VN#032
Alicja Pawlowska
December 01, 2025
Hi Everyone,
After a short break, the newsletter is back and now on a steady two-week cycle. And from December, we’re returning to the full, regular structure 🙌.
In the meantime, I’ve been learning new skills from scratch and picking up fresh knowledge. I used to approach this topic a bit hesitantly, thinking it would be too difficult. But the best kind of learning happens when I know my efforts can make a real impact, and I can put what I’ve learned into practice - just like I’m doing now.
At the moment, I’m in that exciting in-between stage where the data is there, your investigative instinct tells you it means something, but you’re not yet sure how all the pieces connect or what bigger picture they might reveal. You know that feeling? Curiosity on overdrive, open and unbiased exploring, throwing out questions no one on the team has answers to yet, but maybe something will click eventually.
Honestly, I really enjoy that messy, exploratory part, choosing methodologies, testing tools, following threads just to see where they go. And if all goes well, maybe this curiosity will lead to a full case study I can share at the first event in April, where I’ll be speaking 🤫
Speaking of new things - I had the absolute pleasure of being a guest on a brand-new podcast, Due Diligence Download, hosted by Sylwia Wolos and Amritha Edachery. Huge thanks to both for the invitation, and for making me their second-ever guest.
It was actually my first time recording a conversation like this, and it turned out to be such a great experience. I also love the title of the episode 💛
Due Diligence Download is an unfiltered and fun conversation about corporate investigations and due diligence. Hosted by two industry veterans, the show shares stories, case studies, research and investigation techniques, industry secrets, and gaps no one else talks about, based on decades of experience and thousands of projects completed. Designed for risk and compliance professionals, as well as business intelligence and due diligence practitioners, the podcast demystifies complex processes, busts industry myths, and highlights the vital value due diligence brings to business.
Sylwia told me the idea had been brewing for a long time: there were plenty of great compliance podcasts out there, but nothing that really focused on due diligence and investigations. At the same time, most risk and compliance content felt so serious and far too often - simply boring. I wanted to create something that shows what an incredibly essential and interesting part of risk management the investigation is. When I pitched the idea to Amritha, she jumped in without a moment’s hesitation. It’s been a great creative outlet for both of us and a source of many long fun chats and lots of laughter. It’s reception in the risk and compliance space, and the superb support of our sponsors, has been incredible and made this all worthwhile.
While I was preparing this issue, Amritha told me they’ve had way too much fun working on it — more than she ever thought possible.
Meet the hosts:
A huge shout-out to the sponsors who are supporting this project and doing fantastic work in the industry:
Show them some love by following their socials, and of course, follow the podcast itself: Due Diligence Download Socials: LinkedIn | YouTube | Instagram
Upcoming CyberSec / OSINT Events
Free 🎅 🤶 CTFs & Challenges
Curious how many OSINT Advent CTFs there were last year? You can check them in newsletter VN#007! This year the highlight is the ADVENT OF OSINT from OSINT4Fun. Once again, Sofia Santos has created two tricky but fun challenges. I solved her challenges last year - they weren’t technically difficult, but you had to come up with creative solutions. For me, it was a lot of fun, because OSINT is all about enjoying the process of investigation! Besides Sofia Santos, this year’s challenges were also created by OpenFacto, Oscar Zulu, Projet FOX, OSINT-FR, and Romain P. Shout-out to Alain for creating the third edition this year! 👏
[OSINT] OSINT4Fun Advent of OSINT 2025 - December 1–24, 2025. Daily OSINT challenges created by OSINT enthusiasts and professionals, available in English and French. Participants can join individually or in teams. Website
[CYBER] Advent of Pwn 2025 - December 1–12, 2025. Daily pwn.college challenges focusing on exploitation, reverse-engineering, and security skills. Check the website.
[CYBER] Advent of Code 2025 -December 1–12, 2025. Annual programming-puzzle event: each day a new coding puzzle drops. Ideal for sharpening your algorithmic and problem-solving skills using any language you like.
[CYBER] Advent of Vibe Coding 2025 - December 1–12 2025. A free AI-coding challenge series: each day you get a short task via email, designed to build AI-assisted coding workflows and teach how to use AI tools responsibly and effectively.
[OSINT] OSINT Industries Christmas CTF - December 1–24, 2025. A month-long OSINT event with new challenges every two days and 🏆️ £500 in prizes. The first challenge, GEOSINT Paris – “Masked Man” is about to identify the exact Parisian intersection where a masked figure is standing and name the nearest metro station. Linkedin | CTF webiste
[CYBER] TryHackMe Advent of Cyber 2025 - December 1–24, 2025. Annual series of daily cybersecurity challenges covering topics such as penetration testing, cloud security, log analysis, digital forensics, and web application security. Suitable for all skill levels.
[OSINT & CYBER] HEX Advent 2025 - December 1–31, 2025 (Singapore 🇸🇬). Christmas-themed CTF calendar designed for women, by women. Participants can register anytime and submit flags and writeups by December 31, 2025 (23:59 SGT). Challenges created collaboratively by STAR Labs SG team. Focus areas include Pwn (Binary Exploitation), Cryptography, Reverse Engineering, Forensics, OSINT, and Web Exploitation. Register & Participate | Main Blog | Discord
[CYBER] YBN CTF 3.0 – Christmas Edition - December 20, 2025 – January 1, 2026 (Singapore 🇸🇬). Online, individual CTF with 12 days of challenges suitable for all skill levels. Sign up before December 10. Join the Discord community to participate and discuss. Website | Discord | Registration
[CYBER] SANS Holiday Hack Challenge 2025 - Reports should be submitted by the end of the day on January 5, 2026. Hands-on cybersecurity challenges for all skill levels, with prizes for top participants. Website
In-Person Events
OSINT Playdate #4 (Zurich, Switzerland) — December 5, 2025. In-person meetup for OSINT enthusiasts to solve puzzles together, exchange techniques, and network. Exercises range from easy to hard. Event Details
UK OSINT Community: Crypto @ Christmas (City St Georges, University of London) — December 11, 2025. Event focusing on OSINT and cryptocurrency, open to students, academics, and public. Event Details
Other events
[OSINT & CYBER] Cyber Advent / Not The Hidden Wiki community events — Series of lectures and workshops on cybersecurity and OSINT in Polish and English, available throughout December. Website in polish | Discord in both languages
[CYBER] Cloud Security Championship — Monthly challenges created by the community to practice and improve cybersecurity skills. Website
[CYBER] Advent of SQL 2025 — SQL-focused challenge calendar for participants wanting to test advanced database and query skills. Although the December edition hasn’t started yet, for those looking for an extra challenge, I found the Korean version of this challenge. 😄
[OSINT] Cyvia’s 25 Days of OSINT - December 1–25, 2025. Christmas OSINT series introducing 25 powerful OSINT tools across 5 categories (General OSINT & Recon, Social Media & People Search, Domain/DNS/Network Intelligence, Web & Dark Web Investigation, Geolocation/Images/Media Verification.| LinkedIn | YouTube | Website
If you enjoyed this newsletter, share it with your OSINT friends! 🕵️♂️✨
Help spread the word - the more people who join, the richer our community of investigators becomes. Share this on your socials, tag your colleagues, or forward it to anyone who loves OSINT and cyber challenges. Let’s grow our network.