how to do OSINT(open source intelligence) | Guide for beginners
OSINT (Open Source Intelligence) is equally beneficial for both the attackers (malicious actors) and defenders. According to SANS institute, it is defined as:
“Intelligence produced by collecting, evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question.” Malicious actors use OSINT in order to collect information for Reconnaissance stage of their attack.
Real-world example of OSINT
Say a business believes there has been a data breach. Their cybersecurity team begins by scouring forums and dark web sites for employee credentials that have been exposed, using OSINT. A post containing credentials from the company’s email domain is discovered by them. They then look through social media accounts and find staff members talking about work-related matters, which exposes lax security procedures.
They also discover a sensitive firm data-containing unprotected server that search engines have indexed. The team gathers and examines this data in order to find weak points, notify impacted staff, fortify security protocols, and stop additional intrusions.
Common source for OSINT
By combining information from social media, websites, and public records, you can build a detailed profile and gather valuable intelligence in a straightforward and legal manner.
Social media platforms like Facebook, Twitter, LinkedIn, and Instagram are treasure troves of information. People often share personal details, job updates, locations, and even their interests.
Assume you are conducting a background investigation on John Doe. You can find out his date of birth, hometown, and list of friends by looking through his Facebook profile. You can learn about his employment history, skills, and professional connections from his LinkedIn profile. You can learn about his opinions, interests, and social media connections from his Twitter account.
Websites can provide a wealth of information about individuals, companies, or organizations. This includes company websites, personal blogs, news articles, and more.
If you’re looking into a small business, their website might list key employees, office locations, and contact details. A news article might provide insights into recent activities or events involving the business. A personal blog could offer details about the blog owner’s hobbies, experiences, and viewpoints.
Public records include documents that are freely available to the public, such as government databases, court records, property records, and business registrations.
Imagine you’re investigating a company. You can search government databases to find their business registration details, including the owners’ names and addresses. Real estate owned by the company or its owners may be visible in property records. Court records can reveal any legal issues or lawsuits involving the company.
Legal and ethical consideration
When conducting OSINT, adherence to ethical standards is crucial. Always respect personal space and refrain from gaining unauthorized access to it. Do not use hacking tools, for instance, to access databases or private accounts. Stick to publicly available data, like social media posts and websites, that people willingly share. Avoid spreading false information or making unverified claims based on your findings.
Take appropriate care and refrain from disclosing private or sensitive information if you come across it. For example, do not use passwords that you find leaked maliciously; instead, report them to the appropriate authorities. Respecting these guidelines ensures that your OSINT activities are both legal and ethical, contributing positively to cybersecurity and information security.
Tools for doing OSINT
Shodan is a search engine for finding devices connected to the internet, like webcams, servers, and routers. It shows details about these devices, including their IP addresses, locations, and sometimes vulnerabilities.
If you’re investigating a company’s online security, you could use Shodan to find their exposed servers or webcams. If you look up the IP range of the company, you may find devices that are not secure and could be used by hackers.
Maltego is a tool for mapping relationships between people, organizations, and websites. It creates visual graphs showing how different pieces of information are connected.
Imagine you’re researching a business. You can use Maltego to gather data from social media, domains, and email addresses, then visualize how these elements are linked. This helps you understand connections, such as who owns related websites or who is associated with certain emails.
Recon-ng is a web reconnaissance framework used to gather information from various online sources. It automates searches and organizes data into reports.
If you need to collect detailed information about a target, such as an individual or organization, Recon-ng can automate the process. You can use it to search for details like email addresses, domain names, and social media profiles, then compile this information into a structured report.
Closing Thoughts
Mastering OSINT opens up a world of possibilities for gathering and analyzing valuable information from publicly available sources. By understanding the basics and leveraging tools like social media, websites, and public records, you can uncover insights that drive smarter decisions and enhance security. Remember, ethical considerations are crucial, always respect privacy and handle data responsibly.
As you practice and refine your skills, you’ll become more adept at navigating the vast ocean of open-source information. Embrace the journey of learning and exploration, and stay updated with the latest OSINT techniques to keep your knowledge sharp and relevant. With these foundational skills, you’re well on your way to becoming an effective and ethical OSINT practitioner.