2020-10-14 - Open-source Intelligence

Skill Level: Beginner

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.

It’s important to know your target extremely well before you start an attack. You can find very interesting information that could possibly lead to an easier point of ingress.

'Doxxing' is the act of performing open-source intelligence on a target to create a dossier of compromising material that will be published.

The term "open" refers to overt, publicly available sources as opposed to covert, clandestine sources. An open resource could be an email address that is publicised, whereas a closed resource is getting an email from a database dump (don't buy a database dump, it's a tad sus).

What and Where to Look

Look for any information that could be weaponized (pictures of badges, email addresses, IP addresses, DNS information etc). Have a look at company and staff social media, the company website, newspapers, online publications, blogs, etc.

Challenges

SecureATea are a new (and fake) start-up with a revolutionary idea. It's got machine learning, blockchain, an ICO, all on 5G. However, for all the buzzwords, their security could use some work.

The aim of the session is to use OSINT to find useful information about SecureATea's website. You do not need to send any goofy requests to the website - much like last week's session, all you need is a browser and to explore what is online.

Start at http://osint.sucss.org/. If you find a flag that looks something like flag{...}, be sure to submit it to our flag tracker.

Further OSINT Work

Trace Labs

Trace Labs uses OSINT to help find people who have gone missing. They are there to help investigate missing person cases, as well as educate individuals on OSINT techniques.

Useful Resources for Session

CyberChef

AES Encryption/Decryption

git-diff

Useful OSINT Resources

OSInt Framework

A website that collates many different resources to perform open-source intelligence.

Shodan

A search engine to find specific types of computers connected to the Internet.

Google 'Dorks'

You can use advanced operators in Google in order to locate security holes in configurations and code that websites are using.