinting is useful, but limited. Here is how to interpret findings responsibly.
A Responsible Method for Reconnaissance on Public Web Surfaces
Reconnaissance is not inherently malicious. Here is how to do it ethically, legally and systematically.
How to Turn Weak Signals into Better Questions
OSINT is not about finding smoking guns. It is about asking better questions.