how to deal with massive information? recommend several high-quality open source intelligence analysis sources

Posted by millikan at 2020-04-04

In today's information society, whether you are a security researcher, an enterprise manager or an intelligence worker, you need to do a lot of intelligence collection and processing work.

The official account of members of the red letter raindrop team in the daily intelligence operation often obtains some websites or public numbers which have been analyzed for open source intelligence, which facilitates the rapid intelligence processing, and can get the opinions of the operators on intelligence, and judge the value of the emotional quotations, so as to decide whether to conduct deep tracking and analysis.

Therefore, in order to expand the dimension of security analysis and facilitate other intelligence analysts in daily intelligence processing and analysis, we recommend the website and official account that will conduct two processing of intelligence for reference.

Open source intelligence analysis website

Bleeping computer is a foreign computer security site focusing on technology research. It mainly studies viruses, ransomware and malware in the Internet, and publishes security information and evaluation data reports in the Internet through professional technical analysis.

As can be seen from the figure below, the site responds very quickly to intelligence information processing, and will take materials from the discoverer of intelligence source or researchers of security company, and it is also the intelligence source of most websites in China.  



ZDNet is a technology news website, gathering global influence and local depth, providing all-weather news coverage and analysis of important trends, technologies and opportunities for IT professionals and decision makers.

Its subordinate ZDNet security channel has the characteristics of combining current events for analysis, so it will be more comprehensive and thorough. Similarly, the reporter of the website will interview the intelligence discoverer.



Hacker News (thn) is a leading, reliable and widely recognized special network security news platform, attracting more than 8 million readers every month, including IT professionals, researchers, hackers, technical experts and enthusiasts.

Hacker News provides the latest network security news, in-depth reports on the current and future trends of infosec and how they shape the network world.  


Techcrunch, an American technology blog, mainly reports on emerging Internet companies, reviews new Internet products and releases major breaking news. Techcrunch has become a major blog media focusing on the Internet and entrepreneurship. It is the vane of the Internet industry in the United States. Its content has almost become an investment reference for VC and industry investors.

Therefore, the column about network security in its blog will involve some information about potential security risks of Companies in all walks of life, with a wide range of dimensions.


It is worth mentioning that the source channel of data leakage of the website is extensive.

Official account of open source intelligence analysis

Freebuf, the leading new Internet Security media in China, is also a community for fans to exchange and share security technology. Share industry information, technical analysis, research report, security meeting and other hot contents for the first time.

As the old security new media, it will attract a large number of security analysts to analyze and deal with some information, write articles and publish them, which are not lack of amazing articles.

Long press scan QR code below to focus on

It is worth mentioning that freebuf recently launched a high-quality content sharing platform focusing on enterprise security, which is also suitable for small partners working in Party A's enterprise to collect intelligence and predict risks in advance.


Watch snow Institute (BBS. Pediy. Com), the official wechat public account of the old security forum, watch snow is a developer community focusing on PC, mobile, intelligent device security research and reverse engineering, in which there are some security analysts' posts for information processing every day.


Threatpage Global Threat Intelligence, through the release of cyberspace security situation, provides the latest cyberspace Threat Intelligence, and the intelligence data collected mainly focus on apt attack technology posture, loopholes, tools, samples, tactical methods and traceability tracking methods, as well as international and domestic Threat Intelligence.

Bloggers have strong experience, unique opinions on each intelligence, and great help in the daily preliminary screening of intelligence.  

Blackbird official account for high-level Threat Intelligence, APT organization dynamic monitoring, research fraud and anti fraud measures, publish data leakage and user personal privacy theft information, latest malware and vulnerability attack analysis, block chain intelligence, public opinion monitoring intelligence, international strategy information, workplace gossip intelligence, business intelligence, international security game news and other expanded analysis articles.

The official account will release timely pain and hot articles.


Hongyudi (Tianyan laboratory), a senior threat research team under Qianxin, was founded in 2015 and continues to operate the Qianxin Threat Intelligence Center. Since then, it has focused on the research of advanced threat of apt attack. It is the first security research team in China to release and name the "sea Lotus" (apt-c-00, oceanlotus) apt attack group, and also the main force of Qianxin Threat Intelligence Center Threat analysis technical support team, with 0day vulnerability detection capability.

And the official account of the odd intelligence threat center, its weekly Threat Intelligence interpretation column, has the reputation of "the most advanced Threat Intelligence interpretation in the industry". It's enough to watch the official account of APT attacks.

Click jump


An important work of information processing is the integration of information. The information results from previous processing are collected for secondary processing to obtain more complete, valuable and higher-level information results.

It is a difficult problem to deal with the massive information data automatically and to mine and predict the high value information efficiently.

In fact, it is also a knowledge to mine high-value information by using all kinds of data.

Qi'anxin Threat Intelligence Center is also exploring this road. At the same time, we also want to thank the security colleagues for their contributions and efforts to maintain Cyberspace Security, and work together to obtain and respond to Threat Intelligence in a timely manner, so as to reverse the unequal attack and defense in the security field. In this way, we can quickly find security problems and protect user information security in a timely manner.