National Cyber Warfare Foundation (NCWF)

Welcome back, aspiring hackers! Who truly earns the money? Who owns the business? Who is responsible for criminal activities or questionable operations? These are the crucial questions that journalists and OSINT investigators grapple with today. Sometimes, the answers are straightforward and clear. But more often they’re not. This guide will introduce you to the core […]

The post OSINT for Business: Getting Started Using Open-Source Techniques for Business first appeared on Hackers Arise.

Welcome back, aspiring hackers!

Who truly earns the money? Who owns the business? Who is responsible for criminal activities or questionable operations?

These are the crucial questions that journalists and OSINT investigators grapple with today. Sometimes, the answers are straightforward and clear. But more often they’re not.

This guide will introduce you to the core concepts of business OSINT and walk you through practical steps to begin your investigations — from gathering fundamental registration data to leveraging advanced tools for monitoring online activity and supply chains.

Core Concepts of Business OSINT:

Multidisciplinary Nature
Business OSINT is a complex investigative process that requires a variety of skills. These may include analyzing websites, reviewing social media platforms, collecting personal or corporate information, locating relevant documentation, and more. The specific techniques used will depend on the objectives of the investigation.

Clear Objectives Are Crucial
The scope and duration of an OSINT investigation can vary significantly depending on the size and complexity of the target company. Therefore, it is essential to define clear, focused goals from the outset. A well-defined objective ensures efficiency and increases the likelihood of producing actionable results.

Data Management and Structuring
Business OSINT often involves working with large volumes of data. It is critical to organize and structure this information effectively. Proper structuring allows you to confidently present findings, support conclusions with evidence, and clearly justify decisions based on the intelligence gathered.

Step 1: Registration Data

The investigation of any organization always begins with the collection of registration data. This is essential for the accurate identification of the entity. Depending on the jurisdiction, the set of available data may vary, but the core elements are usually the same. In most cases, this information can be obtained from open public registries, which are available in nearly every country.

In addition to registry data, it is crucial to verify all details using search engines, as this can often reveal additional context or insights not captured in official records.

1.1 Company Name

A name alone is rarely sufficient for identification. Multiple companies can share the same or very similar names but be entirely unrelated. Conversely, it’s common for individuals to reuse or slightly modify existing names when registering new entities—adding a word, a number, or changing the spelling slightly.

For this reason, always search the company name both with quotation marks (for exact match results) and without quotation marks (to allow the search engine to offer variations and related results). This dual approach helps uncover different mentions and possible links.

1.2 Numerical Identifiers

Every organization has one or more unique numerical identifiers. For sole proprietors, this is usually a personal tax number. For legal entities, this might include a registration number from the corporate registry and a tax identification number (TIN).

These identifiers are unique and non-repeatable, making them highly reliable for precise identification. Always search these numbers using exact match queries. This serves two purposes:

You can immediately access records from different public databases, each of which may provide varying levels of detail.

If the entity is mentioned elsewhere online (in media, forums, reports), it is much easier to locate using its unique number than relying on potentially inconsistent name references.

1.3 Founders

Founders are the individuals or legal entities that initially established the company. Their names can also be found in public registries. However, it’s important to keep in mind that founder information may change over time, so historical data is valuable for understanding ownership changes.

1.4 Company Officers

These are the individuals who hold executive roles and are responsible for the daily management of the company. Most often, this includes the CEO or director, their deputies, and the chief accountant. In certain types of organizations, you may also encounter more specialized roles, such as chief engineers or compliance officers.

In some registries, you may come across a field called “authorized person.” This usually refers to the director or accountant, but it could also be someone with a power of attorney to act on behalf of the company—for example, for filing tax reports.

1.5 Registered Address

The registered address is the official location of the company as listed in government records. However, this does not necessarily mean that the company actually operates from that address. While it might, you should always verify this detail.

Step 2: Analyze the Company’s Website

In most cases, a company’s website serves as a primary channel of communication with customers, partners, and the general public. For OSINT specialists, it can be a valuable source of open information.

Rather than simply recommending a general review of the website—which should already be standard practice—this section focuses on a more targeted approach: monitoring specific changes on the site that may be relevant to your investigation.

For example, pay close attention to:

Contact information updates (new phone numbers, email addresses, or office locations)

Changes on the career or job listings page (indicating hiring trends, new departments, or expansion)

Updates to legal documents, such as terms of service or privacy policies

New partnership announcements, press releases, or product launches

These small changes can offer meaningful clues about the company’s operations, plans, or internal shifts.

To track such changes efficiently over time, consider using tools like:

Wachete – Monitors website content, including dynamic and password-protected pages

Visualping – Alerts you when visual or textual changes occur on specific web pages

These tools allow you to automate monitoring, saving time and increasing the chances of catching important updates.

Step 2.1: Analyze the Company’s GitHub or GitLab

Another valuable source of information is the company’s public code repositories, such as those on GitHub or GitLab. These platforms are often used by developers to store code, documentation, and internal tools—and sometimes, unintentionally, even sensitive data.

