Let’s hunt the target using OSINT

•Télécharger en tant que PPTX, PDF•

3 j'aime•1,237 vues

This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.

Technologie

Who am I ?
● Chandrapal
● Security Enthusiast
● Founder of Hack with GitHub
● Open Source Developer (@Chan9390)
● GSoC 2017 - Metasploitable 3

Session is targeted to
● Beginners who are interested in Open Source Intelligence.
● For people who want to know what information lies there open on internet.

Agenda
● What is intelligence ?
● What is Open Source Intelligence ?
● Recent trends in OSINT
● OSINT in real life with example (Twitter, Facebook)
● OSINT in pentests (offensive)
● Few Demos

What is Intelligence ?
Wikipedia defines Intelligence as:
One's capacity for logic, understanding, self-awareness, learning, emotional
knowledge, planning, creativity, and problem solving

Types of Intelligence
● Human Intelligence (HUMINT)
● Geospatial Intelligence (GEOINT)
● Signals Intelligence (SIGINT)
● Open-Source Intelligence (OSINT)

Open Source Intelligence
● Art of collecting information which is scattered on publicly available sources
● Open here refers to overt, publicly available sources
● Not completely legal, as it is against the privacy of a person
● Gathering bits to form the big picture
● Depends on sources. Continuously evolving.
● Information sources could be anything not limited to metadata, social media
and blogs

Traditional Methods
● Using search engines Eg: Google, Bing, etc
● News sites Eg: CNN, BBC, etc
● Corporate Websites
● Government Websites
● Blogs

Modern Resources
● Advanced Search Engines
● Social Media sites
● Deepweb/Darkweb
● Automated tools

Recent Trends in OSINT
https://trends.google.com

OSINT in Real life
We use OSINT in everyday life
● Finding download links for Game of Thrones series
● Finding the best looking person
● Knowing about the company before applying for a position
● Knowing your ex’s latest crush :P

Why OSINT has become so important ?
● Humans by nature try to get others attention
● So many post (personal) information on online platforms thinking that only
intended members will look.
● New smartphones have geo-tagging feature enabled by default
● Metadata of those images can give a glimpse of your daily life

Inteltechniques.com Demo - Facebook
https://inteltechniques.com/menu.html

The problem I faced
Hack with GitHub - initiative to showcase open source security tools on GitHub
along with their Author’s twitter handle

How OSINT has helped me ?
80% - @xyz123 - @xyz123
6% - @xyz123 - @_xyz123, @xyz123_, @xyz_123 or @_xyz123_
4% - Check their websites for Twitter handles
2% - Impossible to find
What about the other 8% ?

OSINT in Pentest
● Webapp
○ Wappalyzer
○ RetireJS
● Domain-IP lookup
○ Whois lookup
○ Reverse IP Lookup
● Find if emails were previously pwned
○ HaveIBeenPwned lookup

OSINT in Pentest
● Advanced Search engine searches: site:*.example.org ext:php | ext:txt |
ext:log
● Checking robots.txt
● Advanced search: Wolfram Alpha
● Subdomain enumeration
○ Certificate transparency
○ Shodan
○ Censys

Intrigue - Demo
You can know more about Intrigue at:
https://www.youtube.com/watch?v=kWrdxuFaEVg

References:
● https://github.com/jivoi/awesome-osint
● https://blog.appsecco.com/open-source-intelligence-gathering-101-
d2861d4429e3
● https://www.slideshare.net/SudhanshuChauhan
● http://www.automatingosint.com/blog/
● https://intrigue.io

Contenu connexe

Tendances

Getting started with using the Dark Web for OSINT investigations

Olakanmi Oluwole

OSINT: Open Source Intelligence gathering

Jeremiah Tillman

OSINT

Apurv Singh Gautam

Tools for Open Source Intelligence (OSINT)

Sudhanshu Chauhan

Osint presentation nov 2019

Priyanka Aash

Osint {open source intelligence }

AkshayJha40

OSINT for Proactive Defense - RootConf 2019

RedHunt Labs

OSINT for Attack and Defense

Andrew McNicol

Open source intelligence information gathering (OSINT)

phexcom1

Every investigator needs the skills and knowledge to use OSINT competently in investigations. As online information continues to multiply in volume and complexity, the tools required to find, sift through, authenticate and preserve that information become more and more important for investigators. Failure to master these tools to tap into the rich resources of the web can hamper your investigations. Learn the intricacies of online investigating from an expert in the field. Join Sandra Stibbards, owner and president of Camelot Investigations and a financial fraud investigator, speaker and trainer, for a free webinar on How to Use OSINT in Investigations. Webinar attendees will learn: -How to find information on the hidden web -How to find publicly available information in government and private databases -Dos and don’ts for searching social media effectively -Tips for remaining anonymous while researching investigation subjects -Accessing archived information -How criminals hide, and how to find them

How to Use Open Source Intelligence (OSINT) in Investigations

Case IQ

Open source intelligence

balakumaran779

As per Wiki - Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence. There are lots of other ways to collect information from Public Source which may not provided in this document, This is just an Introductory Document for whose who are beginners and students.

OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...

Falgun Rathod

Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise. Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence. This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.

From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.

Cyber threat intelligence: maturity and metrics

Mark Arena

How to build a cyber threat intelligence program

Mark Arena

Presented at the Ohio Information Security Summit, October 30, 2009. What does the Internet say about your company? Do you know what is being posted by your employees, customers, or your competition? We all know information or intelligence gathering is one of the most important phases of a penetration test. However, gathering information and intelligence about your own company is even more valuable and can help an organization proactively determine the information that may damage your brand, reputation and help mitigate leakage of confidential information. This presentation will cover what the risks are to an organization regarding publicly available open source intelligence. How can your enterprise put an open source intelligence gathering program in place without additional resources or money. What free tools are available for gathering intelligence including how to find your company information on social networks and how metadata can expose potential vulnerabilities about your company and applications. Next, we will explore how to get information you may not want posted about your company removed and how sensitive metadata information you may not be aware of can be removed or limited. Finally, we will discuss how to build a Internet posting policy for your company and why this is more important then ever.

Enterprise Open Source Intelligence Gathering

Tom Eston

From ATT&CKcon 3.0 By Gert-Jan Bruggink, Venation Since it's inception in 2015, the ATT&CK framework has achieved widespread adoption, with recent studies suggesting over 80 percent of companies using the framework for cyber security. Over the last seven years, a variety of use cases has been explored with different measures of success. In this presentation, Gert-Jan will explore applying the ATT&CK framework in scenario-based defense. When adopting a scenario approach, security teams collaborate to fuse their understanding of certain situations into scenarios. For example, addressing different hypotheses that can be explained to leadership and specialist teams alike. This approach requires more than "just" breaking down everything into tactics, techniques, and procedures. Some stakeholders might not understand that. For example, some might want to tell a good story about adversaries while others want to translate their understanding of intrusions into a sequential pattern. The objective of this talk is to explore how the granularity of the framework supports creation of scenarios, the limitations in the current approach to ATT&CK when building scenarios across different stakeholders, and addressing potential areas the "language of ATT&CK" can evolve towards over the next 5 years.

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

MITRE ATT&CK

What is Open Source Intelligence (OSINT)

Molfar

OSINT Social Media Techniques - Macau social mediat lc

Cyber Threat Intelligence Network

With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program. This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

MITRE - ATT&CKcon

Tendances (20)

Getting started with using the Dark Web for OSINT investigations

OSINT: Open Source Intelligence gathering

OSINT

Tools for Open Source Intelligence (OSINT)

Osint presentation nov 2019

Osint {open source intelligence }

OSINT for Proactive Defense - RootConf 2019

OSINT for Attack and Defense

Open source intelligence information gathering (OSINT)

How to Use Open Source Intelligence (OSINT) in Investigations

Open source intelligence

OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...

Global Cyber Threat Intelligence

Cyber threat intelligence: maturity and metrics

How to build a cyber threat intelligence program

Enterprise Open Source Intelligence Gathering

ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK

What is Open Source Intelligence (OSINT)

OSINT Social Media Techniques - Macau social mediat lc

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

Similaire à Let’s hunt the target using OSINT

OSINT - Open Soure Intelligence - Webinar on CyberSecurity

Mohammed Adam

OSINT mindset to protect your organization - Null monthly meet version

Chandrapal Badshah

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe also maintains his own Blog and Podcast called Advanced Persistent Security. In his spare time, Joe enjoys reading news relevant to information security, attending information security conferences, contributing blogs to various outlets, bass fishing, and flying his drone.

Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...

EC-Council

Blackmagic Open Source Intelligence OSINT

Sudhanshu Chauhan

Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organizations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. All recent hacks are related to internal source code disclosure, API keys leakage, known vulnerability in third party plugin, data dump leaks etc. Based on experience and robust research in this domain, for this talk the speakers have created a tool which will help all kind of organizations to monitor cyberspace effectively without much investment. This tool is simple but an effective solution which is capable of hearing digital whispers which are usually missed or ignored but shouldn’t be.

