OSINT

Open Source Intelligence

  1. What is OSINT?

    • Definition: Open Source Intelligence (OSINT) is derived from publicly available information that is collected, exploited, and disseminated in a timely manner to address specific intelligence requirements.

  2. Advantages of OSINT:

    • Cost-Effective: Mostly free to use.

    • Wide Availability: Offers unlimited potential on any topic.

    • Up-to-Date: Generally current and can be shared with anyone.

  3. Disadvantages of OSINT:

    • Disinformation Risk: Information might be inaccurate or misleading.

    • Volume of Data: Identifying relevant and reliable sources can be challenging due to the vast amount of publicly available information.

  4. Uses of OSINT:

    • For Threat Actors: They use OSINT to identify potential targets and exploit weaknesses.

    • For Security Professionals:

      • Identify the organization's exposed attack surface (e.g., public IP ranges, open ports, company domains).

      • Collect information about adversaries (e.g., monitoring threat actor communications).

  5. Examples of OSINT Tools:

    • OSINT Framework: A collection of OSINT tools categorized by types of information (e.g., username, email address, domain name).

    • Shodan, Censys, Binary Edge: Search engines that find publicly available devices like webcams, routers, and servers.

OSINT Types

  1. Credential Monitoring:

    • Tools: Use tools like Have I Been Pwned, GhostProject, and DeHashed to check if your email or credentials have been compromised in breaches.

    • Action: Regularly monitor these platforms and update your passwords if your credentials are found.

  2. Google Dorks:

    • Definition: Advanced search queries that use specific operators to find information not readily available on websites.

    • Example: searchterm site:example.com filetype:pdf to find PDF files containing a search term on a specific website.

    • Use Case: Searching for terms like "password" on public platforms like Trello to find exposed sensitive information.

  3. Recommendations:

    • Reset Credentials: If you've shared credentials publicly, reset them immediately.

    • Privacy Settings: Set documents and boards on platforms like Trello, JIRA, and GitHub to private.

    • Protect Assets: Secure publicly exposed assets like routers and databases to prevent unauthorized access.

PreviousPublic Data SourcesNextData Management and Processing

Last updated