Look out for:

API keys and access tokens

Internal project names or infrastructure details

References to third-party services or tools

Email addresses of developers

To automate this process and monitor repositories for sensitive information, you can use specialized tools like:

GitMonitor – Scans repositories for security leaks and misconfigurations

GitGuardian – Detects exposed secrets such as credentials, keys, and sensitive files in real time

Step 2.2: Analyze the Company’s Developer Activity

Understanding the technologies a company uses provides valuable insight into its digital infrastructure, development maturity, and even its overall business model. The first step is to identify the technology stack behind the company’s website or web applications, including backend and frontend components, frameworks, and content management systems. Tools like BuiltWith and Wappalyzer can help uncover details such as the web servers and hosting providers, programming languages and frameworks in use, as well as analytics and marketing tools integrated into the site.

Additionally, if you can identify individual developers linked to the company—through sources like GitHub profiles—you can explore their public activity. This includes their contributions to open-source projects, areas of technical specialization, and activity timelines, which may highlight periods of increased hiring or inactivity.

By combining this information, you gain a clearer picture of the development team’s focus areas, the possibility of outsourced developers or agencies, and even emerging products or features that are currently in progress.

Once the technology stack is identified, the next step is to gather more detailed information about the server setup and infrastructure. This includes detecting:

SSL/TLS configuration

Content Management System (CMS)

Content Delivery Network (CDN) usage

Hosting providers

Open ports and exposed services

To perform this analysis, you can use Shodan or Censys.

Companies—especially tech-oriented ones—often share technical insights or ask for help on public platforms. These interactions can reveal internal challenges, technology choices, and even team structure.

Focus on platforms like:

Stack Overflow – Developers may post questions related to internal projects or technologies.

Dev.to – Blog-style posts by engineers, sometimes from company accounts or personal profiles.

Reddit – Tech-related subreddits often include company discussions, announcements, or insider comments.

Habr – A Russian-speaking tech community where companies and developers publish in-depth technical articles.

Use search queries combining the company name, domain, or known developer usernames to track relevant activity.

Step 3: Reconstruct the Supply Chain

Understanding a company’s supply chain is a critical component of OSINT analysis. It reveals how the company operates, where its dependencies lie, and—most importantly—where its weak points may exist.

By identifying key suppliers, partners, or contractors, you can:

Discover potential points of entry for attacks or influence operations

Better understand the company’s business model

Map third-party risks, which are often less protected than the primary target

In many cases, the weakest link in the supply chain can provide the easiest path to valuable information or system access.

How to Identify Suppliers

One effective method is to search for public contracts or legal documents that mention suppliers or partners. The availability of this information varies by country, depending on transparency laws and the structure of government registries.

Let’s consider Russia as an example. Here are two key resources:

Zakupki.gov.ru – The official federal procurement portal. It publishes government tenders, contract winners, and supplier data. If the target company supplies goods or services to public institutions, you’ll likely find contracts, pricing, and delivery details here.

Kad.arbitr.ru – The Russian Arbitration Court Case Database. If the target company has been involved in legal disputes (e.g., with suppliers or clients), this platform provides access to case records. These documents often contain:
- Contractual relationships
- Disagreements or breaches
- Names of counterparties
- Contact details and financial claims

In some cases, personal information about executives or involved parties may also appear in court documentation.

ImportGenius is an example of a platform that enables the analysis of international trade and supply contracts within the context of foreign economic activity. It aggregates and organizes import/export records, allowing you to identify a company’s overseas suppliers, shipping volumes, trade routes, and product categories.

In addition to supply chain data and contracts, there are several other valuable sources of information that can provide deeper insights into a company’s activities and strategic focus.

Patent Registries

One such source is patent databases, which can reveal the company’s research interests, technological capabilities, and innovation strategy. For example, in the case of Russia, you can use:

FIPS.ru – The official website of the Federal Institute of Industrial Property. It provides access to patent filings, trademarks, and utility models registered in Russia.

By analyzing patent data, you can:

Identify the company’s R&D priorities

Detect emerging technologies or products under development

Discover names of inventors and affiliated entities

Hackathons and Innovation Events

Another less obvious, but highly useful source of information is the company’s participation in hackathons, startup competitions, and innovation challenges. These events often reflect the company’s future areas of interest and investment.

Why is this relevant?

Companies usually sponsor or participate in events related to technologies or problems they aim to solve.

Public event materials may reveal key employees, partner companies, or experimental projects.

It’s also a way to identify strategic priorities before they’re visible in products or services.

Keep an eye on platforms and sites where such activities are announced or covered, such as:

Company blogs and news sections

Tech event platforms

Social media profiles (LinkedIn, Twitter)

Specialized innovation portals

Summary

In this article, we briefly covered some core concepts and methods for conducting business OSINT. While this is just an introduction, it provides enough foundation for you to begin your own investigations and build deeper knowledge over time. OSINT is a skill that improves with practice and real-world application.

To continue learning and sharpening your investigative abilities, be sure to explore our OSINT Investigator Bundle.