After writing the SEC497 Practical OSINT Course, I expected 2024 to be a bit of a downshift in a lot of ways. What wasn’t on my threat model was being asked to take over authorship of the SEC587 Advanced OSINT Course.
Most fields evolve slowly. Open-Source Intelligence (OSINT) isn’t one of them. Practitioners today face an environment shaped by rapid technological changes, geopolitical shifts, and increasingly sophisticated adversaries. If you’re not keeping up, you’re falling behind.
The SEC587 course has just been overhauled, and the updates are substantial. They’re not just cosmetic changes or a few new bullet points in the syllabus. They’re a response to the real-world challenges OSINT practitioners face, particularly those working in government and law enforcement. If you’re already operating in this space, you know the stakes: disinformation campaigns, global espionage, cryptocurrency trails, and even unexpected OSINT vectors like gaming platforms.
Let’s walk through what’s new:
The Geopolitical Front: Russian and Chinese OSINT
OSINT has always been about finding needles in haystacks. But the haystacks keep getting bigger, and the needles keep getting sharper. Nowhere is this more evident than in the context of Russia and China.
The updated SEC587 discusses Russian OSINT methods as we dive into tools like Russian facial recognition platforms and techniques for uncovering ties between Russian entities and U.S. businesses along with accompanying labs.
China presents a different kind of challenge. While Russia floods the information space, China guards its own tightly. Accessing Chinese platforms is getting harder, and you can’t always rely on the obvious tools like VPNs. The course now includes strategies for navigating these barriers—like acquiring +86 phone numbers and accessing restricted Chinese sites.
AI, Steganography, and Gaming: OSINT’s New Frontiers
One of the most exciting updates is the expanded focus on emerging technologies. AI, for instance, is no longer just a buzzword. It’s becoming a core tool in OSINT investigations. Consider audio analysis. With the right techniques, you can determine not only who’s speaking but also identify individual speakers across recordings. The course builds on foundational concepts from SEC497 but takes them much further, introducing techniques like speaker diarization. And it’s not just theory—you’ll do a lab where you apply these methods step-by-step.
Then there’s steganography. If you’re not familiar with it, steganography is the art of hiding messages in plain sight—like embedding a file within an image. It’s not new, but it’s still being used for covert communication. The updated SEC587 includes new detection methods, making this section critical if you’re dealing with adversaries who operate in the shadows.
And then there’s gaming. That’s right—gaming. Platforms like Discord are no longer just for gamers. They’re digital meeting places, and they’re increasingly relevant to OSINT investigations. The course includes a practical lab on how to analyze Discord activity, giving you yet another tool for your OSINT toolbox.
Cryptocurrency and Wireless OSINT: The Modern Battlefield
Cryptocurrencies are a critical focus for some OSINT practitioners, especially in cases involving state-sponsored actors like North Korea. SEC587 tackles this head-on, teaching you how to trace blockchain transactions. If you’ve ever looked at a blockchain explorer and wondered how to connect the dots, this section will be invaluable.
Wireless technologies add another layer of complexity. Drones, for example, are no longer just toys. They’re tools for surveillance—and sometimes for unauthorized activities. The updated course includes a lab on detecting drone activity. You’ll work with real-world examples, like analyzing signals from DJI drones.
These updates reflect a broader trend: OSINT isn’t confined to a single medium or platform. It spans everything from the blockchain to the skies. And if you want to keep up, you need to understand all these dimensions.
Core Skills for Advanced Practitioners
While the new content is exciting, it’s worth mentioning that SEC587 hasn’t abandoned its core focus. The updates build on a foundation of skills that advanced practitioners rely on every day.
Python, for instance, remains a major part of the course. There’s a full day dedicated to Python scripting, which can transform your OSINT workflows. If you’re not automating at least some of your OSINT processes, you’re missing out on huge efficiencies. Similarly, advanced enumeration techniques—like identifying infrastructure that others miss—remain a key focus. And yes, getting into password protected files is still here too.
Why These Updates Matter
If you’re wondering why these updates are significant, the answer is simple: the world doesn’t wait. The techniques that worked five years ago won’t necessarily work today. And the adversaries you’re up against—whether they’re state actors, criminal organizations, or something in between—are constantly evolving.
And if you’re curious to learn more, I’m doing a webcast on January 16. It’s a chance to dive deeper into the updates and ask questions directly.
