top of page


The first step a malicious hacker takes after they decide to attack an organization is to gather intelligence and analyze the publicly available/legally collectible data from free sources as well as the dark web. The wealth of readily available information from social media and numerous other sources (metadata extracted from images, news/media, blogs, business journals, census data, corporate records, wikis, closed dark-web chat rooms), can inform the bad actors of everything they need to know to infiltrate an organization.  Their patient and stealthy reconnaissance of the target entity will narrow down the potential weaknesses and vulnerabilities in an organization’s digital defenses, and these are the spots where a hacker focuses their strikes.

Did you know that almost all of the information on the internet cannot be found using major search engines?  The so-called “deep web” or “dark web” is a massive collection of websites, databases, files, and more that cannot be indexed by Google, Bing, Yahoo, or any other search engine for that matter.  Although difficult (and dangerous) to access without the right tools and experience, much of the content of the deep web is considered open source because it’s published and available to the public. 

Crafted Eye_edited.jpg

We can vet your best candidates for sensitive or high-security positions.

As a part of RedPenSec’s proprietary cybersecurity advisory services, conducting an OSINT background check as part of your pre-employment testing can reveal risks and deficiencies that a standard background check would not show.  These deep-dive screening investigations are especially valuable when looking to fill high-level positions with the best possible candidates.  Our analysis will uncover any controversial or inappropriate social media/blog posts, videos, pictures, chats/forum comments, or news stories that could harm the status or reputation of your organization if they came to light only after the candidate was hired.   


We can find and aggregate the sensitive information that an attacker would

learn and use as leverage in a social engineering or phishing attack.

Allow our cybersecurity intelligence analysts to build you a confidential OSINT report with the information you need to shrink your organization’s threat surface. Our OSINT Investigation Results Report will: 

  • Identify potential vulnerabilities which can be easily exploited

  • Discover accidental leaks of sensitive information, (through social media, etc.)

  • Aggregate the publicly (and not-so-publicly) available data into actionable information to increase your defensive posture

  • Locate information about individuals and organizations that can be used to inform social engineering campaigns via phishing, vishing, and smishing

  • Recognize which new vulnerabilities are being actively exploited and/or intercept cyber-chatter about an upcoming attack

  • Discover impactful data breaches and potential external threats

  • Provide valuable insight about your organization’s digital footprint and attack surface

  • Help you better understand vendors, business partners, and potential employees before you invest in them

We hold the industry’s most elite and comprehensive cyber-investigations certification and are skilled in the most advanced and state-of-the-art methodologies to identify, investigate, and resolve the most complex cybercrimes.  

RedPenSec’s board-certified specialists in Open Source Intelligence (C|OSINT) have the real-world knowledge, skills, and tools that are utilized by law enforcement, military intelligence, and private investigators, to help conduct their investigations.  We also hold the industry’s most elite and comprehensive cyber-investigations certification, McAfee’s Certified Expert in Cyber Investigations (CECI) which encompasses numerous specialties including Counterintelligence Threat Analysis, Organized Retail Crime, eCommerce Fraud Investigations, Social Media Intelligence Analyst, and Certified Forensic HiTech Investigator.  

Our certified OSINT specialists will find the

vulnerabilities that publicly available information

exposes about you and your organization 

Information is power and being well informed with data, facts, current events,

and market conditions are paramount to effective decision-making. Whether looking to make sound business investments, investigate new markets, negotiate a good deal with a vendor, gain a competitive edge, or avoid a cyberattack, data breach, or ransomware, cyber threat intelligence should be an integral consideration as it can provide your organization with insights and actionable data it can use to protect its’ financial interests, reputation, and customer base.

A complimentary conversation with an expert from our OSINT team 

will provide valuable insight into the options that may best fit your needs.



“It is always a pleasure to deal with Crafted Compliance. They understand emerging technologies, the ever-evolving landscape of regulations and standards, and no project has too big or too small for them to expertly engage and assist us.  Their bespoke approach to holistic cyber-health has made our security processes and operations more efficient overall and their team has become a trusted part of ours.”


Digital Technology & Design Firm – IS Project Manager

bottom of page