Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
Error in user YAML: (<unknown>): found unexpected end of stream while scanning a quoted scalar at line 1 column 8
---
title: "Step 9: Open Source Intellegence
---

I think a sentence or two linking back to the video would help with signposting here (once we know the content of the video) - e.g. "The video in the previous section introduced you to Open Source Intelligence (OSINT). In this section, we'll examine this in more detail, covering the tools used for this before we take you through a practical walkthrough. To recap some key terms related to OSINT:

Social engineering is where the attacker attempts to manipulate a human target to complete an attack, rather than using a technical approach. Like all other forms of cyber attack they rely on having a good understanding of the target to succeed.

Reconnaissance (or recon) is the initial step of any security audit. During the recon process a hacker will attempt to gather as much information as possible on the target network, and the people who use it. In this session we are going to look are recon techniques for the human element, and examine how much information we leave about ourselves on the internet.

Open Source Intelligence

Open Source Intelligence (OSINT) makes use of publically available information to build a picture of a target.

Information on Individuals can be found from a few different sources

  • Social media accounts
  • Forum / blog posts
  • Organisational affiliations
  • Potential passwords from other leaks

This sort of personal information can be a goldmine: hobbies and interests can help us shape potential passwords; Social media gives us a better handle on what kind of person we may be targeting. Again this can help us to target any phishing attack for a greater chance of success.

Having established how useful gathering information on the human element of an organisation is, the next questions is 'How do we get this information?'

Tools for OSINT

When it comes to tools for OSINT, there is no specific tool that can be used for everything. Instead, we rely on collecting information from a wide range of sources to help us draw our conclusions. I like to think of this as the bit in a detective drama, where they put maps, photos, and pieces of information on a whiteboard, with bits of string linking everything together.

Google Hacking

A Search Engine is usually our first point of call. Google puts a huge amount of effort into finding and indexing information that is available on the web.

As well as the standard google search, we can use the advanced search to help narrow our data down.

Google Advanced Search

The advanced search gives us a lot of scope to filter the results. (Note, we can these filters outside of the "Advanced Search", using a keywords. I have included a link to a cheatsheet below)

Advanced Search Options

These options give us much greater control over the results we gather. for examine limiting the search to a specific website, and searching for filetypes. For example, searching for me "Dan Goldsmith" may return a lot of false positives, highlighting the search results to those from "coventry.ac.uk" should return more relevant results.

Social Media

There are a huge number of social media platforms, and trawiling them for relevant information on our target would be a difficult task. Fortunately for us, both Intel Techniques and Qwarie have collected and categorised tools for all manner of OSINT; for discovering information from email addresses to social media profiles.

Searching For more information

There are a huge number of tools available for OSINT. It's beyond the scope of this course to discuss each of them. However, I hope that the examples above have given you some ideas on how, with some targeted searching, we can take a small amount of public information and discover a lot.

The next step is a practical activity using OSINT tools to see what information you can discover about yourself.