OSINT

Open-Source Intelligence and it's role in cybersecurity

OSINT

Osama Shalhoub

2/18/20253 min read

Introduction

What is OSINT?

OSINT (Open-Source Intelligence) refers to the collection and analysis of publicly accessible information. These data sources may include social media, public databases, and even publicly shared cyberattack indicators.

Who Uses OSINT?

OSINT is leveraged by several actors, including:

  • Cybersecurity experts conducting penetration tests and assessing enterprise vulnerabilities.

  • Cybercriminals who exploit available information to execute attacks.

  • Intelligence agencies for national security investigations.

In this blog, we will focus on the use of OSINT in cybersecurity.

Cybersecurity experts & OSINT

OSINT is often used in the initial phase of a penetration test (pentest), known as the "reconnaissance phase." The goal is to gather as much information as possible about the target before attempting any system compromise.

Threat Actors & OSINT

Some OSINT tools can collect sensitive information that may be used either legitimately or maliciously.

For example, The Harvester is an OSINT tool capable of extracting email addresses associated with a domain. These emails can then be used in phishing campaigns targeting company employees.

Other tools help can also collect information like:

  • Open ports and IP addresses exposed to the internet.

  • Hostnames and technologies used by a company.

  • Unpatched vulnerabilities that could be exploited in an attack.

One of the most serious risks involves leaked login credentials for a critical software or service within a company. When exposed on the internet, these credentials can be used to compromise entire systems.

OSINT Data Collection Techniques

There are two types of OSINT reconnaissance, differentiated by their level of interaction with the target.

Active Reconnaissance

Active reconnaissance involves direct interaction with the target meaning that the target can detect and log the actions performed against it

The advantages of this type of information collection are providing real-time information and allowing direct system testing

However the disadvantages are the high risk of detection by security systems such as firewalls IDS and IPS

Scanning open ports using Nmap testing a web server with Nikto and using social engineering techniques such as fraudulent phone calls to extract information are part of active reconnaissance

Passive Reconnaissance

Passive reconnaissance allows for information gathering without direct interaction with the target This means no traffic is generated toward the target’s servers making the process undetectable

The advantage of this type of reconnaissance is that there is no risk of detection However its main disadvantage is that it relies only on publicly available information

The passive methods of this reconnaissance are Google Dorking to find sensitive files on the internet Shodan to identify publicly exposed servers and devices WHOIS database queries to obtain domain ownership details and Copying a website with HTTrack for offline analysis

Examples of OSINT Tools

The Harvester

The Harvester is a tool used to gather email addresses, subdomains, and hostnames associated with a domain. It is particularly useful for identifying potential phishing targets.

Shodan

Shodan is a specialized search engine that scans and indexes internet-connected devices (servers, surveillance cameras, routers, etc.). Hackers use it to find misconfigured systems or unsecured devices.

Google Dorking

Google Dorking involves using advanced search queries on Google to find sensitive files, hidden web pages, or exposed databases.

Babel X

Babel X is an advanced OSINT tool used to analyze discussions on social media and forums. It is often employed for tracking trends, monitoring interest groups, or detecting potential threats.

Ethical and Legal Issues in OSINT

Legality

Accessing and analyzing publicly available information is legal. However, these data can be misused for malicious purposes, such as attackers manipulating them to facilitate illegal activities or spreading misleading information.

Ethics

Even though vast amounts of information are available online, it is essential to use them ethically. Those practicing OSINT must ensure that their research serves a legitimate purpose and does not cause harm to others.

Sources

© 2024. Osama-Shalhoub.com

Home

Q & A

Reviews

Contact

About me

Blog