Osint presentation nov 2019
2 likes•6,778 views
The document discusses open source intelligence (OSINT), including what it is, how it is used, techniques for gathering it, and tools that can be used. OSINT involves collecting publicly available data for intelligence purposes. It is produced from public sources and addresses specific intelligence needs. Security professionals use OSINT to identify vulnerabilities in organizations from accidental information leaks online or exposed assets. However, threat actors also use OSINT to find targets and vulnerabilities to exploit. The document recommends using OSINT proactively to find and address weaknesses before threats actors do. It provides examples of tools like Excel, OSINT Framework, Github search, and Wappalyzer that can be used to search public data and identify technical details about organizations and vulnerabilities.
Osint presentation nov 2019
- 1. Open Source Intelligence - Tools and Techniques Session by Gowdhaman (CISO - LatentView Analytics)
- 2. 2 Topics covered ▪ What is Open Source Intelligence (OSINT) ▪ How Is Open Source Intelligence Used? ▪ The Dark Side of Open Source Intelligence ▪ Open Source Intelligence Techniques ▪ Identifying Sensitive/Confidential information – Github, Google and websites.
- 3. 3 What is Open Source Intelligence (OSINT) ▪ Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. ▪ According to U.S. public law, open source intelligence: ▪ Is produced from publicly available information ▪ Is collected, analyzed, and disseminated in a timely manner to an appropriate audience ▪ Addresses a specific intelligence requirement ▪ “Publicly Available” No Intrusion. 6 Categories of OSINT Sources ▪ Media, print newspapers, magazines, radio, and television from across and between countries. ▪ Internet, online publications, blogs, discussion groups, citizen media ▪ Public Government Data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. ▪ Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses. ▪ Commercial Data, commercial imagery, financial and industrial assessments, and databases. ▪ Grey literature, technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.
- 4. 4 How It can be used Security Professionals ▪ Most of the tools and techniques are used by security professionals to conduct open source intelligence initiatives. ▪ Accidental leaks of sensitive information, like through social media ▪ Open ports or unsecured internet-connected devices ▪ Unpatched software, such as websites running old versions of common CMS products ▪ Leaked or exposed assets, such as proprietary code on paste bins Identifying External Threats ▪ Open source intelligence enables security professionals to prioritize their activities ▪ Threat actors continue to exploit older vulnerabilities, Focus Area is only on : Zero Day Vulnerability ▪ Report Says - 19 % of exploited vulnerabilities Year Old ▪ With the growing use of smart devices like mobile phones and the various products - Vulnerabilities are exploited ▪ It can help us to understand what is the awareness level of the organization or the members. ▪ Having a clear strategy and framework in place for open source intelligence gathering is ▪ Simple and cost effective and unbiased report
- 5. 5 Dark Side of Open Source Intelligence ▪ Anything that can be found by security professionals can also be found (and used) by threat actors. ▪ Threat actors use open source intelligence tools and techniques to identify potential targets and exploit weaknesses in target networks. ▪ Once a vulnerability is identified, it is often an extremely quick and simple process to exploit it and achieve a variety of malicious objectives. ▪ This process is the main reason why so many small and medium-sized enterprises get hacked each year. ▪ Threat actors also seek out information about individuals and organizations that can be used to inform sophisticated social engineering campaigns using phishing (email), vishing (phone or voicemail), and SMiShing (SMS). ▪ Often, seemingly innocuous information shared through social networks and blogs can be used to develop highly convincing social engineering campaigns, which in turn are used to trick well- meaning users into compromising their organization’s network or assets. Ransomware. ▪ This is why using open source intelligence for security purposes is so important — It gives you an opportunity to find and fix weaknesses in your organization’s network and remove sensitive information before a threat actor uses the same tools and techniques to exploit them.
- 6. 6 Open Source Intelligence - Tools and Techniques ▪ Tools - Excel Spreadsheet ▪ OSINT Framework https://osintframework.com/
- 7. 7 Github Search Kindly create a Github account and try using these commands. ▪ “example.com” API_key ▪ “example.com” secret_key ▪ “example.com” aws_key ▪ “example.com” Password ▪ “example.com” FTP ▪ “example.com” login ▪ “example.com” github_token “Company.com" API_Key Demo
- 8. 8 Google Misconfiguration Use the below script and you can identify the mis configuration in Google groups and sites ● https://groups.google.com/forum/#!overview ● https://sites.google.com/a/company.com Automated script ▪ https://github.com/tutorgeeks/G-Audit
- 9. 9 Website Technologies ● https://www.wappalyzer.com/ ● https://web.archive.org
- 10. 10 Why this is important - Recent incidents Capital One AWS data was compromised by a ex-employer Attunity (Acquired by Qlik) - How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups British Airways faces a $230m fine over a data breach Zomato Data breach – Git Hub account compromised – 2FA was not enabled. Ubuntu maker’s GitHub account hacked
- 11. 11 Reference ▪ https://securitytrails.com/ ▪ https://www.recordedfuture.com/ ▪ https://inteltechniques.com/menu.html
- 12. Thank you!