Search
Research articles, podcast episodes, and the framework · esc to close
Privacy & Security Research
Independent research on OSINT defense and digital privacy, home of the OSINT Defense & Security Framework
Every sophisticated campaign begins with reconnaissance. Adversaries assemble fragments of public data (profiles, posts, records, metadata) into a roadmap for targeting organizations and the people inside them. PsySecure researches how that exposure forms, and how to systematically take it away.
Reconnaissance is the first step of the kill chain. What can be found will eventually be used.
See yourself as the adversary does. Defensive OSINT maps your exposure before someone else does.
Smaller, well-managed footprints offer fewer opportunities for exploitation than any alert ever will.
The open OSINT risk management framework: five focus areas and 163 controls that treat what attackers can learn from public information as managed attack surface. Category-level orientation to NIST CSF 2.0, and openly licensed under CC BY 4.0.
Minimizing the public exposure of sensitive information about the organization and its people: what surfaces in search results, social platforms, and public databases.
Hardening the human element against attacks that weaponize OSINT: awareness built on real reconnaissance, and verification protocols for sensitive requests.
Controlling the technical attack surface discoverable through OSINT tooling: visible infrastructure, service enumeration, and technology stack details.
Safeguards for high-profile individuals facing elevated targeting and personal risk: account and recovery hardening, SIM-swap protection, consent-scoped household exposure, and travel and calendar exposure.
Ongoing surveillance of public data for emerging threats and leaks: breach exposure, leaked credentials, and the capability to respond rapidly.
