Section 1 Introduction to Open Source Intelligence

Finding Location, Phone Number + More From a Photo 1 Course Introduction 2 What is OSINT? 3

Section 2 Search Engines OSINT

Introduction to Search Engines OSINT 4

Section 3 Search Engine OSINT – Google Search Operators

Discovering Sensitive Information About People 5 Discovering Social Media Profiles / Accounts 6 Discovering PDF Documents Associated with Targets 7 Find Hidden Search Results 8 Find Cameras & More with GHDB 9 Enhancing Google Searches with AI 10

Section 4 Search Engine OSINT – Bing Search Operators

Discovering Additional Information & Online Accounts Using Bing 11 Beyond Google: Finding Hidden Information 12

Section 5 Alternative Search Engines

Find More with Special Yandex Operators 13 Expanding Results with Alternative Search Tools 14 Course Note 15

Section 6 Database Breaches & Leaks

Introduction to Database Breaches & Leaks 16 Understanding the Difference Between Breached & Leaked Databases 17 Finding Relevant Breach / Leak Databases 18 Finding Emails, Passwords & More 19 Finding Addresses, Phone Numbers & More 20

Section 7 Downloading Leak / Breach Databases

Setting Up an Isolated Virtual Environment 21 Installing Needed Software to Manage Leaked Databases 22 Downloading & Accessing Leaked Facebook Data 23 Downloading & Accessing Leaked Twitter Data 24 Downloading & Accessing Leaked LinkedIn Data 25 Downloading & Accessing Leaked Snapchat Data 26 Finding Leaked Databases on the Internet 27 Recap 28

Section 8 Sock Puppet Identities

Introduction to Sock Puppet Accounts in OSINT 29 Creating an Untraceable Covert Account 30 How to Keep Your Covert Account Safe & Active 31

Section 9 Social Media Intelligence (SOCMINT)

Introduction to Social Media OSINT (SOCMINT) 32

Section 10 Facebook OSINT

Extracting Valuable Information from a Facebook Profile 33 Extracting User ID, Facebook Friends & More 34 Uncovering Emails and More from Facebook Profiles 35 Finding Comments / Tags of a Facebook Account 36 Facebook OSINT Recap 37

Section 11 Instagram OSINT

Extracting the User ID of an Instagram Account 38 Extracting Timestamps from Posts and Comments 39 Uncovering Comments of Private Instagram Accounts 40 Extracting Hidden Information from Instagram Metadata 41 Scraping Instagram Followers 42 Downloading Instagram Posts 43

Section 12 Creating an OSINT Virtual Machine

Installing Trace Labs OSINT VM 44 OSINT VM Overview 45 The Terminal & Linux Commands 46 Install Essential OSINT Tools 47 Automatically Download Instagram Profiles 48 Undetectable Instagram Info Extraction 49

Section 13 Twitter / X OSINT

Extracting X / Twitter User IDs 50 Recovering Deleted Tweets and Timestamps 51 Leveraging Search Operators to Find Specific Tweets 52 Discovering Tweets Posted from a Specific Location 53 Twitter OSINT Recap 54

Section 14 LinkedIn OSINT

Discovering and Analysing LinkedIn Profiles 55 Finding Hidden Names & Extracting Post Timestamps 56 Finding LinkedIn Profile Member IDs 57

Section 15 Other Social Media OSINT

Snapchat OSINT – Downloading Stories & Extracting Metadata 58 TikTok OSINT – Downloading Videos, Extracting Timestamps, Metadata & More 59

Section 16 Username OSINT

Introduction to Username OSINT 60 Tracking a Username Using Advanced Search Techniques 61 Finding Hidden Profiles with Reverse Username Lookup 62 Finding Linked Accounts Across the Web 63 Finding Passwords & Other Breached / Leaked Data Connected to a Username 64 Discovering Additional Online Accounts Automatically 65 Recap 66

Section 17 People OSINT

Introduction to People OSINT 67 Finding the Geographic Origins of a Name 68 Find Personal Details Using Advanced Search Techniques 69 Discovering Social Media Accounts Linked to a Person 70 Discovering Phone Numbers, Addresses, DOB, and More 71 Uncover Political Party Affiliations 72 Finding Partners and Maiden Names in Registries 73 Recap 74

Section 18 Email OSINT – Finding Email Addresses

Introduction to Email OSINT 75 Uncovering Emails from Social / Online Accounts 76 Finding Emails Using Advanced Search Techniques 77 Uncovering Emails Linked to Usernames 78 Creating and Verifying Possible Email Addresses 79 Uncovering Emails with Browser Tools 80 Finding Business Email Addresses 81 Discovering Emails within Data Breaches / Leaks 82 Extracting Emails from GitHub Accounts 83 Recap 84

