Best OSINT Accounts to Follow on X (Twitter) in 2026
The 25 X accounts that professional OSINT analysts actually follow — practitioners, investigative journalism orgs, threat intelligence researchers, and training resources.
In the OSINT community, social media moves fast. New tools pop up, techniques change, and investigations unfold in real-time.
The right X accounts cut through the noise.
This list isn't exhaustive; it covers the top accounts professional analysts, corporate investigators, and threat intel teams actually use. They'll keep you in the loop.
OSINT Practitioners & Researchers
@IntelTechniques — Michael Bazzell
A former FBI agent and author of the seminal Open Source Intelligence Techniques, Bazzell now dedicates himself to IntelTechniques.com and the OSIP certification. His feed is low-volume, high-signal, with custom search tools, workflow breakdowns, and content on privacy as discipline. For serious methodology, this is your primary reference.
@dutch_osintguy — Nico Dekens
With over 20 years in Dutch law enforcement intelligence and as a SANS instructor, Dekens brings hands-on tool demos, social media investigation techniques, and a unique law enforcement and corporate investigator perspective. One of the most credentialed practitioners on the platform.
@Sector035
As a Dutch OSINT researcher and creator of the widely read Week in OSINT, Sector035 excels at curating tool roundups, technique write-ups, and geolocation challenges. Although primary activity has shifted to Mastodon, the X account remains active.
@jakecreps — Jake Creps
Creps is an OSINT analyst, tool developer, and author of The OSINT Newsletter on Substack. He posts innovative methods, new tool capabilities, and methodological essays, offering uncommon analytical depth by considering technique implications rather than just tool links.
@hatless1der — Joe Gray
Author of Practical Social Engineering, Gray combines social engineering methodology with OSINT tradecraft, a crossover most accounts skip. Useful for corporate investigators dealing with insider threats or fraud.
@RituOSINT — Ritu Gill
With 17+ years as an intelligence analyst, starting at the RCMP, Gill co-founded Forensic OSINT and runs the Friday Five newsletter. She offers a rare combination of institutional law enforcement background with active practitioner work, particularly relevant for investigators bridging the law enforcement and corporate investigation divide.
Investigative Journalism & Open Source Investigation
@bellingcat
This Amsterdam-based investigative nonprofit defined modern open-source investigation methodology, known for the Skripal poisoning attribution, MH17 investigation, and extensive Russia-Ukraine conflict documentation. Posts include published investigations, methodology articles, toolkit updates, and training announcements. Every professional analyst should understand Bellingcat's methodology - it's the benchmark.
@AricToler — Aric Toler
As Director of Research and Training at Bellingcat, Toler combines institutional credibility with accessible methodology explanations, making him excellent for learning the craft.
@Strickbenj — Benjamin Strick
A former BBC Africa Eye investigative journalist, Strick specializes in geolocation and imagery analysis, with credentialed work on conflict zone atrocities documentation. He posts step-by-step geolocation reasoning, imagery analysis breakdowns, and conflict documentation methodology, showing the work, not just the conclusions.
@OCCRP
The Organized Crime and Corruption Reporting Project is a global network of investigative journalists covering financial crime, corruption, and organized crime, maintaining the Aleph data platform. For corporate and financial investigators, OCCRP is essential, as their investigations regularly surface beneficial ownership, shell company, and offshore finance data.
@ICAIJorg — ICIJ
The International Consortium of Investigative Journalists coordinated the Panama Papers, Pandora Papers, and FinCEN Files, maintaining the publicly accessible Offshore Leaks database. Relevant for investigators tracing corporate structures, beneficial ownership, and offshore finance.
@ForensicArchi — Forensic Architecture
This research agency applies architectural and investigative methodology to human rights documentation, pushing the frontier of what OSINT can establish legally and analytically. Relevant to investigators working where imagery, event reconstruction, and legal accountability intersect.
Threat Intelligence & Cybersecurity OSINT
@GossiTheDog — Kevin Beaumont
A security researcher and former Microsoft employee, Beaumont is among the fastest and most accurate voices on major CVEs and active exploits. Corporate security teams monitor this account for real-time vulnerability analysis.
