Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
---
title: "Step 9: Open Source Intellegence
---
[I think a sentence or two linking back to the video would help with signposting here (once we know the content of the video) - e.g. "The video in the previous section introduced you to Open Source Intelligence (OSINT). In this section, we'll examine this in more detail, covering the tools used for this before we take you through a practical walkthrough. To recap some key terms related to OSINT:]()
**Social engineering** is where the attacker attempts to manipulate a
human target to complete an attack, rather than using a technical
approach. Like all other forms of cyber attack they rely on having a good
understanding of the target to succeed.
**Reconnaissance** (or recon) is the initial step of any security audit.
During the recon process a hacker will attempt to gather as much
information as possible on the target network, and the people who use
it. In this session we are going to look are recon techniques for the
human element, and examine how much information we leave about
ourselves on the internet.
## Open Source Intelligence
Open Source Intelligence (OSINT) makes use of publically available
information to build a picture of a target.
**Information on Individuals** can be found from a few different sources
- Social media accounts
- Forum / blog posts
- Organisational affiliations
- Potential passwords from other leaks
This sort of personal information can be a goldmine: hobbies and
interests can help us shape potential passwords; Social media gives
us a better handle on what kind of person we may be targeting. Again
this can help us to target any phishing attack for a greater chance of
success.
Having established how useful gathering information on the human
element of an organisation is, the next questions is 'How do we get
this information?'
# Tools for OSINT
When it comes to tools for OSINT, there is no specific tool that can
be used for everything. Instead, we rely on collecting information
from a wide range of sources to help us draw our conclusions. I like
to think of this as the bit in a detective drama, where they put maps,
photos, and pieces of information on a whiteboard, with bits of string
linking everything together.
## Google Hacking
A Search Engine is usually our first point of call. Google puts a
huge amount of effort into finding and indexing information that is
available on the web.
As well as the standard google search, we can use the *advanced*
search to help narrow our data down.
![Google Advanced Search](Image/AdvancedGoogle.png)
The advanced search gives us a lot of scope to filter the
results. (Note, we can these filters outside of the "Advanced Search",
using a **keywords**. I have included a link to a cheatsheet below)
![Advanced Search Options](Image/GoogleAdvFields.png)
These options give us much greater control over the results we gather.
for examine limiting the search to a specific website, and searching
for filetypes. For example, searching for me "Dan Goldsmith" may
return a lot of false positives, highlighting the search results to those
from "coventry.ac.uk" should return more relevant results.
## Social Media
There are a huge number of social media platforms, and trawiling them
for relevant information on our target would be a difficult task.
Fortunately for us, both Intel Techniques and Qwarie have collected
and categorised tools for all manner of OSINT; for discovering
information from email addresses to social media profiles.
- <https://inteltechniques.com>
- <https://www.uk-osint.net>
## Searching For more information
There are a huge number of tools available for OSINT. It's beyond the
scope of this course to discuss each of them. However, I hope that
the examples above have given you some ideas on how, with some
targeted searching, we can take a small amount of public information
and discover a lot.
The next step is a practical activity using OSINT tools to see what
information you can discover about yourself.