Other sneaky OSINT techniques
Engineering job listings often reveal the technologies the company uses.
If you can’t find relevant job posts, search for employees’ profiles on LinkedIn, and read employees’ personal blogs or their engineering questions on forums like Stack Overflow and Quora.
People’s work calendars often contain meeting notes, slides, and sometimes even login credentials. If an employee shares their calendars with the public by accident, you could gain access to these.
The organisation or its employees’ social media pages might also leak valuable information. Like a sets of valid credentials on Post-it Notes visible in the background of office selfies???
If the company has an engineering mailing list, sign up for it to gain insight into the company’s technology and development process.
Check for SlideShare or Pastebin accounts.
Consult archive websites like the Wayback Machine. Tomnomnom’s tool Waybackurls can automatically extract endpoints and URLs from the Wayback Machine.