OSINT Black Magic: Listen who whispers your name in the dark!!!

Nutan Kumar Panda

The past decade or so has seen such rapid advances in supervised deep learning and neural networks that those areas, and machine learning more generally, have become almost synonymous with AI especially in popular media. However, there are other broad areas of research that have fed into AI historically and continue to be important today. In this talk, Red Hat’s Gordon Haff will place machine learning within this set of broader science and engineering specialties that include cognitive psychology, control theory, linguistics, and human factors. The goal is to provide attendees with a broader context for both learning and applying cross-disciplinary fields of study to their AI-related work.

Artificial Intelligence: Beyond Machine Learning

Gordon Haff

CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx

CapitolTechU

OpenSourceIntelligence-OSINT.pptx

anonymousanonymous428352

Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019. When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.

DECEPTICONv2

👀 Joe Gray

Social engineering

Robert Hood

Carl Miller

MRS

Nycon social media nyfa presentation

Andrew Marietta

Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools

Mike Kujawski

Social Web 2014: Final Presentations (Part I)

Lora Aroyo

Osint ashish mistry

n|u - The Open Security Community

Generative AI How It's Changing Our World and What It Means for You_final.pdf

Diego López-de-Ipiña González-de-Artaza

As design leaders we must enable our teams with skills and knowledge to take on the new and exciting opportunities that building powerful AI systems bring. Dynamic systems require transparency regarding data provenance, bias, training methods, and more, to gain user’s trust. Carol will cover these topics and challenge us as design leaders, to represent our fellow humans by provoking conversations regarding critical ethical and safety needs. Presented at dmi:Design Leadership Conference in Boston in October 2018.

Designing AI for Humanity at dmi:Design Leadership Conference in Boston

Carol Smith

Curating Social Media Data And Compiling Them Together

Pitra Satvika

03 dllo davidlafontaine

Ministerio TIC Colombia

I had a pleasure to teach conversation design at Lviv Data Science Summer School. We’ve discussed architectural approaches, covered semantic funnels and goal-oriented conversations. This presentation was used as a support material and I decided to share it with a wider audience. There are multiple articles introducing chatbots as a concept, including the main architectural principles behind. I’m not going to talk about them here, but rather I am presenting the anatomy of conversation and useful resources to get started with design and development: links to platforms, dialog engines, prototyping tools, connectors, intent recognition, and conversation analytics tools.

Let's Talk: fundamentals of conversational design

Nikita Lukianets

Similaire à Let’s hunt the target using OSINT (20)

OSINT - Open Soure Intelligence - Webinar on CyberSecurity

OSINT mindset to protect your organization - Null monthly meet version

Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...

Blackmagic Open Source Intelligence OSINT

OSINT Black Magic: Listen who whispers your name in the dark!!!

Artificial Intelligence: Beyond Machine Learning

CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx

OpenSourceIntelligence-OSINT.pptx

DECEPTICONv2

Social engineering

Carl Miller

Nycon social media nyfa presentation

Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools

Social Web 2014: Final Presentations (Part I)

Osint ashish mistry

Generative AI How It's Changing Our World and What It Means for You_final.pdf

Designing AI for Humanity at dmi:Design Leadership Conference in Boston

Curating Social Media Data And Compiling Them Together

03 dllo davidlafontaine

Let's Talk: fundamentals of conversational design

Plus de Chandrapal Badshah

Dangling DNS records takeover at scale

Chandrapal Badshah

Detecting secrets in code committed to gitlab (in real time)

Chandrapal Badshah

How to get started in InfoSec ?

Chandrapal Badshah

OSINT Mindset to protect your Organization

Chandrapal Badshah

Solving OWASP MSTG CrackMe using Frida

Chandrapal Badshah

OWASP Serverless Top 10

Chandrapal Badshah

Pentesting Android Apps using Frida (Beginners)

Chandrapal Badshah

pwnd.sh

Chandrapal Badshah

Web Application Firewall

Chandrapal Badshah

Netcat - A Swiss Army Tool

Chandrapal Badshah

Plus de Chandrapal Badshah (10)

Dangling DNS records takeover at scale

Detecting secrets in code committed to gitlab (in real time)

How to get started in InfoSec ?

