OSINT

What is OSINT ?

OSINT is Open Source Intelligence (OSINT). OSINT can help companies quickly detect when sensitive company information is discussed or published on dark web message boards or forums, helping security teams investigate breaches and learn about the vulnerability hackers may have exploited to access the information. OSINT takes three forms:- Passive, Semi-passive, and Active.

• Passive Information Gathering: Passive Information Gathering is generally only useful if there is a very clear requirement that the information gathering activities never be detected by the target. This type of profiling is technically difficult to perform as we are never sending any traffic to the target organization neither from one of our hosts or “anonymous” hosts or services across the Internet. This means we can only use and gather archived or stored information. As such this information can be out of date or incorrect as we are limited to results gathered from a third party.

• Semi-passive Information Gathering: The goal for semi-passive information gathering is to profile the target with methods that would appear like normal Internet traffic and behavior. We query only the published name servers for information, we aren’t performing in-depth reverse lookups or brute force DNS requests, we aren’t searching for “unpublished” servers or directories. We aren’t running network level port-scans or crawlers and we are only looking at metadata in published documents and files; not actively seeking hidden content. The key here is not to draw attention to our activities. Post mortem the target may be able to go back and discover the reconnaissance activities but they shouldn’t be able to attribute the activity back to anyone.

• Active Information Gathering: Active information gathering should be detected by the target and suspicious or malicious behaviour. During this stage we are actively mapping network infrastructure (think full port scans nmap –p1-65535), actively enumerating and/or vulnerability scanning the open services, we are actively searching for unpublished directories, files, and servers. Most of this activity falls into your typically “reconnaissance” or “scanning” activities for your standard pen-test.

It generally consists of the following :

(IN-ORDER TO VIEW EACH IN DETAIL AND GET RELATED DOCS/LINKS , CLICK THEM)

Sock Puppets

Search Engine Operators

Reverse Image Searching

Viewing EXIF data

Physical location OSINT

Identifying geographical locations

Discovering email address

Password OSINT

Hunting Usernames and Accounts

Searching for people

Voter records

Hunting phone numbers

Searching for resumes

Social Media OSINT

Website OSINT

Business OSINT

Wireless OSINT

Building an OSINT Lab

Working with OSINT Tools

Additional Resources and Conclusion

Downloadable Tools