OSINT Fundamentals

Image Credit :Rosa Snijders

Overview

The rise of modern technology brought the beginning of a new era, which we now refer to as the "information age."

To get the most out of it, internet technologies are now utilized in every aspect of modern life and industry.

Because of this, a tremendous amount of data is spread across the internet, the vast majority of which is accessible to anyone.

Data, the building blocks of many forms of intelligence, are being produced at an ever-increasing rate by our increasingly digitized society.

The larger the data set, the longer it will take to find what you're looking for.

Open source intelligence (OSINT) is a powerful tool in this context.

By using Open-Source Intelligence (OSINT), a corporation can obtain data about potential security threats from a variety of public sources.

Social media platforms, online marketplaces, and even field investigations by security professionals are all fair game.

During a red team exercise or penetration test, the initial stage is to gather as much information as possible on the target.

In most cases, gathering intelligence (reconnaissance) begins with acquiring data from publicly available sources.

The acronym "OSINT" stands for "open-source intelligence."

As an illustration, the rise of social media has lowered the barrier to entry for open source intelligence gathering.

As a result, the adversary can quickly gather information useful for profile analysis and pivoting.

This article will describe open source intelligence (OSINT) and examine its use by diverse parties to meet intelligence requirements.

When asked to define OSINT, what would you say?

Information that can be obtained without limitation from publicly available or freely available sources is known as "open-source intelligence" (OSINT).

There was no infringement of any kind on intellectual property in order to get this data.

Although much of OSINT is conducted online, it does not rely solely on digital information.

Books and other printed materials, as well as broadcast media like television and radio, are examples of OSINT sources.

Due to the proliferation of digital media, many organizations now obtain their OSINT data through the internet.

However, offline information is also used in OSINT.

Books, magazines, newspapers, and other forms of print and broadcast media, as well as the internet, are all examples of OSINT sources.

When conducting OSINT, don't limit your search to the basic direction like Google, Bing, and Yahoo!

Only 4% of the entire web is searchable by these tools since it is buried in the deepest tiers of the internet and requires special access.

Tools & Methods for OSINT Collection

There are many OSINT resources available, both commercial and open-source.

We'll talk about the most popular OSINT tools out there.

Most importantly, know that the OSINT process involves gathering bits of data about a target and then analyzing them using a specific piece of technology.

Google Dorking is * Using Google Search or Googling one's questions.

The primary use case for this is searching publicly accessible web pages for specific text.

The search operators are the basic search tools, and you can find more advanced search operators here: https://www.googleguide.com/advanced_operators_reference.html

Google Dorking, or "hacking" Google, is the practice of employing sophisticated query structures to achieve one's desired outcomes

https://www.google.com/

Check out Google's Hacking Database if you want to learn more.

https://www.exploit-db.com/google-hacking-database

The most typical examples of operators are:

inurl: Looks for a URL that contains one of the specified keywords.

It looks for all or any instances of the term in the title.

filetype: a query that looks for a specific file extension.

In order to differentiate between files with different extensions, the ext notation is employed.

log.cache: displays the cached version of the webpage as kept by Google.

Alternative search engines:

https://duckduckgo.com

https://www.bing.com

https://yandex.com

Next, HIBP (Have I Been Pwned) This is where users can go here to see whether any of their personal data has been compromised in a data breach.

Hundreds of database dumps and pastes containing information from billions of hacked accounts are collected and analyzed, and users can search for their own information by providing a username or email address. If a user is concerned about their email address being exposed in future dumps, they can choose to receive email notifications.

https://haveibeenpwned.com/

PimEyes is an innovative reverse image search engine that employs AI and facial recognition technology to help users find certain images.

Simply by submitting a photo of the person's face, users can launch their search.

PimEyes is a web-based image search engine that can find similar images of a given subject in less than a second.

When conducting a search, PimEyes does not take into account results found on social networking sites.

Instead, the program searches for images that are publicly accessible, such as those on the Internet.

https://pimeyes.com/en

Next is Shodan, it is a well-known open source intelligence (OSINT) tool that can be utilized to locate vulnerable assets.

Shodan makes it possible to map out the locations of vulnerable devices all around the world.

Shodan has a significant presence when it comes to online connected devices because it may be used to access and collect data on many things such as databases, cameras, ICS, and many other things. (a detailed post on shodan will be another time)