Open Source Intelligence (OSINT)

Date: 2021-10-27

Difficulty: Beginner

Delivered By: Bilaal Rashid

Overview

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.

It’s important to know your target extremely well before you start an attack. You can find very interesting information that could possibly lead to an easier point of ingress.

'Doxxing' is the act of performing open-source intelligence on a target to create a dossier of compromising material that will be published.

The term "open" refers to overt, publicly available sources as opposed to covert, clandestine sources. An open resource could be an email address that is publicised, whereas a closed resource is getting an email from a database dump (don't buy a database dump, it's a tad sus).

What and Where to Look

Look for any information that could be weaponized (pictures of badges, email addresses, IP addresses, DNS information etc). Have a look at company and staff social media, the company website, newspapers, online publications, blogs, etc.

Prerequisites

There are no prerequisites required to take part in this session. All you need it a web browser and a curious mind.

Challenges

SecureATea are a new (and fake) start-up with a revolutionary idea, and now they're back for 2021, bigger and better (and hopefully a little more secure). It's got machine learning, blockchain, an ICO, all on 5G. However, for all the buzzwords, their security could use some work.

The aim of the session is to use OSINT to find useful information about SecureATea's website. You do not need to send any goofy requests to the website, all you need is a browser and to explore what is online.

The session can be found at https://osint.sucss.org.

Further OSINT Work

Trace Labs uses OSINT to help find people who have gone missing. They are there to help investigate missing person cases, as well as educate individuals on OSINT techniques.

Useful Resources for Session

• CyberChef

• AES Encryption/Decryption

• git-diff

• Subdomain Finder

• Web FTP Client

• Web EXIF & Metadata Viewer

Useful OSINT Resources

• OSInt Framework - A website that collates many different resources to perform open-source intelligence.

• Shodan - A search engine to find specific types of computers connected to the Internet.

• Google 'Dorks' - You can use advanced operators in Google in order to locate security holes in configurations and code that websites are using.

• robots.txt