What is OSINT in cyber security | how to use OSINT techniques
What is OSINT ?
OSINT ( Open Source Intelligence ) and it is the one of the key aspects in the cyberSecurity.
NOTE : “OS” (from OSINT) means OPEN SOURCE. In this case, it is not related to the
Open source movement
The term OSINT come from US military agencies the started using the term OSINT in late
1980’s as they re-evaluating the nature of information requirements in tactical levels under
battlefields.In 1992 the intelligence Reorganization Act determined that there is main goals
of intel gathering included key concepts like:
- Must be objective intelligence free.
- Data must be available on public and may be non-public sources
The key word Behind OSINT concept is information, and most importantly, information that can
be obtained for free and information that Publicly available and it doesn’t matter if it located inside
newspapers, blogs, web pages, tweets, social media cards, images, podcasts, or videos as long as it
is public, free and legal.
OSINT Examples:
But OSINT is even simpler, you know; many of us associate OSINT to cyber war, Cyber attack,
CyberSecurity, etc. while those Things are a part of it, OSINT is much more explicit and
uncomplicated.
as you see, you don’t need to be a hacker to use OSINT in your daily life. Because your already
using it, you just might have not know about it.
OSINT Examples includes:
- Asking question to google.
- Research public forms on how wifi hacking work.
- Watch a youtube video how to use OSINT in daily life.
HOW IS OPEN SOURCE INTELLIGENCE USED IN CYBER Security ?
In the cyberSecurity field, using the right utilities for your OSINT investigation can be really
effective if you combine it with critical thinking and have a clear OSINT strategy.
Whether you are running a cyber security investigation against a Company/Person or if you are
on the opposite side working to identify and mitigate threats, having pre-defined OSINT Techn-
iques and clear goals can save you a lot of time.
OSINT Techniques and Resources ?
while there are a lot of OSINT Techniques and mechanisms, not all of them will work for your
target. First, you will have to ask yourself a couple of questions:
- What am I looking for?
- What is my main research goal?
- What or who is my Target?
- How am I going to conduct my research?
Try to find the answer to these questions, and that will be the first step in your OSINT
Investigation.
OSINT Techniques can be split into two major categories that involve different Type of contact
with your target
While a lot of OSINT Techniques are used by government and Military agencies, they can often be
applied to your own company, too. Some may work, others may not, but that’s part of the OSINT
strategy - you will have to identify which source are good and which ones are irrelevant for your
research.
- Collect employee full names, job roles, as well as the software they use.
- Review and monitor search engine information from Google, Bing, Yahoo, and others.
- Monitoring personal and corporate blogs, as well as review user activity on digital forums.
- Identify all social networks used by the target user or company.
- Review content available on social networks like Facebook, Twitter, Google Plus, or Linkedin.
- Access old cached data from Google – often reveals interesting information.
- Identify mobile phone numbers, as well as mail addresses from social networks, or Google results.
- Search for photographs and videos on common social photo sharing sites, such as Flickr, Google Photos, etc.
- Use Google Maps and other open satellite imagery sources to retrieve images of users’ geographic location.
These are some of the most popular techniques you will find. However, after you are done doing
OSINT research, you will have a lot of data to analyse. That’s when you will have to refine your
results, and search in detail for all the really necessary things you need and discard the rest.
The final step in OSINT strategy will be to translate all this digital intelligence data into a human-
readable format, so it can be understood by non-technical individuals, which are often at the head
of most companies.
Taking Your OSINT strategy to the next level
OSINT would be nothing if we didn’t have the right tools to fetch all this intelligence data.
That’s why we will now take a look at the most popular open source intelligence data collection
tools available.
Quite simply, it all starts with Google. And when it comes to open source intelligence, it’s also
one of the most useful scripts and programs around.
The hacking techniques commonly referred to as "Google Dorks" are simple yet effective ways to
use the most popular search engine on earth for OSINT purposes. This is done thanks to users
exposing sensitive information by accident, leaving unprotected data, variables, databases and
codes ready for crawling by Google.
You'll find more valuable information on how to search for sensitive information on Google in our
article about Google Dorks.
Apart from searching on Google, there are a lot of other useful applications when it comes to
OSINT.
Ex . Google Dorks
- inurl: this is exactly the same as allinurl ,but it is only useful for one single keyword, e.g. inurl:c0r3h4ck
- site: will show you the full list of all indexed URLs for the specified domain and subdomain, e.g. site:c0r3h4ck.blogspot.com
- inanchor: this is useful when you need to search for an exact anchor text used on any links, e.g. inanchor: “c0r3h4ck”
- filetype: used to search for any kind of file extensions, for example, if you want to search for pdf files you can use: email security filetype: pdf
Wappalyzer (previously covered in our CMS Detector article) is another great resource for
technical data about the technologies running on any website, including software name and
versions.
This intel data can later be used to search for active CVEs, to find potential threats behinf those
running technologies.
What other OSINT apps and scripts can you use? Literally hundreds of utilities, including:
- Personal data collection tools like Pipl, which can reveal a lot of information about individuals, all in one place.
- The Wayback Machine, a site that explores old versions of websites to reveal important information.
- GeoCreepy, which tracks down geographic location information to provide a clear picture of users' current locations.
- Automated OSINT apps for retrieving information, like Spiderfoot or the Phantom + SecurityTrails integration
- AMASS is another great tool for information gathering and network mapping that you should keep in mind.
- Popular OSINT browser extensions that include useful sources, like OSINT Browser.
- Running port scanners against the target company's server's infrastructure to find running services.
- OSINT tools like Shodan, to search for internet-connected devices used by your target.
- Our own SecurityTrails toolkit, which explores DNS services as well as domains, subdomains and IP addresses.
Linux Tools:
- https://github.com/sundowndev/phoneinfoga PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources.
- https://github.com/laramies/theHarvester , he tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources that include: google, Baidu, bing, etc…
- https://github.com/EnableSecurity/wafw00f wafw00f can detect a number of WAF (web application Firewalls)
Summary
Now you know what OSINT is, and how you can make use of it to boost
your cybersecurity
investigations, as well as to prevent attacks into
your own network by hiding crucial information
from your company,
people, as well as domain names, servers, IP addresses and much more.
Totally love your blog, but it seems you are not getting much SEO ranks for ur efforts, we got you covered with hacklido.com a all new and modern cybersecurity community for researchers, leaners, experts and enthusiasts. Come and write your blog at hacklido.com/blog today!
ReplyDelete