Open Source Intelligence (OSINT) is a powerful tool for gathering and analyzing publicly available information, but how do you use it effectively in the field? In their book, Open Source Intelligence (OSINT) – A Practical Introduction, Dr. Varin Khera and Dr. Anand R. Prasad provide a hands-on guide designed as a field manual for professionals looking to apply OSINT techniques in real-world scenarios. In this interview, the authors discuss the evolving landscape of OSINT, the critical mindset needed for effective intelligence gathering, and how their book serves as a go-to resource for both beginners and experienced practitioners.

What inspired you to write Open Source Intelligence – A Practical Introduction, and what did you hope to achieve with the book?
Varin: When I look at OSINT—open-source intelligence—I see that there are already so many books on the topic. But having worked extensively in this field, I wanted to create something different. My goal was to take what I’ve learned from real-world exercises and practical applications and put it into a book that professionals can directly apply to their own work. This book introduces key topics like online tracking, privacy best practices, and practical OSINT techniques. It’s designed to be a hands-on guide, providing a structured approach to conducting OSINT investigations effectively. My hope is that this book will be valuable not just for intelligence professionals and those working in OSINT, but also for university students researching the field. Many students have reached out to me looking for practical ways to conduct OSINT, and rather than having to search for everything on their own, this book serves as a go-to field manual.

Can you give us a brief introduction to OSINT and how the field has evolved over the years? What significant changes or trends have you seen in recent times?
Varin: If you look at OSINT today, it has evolved significantly. In the past, people would manually search the web and think that was OSINT. But now, much of OSINT is automated. We’re seeing a shift toward AI-driven automation, with tools like SpiderFoot, Shodan, and others I mention in the book playing a major role. Most OSINT work today is conducted using these automated tools. Of course, traditional methods like Google Dorking are still used, but they have become more limited. The integration of AI and machine learning is now a major trend, particularly in commercial OSINT tools, where AI helps detect patterns, anomalies, and even provides predictive analysis. We’re also seeing OSINT increasingly used in cybersecurity—especially in threat intelligence. Organizations now leverage OSINT to assess attack surfaces, monitor threat actors, and even analyze their own networks for vulnerabilities. At the same time, regulatory concerns are becoming more significant. Many countries now have personal data protection laws, raising the question: Is your OSINT legal? The legality of collecting certain types of information depends on specific jurisdictions, making compliance a key consideration. Beyond cybersecurity, OSINT is expanding into new fields like marketing, finance, and risk assessment. Companies are using OSINT to evaluate competitors, conduct financial risk assessments, and gain deeper insights into market trends. It’s no longer just about reconnaissance or threat intelligence—it’s becoming a versatile tool across industries. That’s where OSINT stands today and where I see it evolving in the future.

What are some of the key challenges individuals and organizations face when collecting and analyzing open-source intelligence?
Varin: When it comes to OSINT collection, the challenges go beyond just ethical considerations. One major issue is data overload. There’s an overwhelming amount of information available, and a lot of it is noise. Verifying data accuracy is crucial—anyone can conduct OSINT, but how do you determine whether the information is real? For example, when analyzing social media OSINT, you have to ask: Is this data bot-generated? Is it from a fake account? Then, of course, there’s the ethical and legal aspect. Regulations like GDPR, CCPA, and Thailand’s PDPA impose restrictions on how certain data can be collected. That’s why in the book, we dedicate Chapter 12 to discussing data privacy, legal considerations, and regulatory compliance. While we can’t cover everything, the key takeaway is that OSINT is a powerful tool—but you need to be aware of what you’re collecting and whether it’s legally permissible. Another growing challenge is encrypted data. More and more information is becoming encrypted, limiting access. So what do you do? You face tool limitations, automation constraints, and evolving barriers in data collection. Beyond that, there are geopolitical and linguistic challenges. OSINT isn’t just about collecting data—it’s about understanding the context behind it. Language barriers, cultural nuances, and geopolitical factors all play a role in how information is interpreted and used. These are just some of the key challenges individuals and organizations face when collecting and analyzing OSINT today.