Section 19 Email OSINT – Email Address Intelligence

Tracking the Identity Behind an Email Address 85 Leveraging Password Resets to Validate Email Addresses 86 Investigating an Email Address for Red Flags 87 Uncovering Websites & Accounts Linked to an Email Address 88 Discovering More Websites Linked to an Email Address 89 Gmail OSINT – Discovering Phone Numbers, Reviews, Addresses & More 90 Identifying Data Leaks Linked to an Email Address 91 Discovering LinkedIn Profiles Linked to an Email 92 Leveraging Usernames and Emails to Discover Additional Information 93

Section 20 Phone Number OSINT – Discovering Phone Numbers

Introduction to Phone Number OSINT 94 Tracking a Phone Number Across Online Platforms 95 Uncovering Phone Numbers Linked to LinkedIn Accounts 96 Discovering Sensitive Details Linked to a Phone Number 97 Finding Phone Numbers in Leaked Databases 98 Recap 99

Section 21 Phone Number OSINT – Deep Analysis

Uncovering Detailed Phone Number Information 100 Revealing Sensitive Information Using Advanced Search Techniques 101 Uncovering the Identity Behind a Phone Number 102 Finding the Caller ID in the US 103 Uncovering Accounts Registered with a Phone Number 104 Discovering Leaked Information Linked to a Phone Number 105 Deep Phone Number Scanning & Footprinting 106 Recap 107

Section 22 Image OSINT

Introduction to Image OSINT 108 Gathering Profile Images for OSINT Investigations 109

Section 23 Image OSINT – Reverse Image Search

Tracking Images Using Google 110 Discovering Location of an Image 111 Discovering Similar Pictures / Images on the Internet 112 Expanding the Search with Specialized Image Engines 113

Section 24 Image OSINT – Facial Recognition

Track Online Presence / Profiles Using a Photo 114

Section 25 Image OSINT – Geolocation

Using AI to Identify an Image Location 115 Discovering Image Location Using Search Engines 116 Extracting Location, Device Info & More from Images 117

Section 26 Maps OSINT

Introduction to Maps OSINT 118 Uncovering Key Details About Any Location 119 Viewing Satellite Imagery from Different Angles 120 Extracting Key Insights from Eastern Europe Maps 121 Using Apple Maps without an Apple Device 122 Investigating Places with Street-Level Imagery 123 Geo-Locating Images Using OpenStreetMap (OSM) 124 Extract Additional Information Using Google Earth 125

Section 27 Website OSINT

Introduction to Website OSINT 126 Discovering Website Owners & Hidden Contact Details 127 Identifying Technologies Used in a Website 128 Discovering Subdomains 129 Extracting Information from DNS Records 130 Uncovering Websites under the Same Ownership 131 Tracking a Website's Changes and Updates 132 Advanced Website Investigation Techniques 133 Discovering Subdomains (Advanced) 134 Investigating WordPress Websites 135 Automating OSINT Investigations 136

Section 28 Advanced OSINT Techniques

Advanced Investigation Methodologies 137

Section 29 Reporting

Cleaning and Structuring Notes 138 Reviewing Collected Information & Relationships 139 Creating an OSINT Relationship Map 140 Structuring Open-Source Investigations 141 Writing a Professional OSINT Report 142 Breaking Down a Real-World OSINT Case Report 143

Section 30 Course Exam

OSINT Exam / Bonus Lecture – What's Next? 144

Understanding the Difference Between Breached & Leaked Databases

12 min Lesson 17 Database Breaches & Leaks

LESSON 17

Lesson 17: Data Leaks vs. Data Breaches and Legality

The first thing to cover in this section is the difference between a data leak and a data breach.

Data Leak

A data leak is an unintentional exposure of sensitive data. This could happen through various avenues, like:

Sending confidential information to the wrong recipient
Overlooked vulnerabilities, such as a misconfigured server or unprotected databases

People could take advantage of these exposures to download data from a server. Importantly, no one has intentionally compromised a secure server and stolen anything — the data was already being leaked.

Data Breach

A data breach is the opposite: an intentional unauthorized access to sensitive information. A cyber criminal would:

Hack a company and download its database
Sell it or release it to the public

To do this, the hacker exploits security vulnerabilities in a server. A data leak is unintentional, while a data breach is hacking a protected database without permission — which is obviously illegal.

Legality of Downloading and Accessing Leaked or Breached Databases

Normally, when you download a leaked or breached database, you might find an email address and password. As an OSINT investigator, penetration tester, journalist, etc., you are not allowed to use the person's password to log in to their account because you do not have permission.

If the data is publicly available, possessing it should not be a problem, as leaked or breached databases are already out there for free. They are used by:

Security researchers and penetration testers for good (e.g., to protect companies from cyber criminals)
Cyber criminals for malicious purposes (e.g., logging into accounts, changing passwords, or posting unauthorized content)

Important disclaimer: I'm not a lawyer. I highly recommend consulting a lawyer in your country to confirm legality. If working in a company, also check internal policies on downloading or possessing such databases.