@vxunderground
The largest publicly accessible malware sample repository, vxunderground publishes malware history, threat actor communications, and technical analysis. This provides unmatched visibility into the threat actor ecosystem, essential for tracking ransomware groups, APTs, or cybercrime operations.
@TheDFIRReport — The DFIR Report
An anonymous team of incident responders publishes detailed threat actor intrusion reports, including TTPs, IOCs, and full kill chain documentation from real cases. This is the most operationally useful threat intelligence on X, with each report serving as a free incident response case study.
@sans_isc — SANS Internet Storm Center
The SANS Institute's 24/7 threat monitoring service provides daily handler diaries, honeypot data, active scanning trends, and anomaly alerts. This offers real-time threat data from a globally respected institution.
@Bank_Security
A pseudonymous researcher focused on financial sector threats, dark web intelligence, and banking malware, Bank_Security offers a rare combination of technical and financial sector expertise.
Geolocation & Imagery Analysis
@Osinttechnical
An independent researcher known for active, verified geolocation work during the Russia-Ukraine conflict, Osinttechnical posts satellite imagery analysis, conflict zone geolocation, and equipment identification. One of the most active practitioners doing live, verified geolocation on current events.
@CalibreObscura — Calibre Obscura
Specializing in arms and weapons tracking, Calibre Obscura uses OSINT to document weapons proliferation, particularly in conflict zones. Posts include weapons identification from imagery, arms trafficking documentation, and export control violations.
Training & Community
@OSINTCurious — OSINT Curious Project
A collective of OSINT practitioners, OSINTCurious runs webcasts that have introduced thousands of analysts to the field. Posts include webcast announcements, technique spotlights, and community challenges, serving as the primary entry point for the community.
@TraceLabs
A nonprofit using OSINT to locate missing persons, TraceLabs runs "Search Party" CTF events where competitors use OSINT to find real missing people, in partnership with law enforcement. This is the best hands-on OSINT training context on X, with CTF participation being the most practical way to develop investigative skills.
@TCMSecurity — TCM Security
A training company offering OSINT Fundamentals and the PORP certification, TCM Security posts practical methodology, course content, and certification guidance. This provides a solid credential path for analysts who need structured professional development.
@OSINTDojo — OSINT Dojo
A training-focused account running structured challenges and tutorials, OSINTDojo posts hands-on exercises and technique walkthroughs from beginner to intermediate level. Useful for team training and onboarding new analysts.
OSINT Newsletters Worth Subscribing To
Good X provides a real-time feed. Newsletters summarize developments weekly. They serve complementary purposes.
| Newsletter | Author | Frequency | Link |
|---|---|---|---|
| Week in OSINT | Sector035 | Weekly | medium.com/week-in-osint |
| The OSINT Newsletter | Jake Creps | Twice monthly | osintnewsletter.com |
| The OSINT Insider | Team | Weekly | osintinsider.com |
| The Friday Five | Ritu Gill | Weekly | Via @RituOSINT |
| OSINT Updates | Independent | Regular | osintupdates.com |
A Note on Platform Fragmentation
The OSINT community's online presence has shifted since 2022. Many practitioners now focus on Mastodon, Bluesky, or LinkedIn.
Mastodon's infosec.exchange instance and Bluesky's OSINT starter packs offer valuable resources. They complement what's still available on X.
Follower counts here are estimates. They change often, use them as rough guides.
Last updated April 2024.
See also: What Is OSINT?, Social Media OSINT Guide, OSINT Training Resources.
Related Guides
Reddit OSINT: Investigating Users, Communities, and Deleted Content
Reddit OSINT combines native Reddit review, archive-based recovery, and behavioral analysis to investigate users, subreddits, and deleted discussions. Its real value is not just finding old posts, but building a structured timeline of visible activity, recovered content, moderation patterns, and identity clues without overstating what third-party archives can prove.
Social Media OSINT by Platform: A Practical Investigation Guide
Platform-by-platform guide to OSINT investigation on social media — techniques, tools, and search methods for Twitter/X, Instagram, Facebook, LinkedIn, TikTok, Telegram, and Reddit.
Last updated 2026-04-02. Techniques and tools change — verify current capabilities with vendors directly.