What are some ethical considerations in asset collection, data collection, and its usage?
Varin: When discussing ethical considerations, the key concerns revolve around privacy, data protection, legality, and misinformation. The first and most important aspect is privacy and data protection. Regulations differ across countries, and it’s crucial to respect individual privacy while avoiding any intrusion into people’s lives. Laws such as GDPR, CCPA, and other regional frameworks define what is legally permissible, but beyond legality, organizations must also consider ethical boundaries. Another concern is the legality versus ethical dilemmas in OSINT. For instance, if you’re searching a database to track illegal activities, is that legally allowed? Even if it is, does it cross an ethical line? Organizations and analysts must navigate these grey areas carefully. Then there’s the issue of false positives and misinformation. If OSINT is used to collect data about an individual or entity and that information turns out to be inaccurate or misleading, it can have serious consequences. Misidentification or reliance on incorrect data can lead to reputational damage, wrongful accusations, or even legal repercussions. Ultimately, while OSINT is a valuable tool, its ethical use depends on balancing privacy, legality, and accuracy to ensure responsible data collection and analysis.

Could you explain some of the most important tools and techniques used, and how can they benefit organisations and, specifically, the cybersecurity field?
Varin: OK, so the first category of tools is search and reconnaissance. These allow you to search for publicly available information on the web. One of the most important techniques here is Google Dorking, which involves using advanced queries to refine searches within Google. Another key tool is Shodan. As I mentioned earlier, Shodan helps map an organization’s attack surface by identifying what’s exposed online. It can detect what operating systems and servers are running and match them to known vulnerabilities using Common Platform Enumerations (CPEs). Then, we have tools like the Harvester, which collects email addresses, subdomains, and metadata from public sources. There are many search and reconnaissance tools like this, and I outline several in the book—where I discuss how to conduct effective searches. Another major category is social media and people intelligence (sometimes referred to as SOCMINT). While I don’t go into this in detail in the book, this involves using specialized tools to search for users across social media platforms. Many commercial OSINT tools used by investigative authorities focus on this kind of intelligence gathering. We also have the dark web and cyber threat intelligence tools. These include Onion search engines, OnionSearch, and platforms like AdapTracer and Cybercrime Tracker, which help detect malware campaigns. Again, I cover many of these tools in the book when discussing the dark web and social media monitoring. A fourth category is domain and IP intelligence. Tools like Whois and DNSdumpster help analyze domain ownership, IP addresses, and network infrastructure. Finally, there’s image intelligence and geospatial analysis. While I’ve only recently started using this myself, it’s a growing field that involves tools like Google Earth for tracking physical locations and movements. While this isn’t strictly cybersecurity-focused, it has applications in investigations and intelligence gathering. Now, how do these tools benefit organizations, particularly in cybersecurity? First, they help detect vulnerabilities and assess an organization’s attack surface—essentially understanding what information is publicly accessible and exploitable. They’re also useful for corporate security, fraud prevention, and insider threat detection. Threat intelligence is another major use case. Organizations and law enforcement agencies use OSINT to track cyber threats and gain insights into potential attack vectors. In fact, many of the more advanced OSINT tools are specifically designed for law enforcement. Another growing area is reputation and brand protection. Organizations use OSINT to monitor for brand misuse, impersonation, or threats to high-profile individuals. So, in a nutshell, these tools play a crucial role in cybersecurity, intelligence gathering, and broader investigative work. Hopefully, that gives a good overview of their importance.

What are some common misconceptions about OSINT?
Varin: One of the biggest misconceptions is that OSINT is just Google. People assume that if they know how to use Google, they know OSINT. That’s not true. OSINT isn’t just about typing something into a search bar. As I mentioned in the previous question, there are many specialized tools beyond Google, including search and reconnaissance tools, social media intelligence tools, and dark web monitoring tools. Yes, Google Dorking—using advanced search queries—is one part of OSINT, but it’s only a small component of a much broader field. Another misconception is that OSINT is only for hackers, law enforcement, or intelligence agencies. That’s not the case at all. OSINT is widely used in cybersecurity—security teams rely on it for penetration testing, threat intelligence, and attack surface mapping. If you’re conducting a security assessment, OSINT helps you gather valuable information about your target. And it’s not just cybersecurity professionals using OSINT. Why wouldn’t HR teams use it? They can leverage OSINT to verify candidate information. Businesses can use it for brand protection, fraud prevention, and competitive analysis. There are many different use cases beyond just hacking or law enforcement. So, the two biggest misconceptions I see are: first, that OSINT is just Google, and second, that it’s only for hackers. In reality, OSINT is a powerful approach used across many industries for a variety of purposes.

