TLDR- Blog will comprise of two parts.In first part we talk about OSINT and various resources used for it in infosec and in second blog we will look into some osint challenges.
This blog is brief introduction to the OSINT. It tells what OSINT is about how to perform it .
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or collective intelligence.
Open source intelligence (OSINT) is information collected from public sources such as those available on the Internet, although the term isn’t strictly limited to the internet, but rather means all publicly available sources.
“OS” (from OSINT) means Open Source. In this case, it is not related to the famous [open source movement][34], but to any publicly available source where the user can obtain the information in their intelligence data collection.
The key word behind OSINT concept is information, and most importantly, information that can be obtained for free. It doesn’t matter if it is located inside newspapers, blogs, web pages, tweets, social media cards, images, podcasts, or videos as long as it is public, free and legal.
With the right information in your hands, you can get a great advantage over your competition, or speed up any company/people investigation you are in charge of.
It can be simple as it is to
OSINT IN CYBER SECURITY
While there are a lot of OSINT techniques and mechanisms, not all of them will work for your target. First, you will have to ask yourself a couple of questions:
Try to find the answer to these questions, and that will be the first step in your OSINT investigation.
While a lot of OSINT techniques are used by government and military agencies, they can often be applied to your own company, too. Some may work, others may not, but that’s part of the OSINT strategy — you will have to identify which sources are good and which ones are irrelevant for your research.
Let’s take a look into the most popular OSINT techniques used in cybersecurity:
These are some of the most popular techniques you will find. However, after you are done doing OSINT research, you will have a lot of data to analyze. That’s when you will have to refine your results, and search in detail for all the really necessary things you need, and discard the rest.
The final step in the OSINT strategy will be to translate all this digital intelligence data into a human-readable format, so it can be understood by non-technical individuals, which are often at the head of most companies.
Since whole internet is your friend in OSINT.So you are fatal and dangerous for your target.
See we can see 458 employees of tesla motors.This will include engineers,managers,HR’s,CEO,CTO etc.
for example to look for passwords in the github repo’s of the target company
"target.com” password
user credentials getting leaked on github
To look for ftp or sftp credentials of your target
"target.com" filename:ftpconfig
"target.com" filename:sftp-config.json password
For smtp credentials
"target.com" filename:.env MAIL_HOST=smtp.gmail.com
For mysql credential search for your target
"target.com" extension:sql mysql dump password
Here are some more dorks
filename:credentials aws_access_key_id
filename:wp-config.php
filename:id_rsa
#cybersecurity #infosec #recon #research #osint #go