Glossário OSINT

A breach corpus is a publicly disclosed dataset of credentials, identifiers, or records exposed in a documented security incident.

Doxxing is the deliberate public release of someone's personal information (name, address, phone, employer) with intent to harass or harm.

'Doxing' and 'doxxing' are spellings for the same concept: the malicious public release of someone's personal information. The double-x spelling emerged in the 2010s.

EXIF (Exchangeable Image File Format) is a metadata standard embedded in photo files that captures camera settings, GPS location, timestamp, and software used.

Have I Been Pwned (HIBP) is the most authoritative public breach-search service, maintained by Troy Hunt since 2013, allowing free checks of whether your email or password appears in any disclosed data breach.

K-anonymity is a data-privacy protocol where queries are batched with k-1 other indistinguishable records, ensuring the specific query value cannot be identified by the server.

KYC (Know Your Customer) is the regulatory practice of verifying customer identity, occupation, and source of funds at onboarding — required in financial services, gambling, and high-risk industries.

OSINT is the discipline of collecting and analyzing publicly available information to produce actionable intelligence.

Reverse email lookup is searching from an email address to find the owner, linked accounts, breach history and related online presence.

Reverse image search uses an image as the query to find every place that image (or visually similar images) appears online.

Reverse phone lookup is the practice of searching from a phone number to identify its owner, carrier, region, or other context.

Sanctions screening is the practice of checking whether an individual, entity, or wallet appears on government-imposed restriction lists (OFAC, EU, UN, UK FCA) before doing business with them.

SOCMINT (Social Media Intelligence) is the subset of OSINT focused on collecting and analyzing publicly available information from social media platforms.

Threat intelligence (CTI = Cyber Threat Intelligence) is curated, contextualized information about active or emerging cyber threats — used by security teams to prevent, detect, and respond to attacks.

WHOIS is the protocol and database for querying domain registration information — who registered a domain, when, and through which registrar.