OSINT for Incident Response (Part 2)

A blog-format OSINT/IR case study describing how investigators used external metadata, certificate searches, and leaked-index results to uncover multiple cloned banking login portals and related infrastructure targeting customers of a fictional bank (FFSI); investigators found live phishing sites, a visit_log.txt containing victim IPs/user-agents, and recurring Let’s Encrypt certificate patterns, enabling identification of indicators and ongoing monitoring of the campaign.