This research-in-progress paper describes the development of a pedagogical exercise on open source intelligence gathering (OSINT). Exercise materials will include instructions, teaching notes, assessment criteria, and a preconfigured virtual machine (VM), which acts as a local web server. The VM will host multiple websites containing vulnerable information pertinent to a fictitious target organization, in effect creating a capture the flag (CTF) scenario. The exercise will not only teach students how to find public information, but also help students realize the importance of protecting such information. While this exercise is primarily geared towards those pursuing a career in information security, the exercise is appropriate for all students as it shows how personal information could be used against them, as well as their organizations.