What role do you think OSINT will play in tackling the increasing sophistication of cyber threats and cybercrime?
Varin: So, if you look at this, OSINT is already playing a crucial role in cyber intelligence. It’s being used for early threat detection, phishing and brand protection, and attack surface monitoring. When we talk about threat intelligence, we’re really talking about understanding what the threat is and where it’s coming from—and OSINT is a key part of that process. One major way OSINT helps is by identifying leaked data. Sometimes an organization doesn’t even realize its data has been exposed, but OSINT techniques can uncover leaked information on the dark web. It’s also used to track exploit kits as they emerge, helping cybersecurity teams stay ahead of new threats. Another area where OSINT is invaluable is ransomware tracking. By monitoring ransomware activity on the dark web, we can gain insights into active campaigns, malware developments, and breach exposure risks. OSINT also plays a role in attribution and cybercrime investigations, helping analysts trace cybercriminal activity. More broadly, OSINT is expanding beyond just finding information about individuals—it’s increasingly used for system-based threat intelligence. Attack surface monitoring, breach detection, and phishing domain tracking are all becoming more sophisticated. For example, in my own team, we use OSINT to detect leaked credentials and phishing domains. Often, this requires piecing together information from multiple sources, including dark web discussions where attackers might be planning their next move. With cyber threats becoming more advanced, OSINT’s role will only continue to grow. It’s not just an optional tool—it’s becoming a fundamental part of cybersecurity defence strategies.

What advice would you give to individuals or organizations looking to enhance their OSINT capabilities, especially those new to the field?
Varin: OSINT is already playing a critical role in cyber intelligence, and its importance is only increasing. Organizations are using it for early threat detection, phishing and brand protection, and attack surface monitoring. When we talk about threat intelligence, we’re essentially talking about understanding threats—where they originate, how they evolve, and how to counter them. One major application of OSINT is identifying exposed data. Often, organizations don’t realize their sensitive information has been leaked until it surfaces on the dark web. OSINT helps detect these leaks, along with newly emerging exploit kits. This is particularly useful in tracking ransomware activity—monitoring discussions on the dark web can reveal planned attacks, malware campaigns, and breach exposure risks. Beyond cybersecurity, OSINT is expanding rapidly. It’s no longer just about gathering information on individuals; it now plays a major role in mapping system vulnerabilities and understanding attack surfaces. Cyber threat intelligence is a broad and evolving field, and OSINT is becoming an essential component of it. For example, in my team, we use OSINT to detect leaked credentials and phishing domains. When tracking credentials, you often need to search across multiple platforms, including underground forums and dark web marketplaces. Sometimes, discussions reveal that threat actors are actively planning attacks on specific organizations. OSINT helps us stay ahead of these threats, and it’s something we rely on daily in our company.
Anand: And maybe just to conclude on what Varin was saying—purely from a security perspective, if you’re new to OSINT, I’d highlight a few key points for clarity. First, from a security standpoint, it’s crucial to understand what threat intelligence is—its role, its utilization, and its overall benefits for security. OSINT can be applied in penetration testing, security operations, and various security functions, whether it’s managing firewalls or other defences. Once you have that foundation, you can move into open-source intelligence (OSINT) specifically for security purposes. And, as mentioned earlier, it’s important to understand how to conduct OSINT properly—each step from data collection to its actual utilization. You also need to be aware of the legal requirements to ensure everything is done correctly. And as Varin pointed out, there’s also a mindset aspect to OSINT. Having the right approach and thinking critically about the information you gather is just as important as the technical process itself.

What’s the key takeaway you want readers to get from this book?
Varin: I think the most important thing about this book is that it’s a field manual—something people can pick up and immediately apply in real-world scenarios. Of course, when I wrote it, I included a selection of tools, but I know I didn’t cover everything. OSINT techniques and tools are constantly evolving. For example, I don’t think I mentioned Google Maps, but now it’s being used for tracking in new ways. The key takeaway is understanding which tools are right for the job, how to apply them effectively, and, most importantly, developing a critical mindset. This book serves as a go-to guide, but I hope readers will use it as a foundation to expand their knowledge and explore new tools as the field grows.