OSINT Mindset to protect your Organization

Solving OWASP MSTG CrackMe using Frida

OWASP Serverless Top 10

Pentesting Android Apps using Frida (Beginners)

pwnd.sh

Web Application Firewall

Netcat - A Swiss Army Tool

Dernier

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Developing An App To Navigate The Roads of Brazil

V3cube

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Real Time Object Detection Using Open CV

Khem

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Histor y of HAM Radio presentation slide

vu2urc

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher

Handwritten Text Recognition for manuscripts and early printed texts

AWS Community Day CPH - Three problems of Terraform

Developing An App To Navigate The Roads of Brazil

Apidays New York 2024 - The value of a flexible API Management solution for O...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Automating Google Workspace (GWS) & more with Apps Script

Data Cloud, More than a CDP by Matt Robison

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Real Time Object Detection Using Open CV

What Are The Drone Anti-jamming Systems Technology?

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Finology Group – Insurtech Innovation Award 2024

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Tech Trends Report 2024 Future Today Institute.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Histor y of HAM Radio presentation slide

Let’s hunt the target using OSINT

1. Let’s Hunt the Target using OSINT

2. Who am I ? ● Chandrapal ● Security Enthusiast ● Founder of Hack with GitHub ● Open Source Developer (@Chan9390) ● GSoC 2017 - Metasploitable 3

3. Session is targeted to ● Beginners who are interested in Open Source Intelligence. ● For people who want to know what information lies there open on internet.

4. Agenda ● What is intelligence ? ● What is Open Source Intelligence ? ● Recent trends in OSINT ● OSINT in real life with example (Twitter, Facebook) ● OSINT in pentests (offensive) ● Few Demos

5. What is Intelligence ?

6. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving

7. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information

8. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information

9. Types of Intelligence ● Human Intelligence (HUMINT) ● Geospatial Intelligence (GEOINT) ● Signals Intelligence (SIGINT) ● Open-Source Intelligence (OSINT)

10. Open Source Intelligence ● Art of collecting information which is scattered on publicly available sources ● Open here refers to overt, publicly available sources ● Not completely legal, as it is against the privacy of a person ● Gathering bits to form the big picture ● Depends on sources. Continuously evolving. ● Information sources could be anything not limited to metadata, social media and blogs

11. Traditional Methods ● Using search engines Eg: Google, Bing, etc ● News sites Eg: CNN, BBC, etc ● Corporate Websites ● Government Websites ● Blogs

12. Modern Resources ● Advanced Search Engines ● Social Media sites ● Deepweb/Darkweb ● Automated tools

13. Recent Trends in OSINT https://trends.google.com

14. OSINT tools

15. OSINT in Real life We use OSINT in everyday life ● Finding download links for Game of Thrones series ● Finding the best looking person ● Knowing about the company before applying for a position ● Knowing your ex’s latest crush :P

16. Why OSINT has become so important ? ● Humans by nature try to get others attention ● So many post (personal) information on online platforms thinking that only intended members will look. ● New smartphones have geo-tagging feature enabled by default ● Metadata of those images can give a glimpse of your daily life

17. What can you figure out from this ?

18. Car License

19. Bank and Bank Account

20. Credit card and DOB

21. Mobile No, Phone Model, much more

22. tinfoleak Demo - Twitter

23. Inteltechniques.com Demo - Facebook https://inteltechniques.com/menu.html

24. The problem I faced Hack with GitHub - initiative to showcase open source security tools on GitHub along with their Author’s twitter handle

25. How OSINT has helped me ? 80% - @xyz123 - @xyz123 6% - @xyz123 - @_xyz123, @xyz123_, @xyz_123 or @_xyz123_ 4% - Check their websites for Twitter handles 2% - Impossible to find What about the other 8% ?

26. How OSINT has helped me ? 3% - Check the links on Twitter. People generally brag about their tools. 2% - Same profile pictures. Use reverse image (https://tineye.com/) 3% - Git log - Email OSINT

27. OSINT in Pentest ● Webapp ○ Wappalyzer ○ RetireJS ● Domain-IP lookup ○ Whois lookup ○ Reverse IP Lookup ● Find if emails were previously pwned ○ HaveIBeenPwned lookup

28. OSINT in Pentest ● Advanced Search engine searches: site:*.example.org ext:php | ext:txt | ext:log ● Checking robots.txt ● Advanced search: Wolfram Alpha ● Subdomain enumeration ○ Certificate transparency ○ Shodan ○ Censys

29. Examples

30. Intrigue - Demo You can know more about Intrigue at: https://www.youtube.com/watch?v=kWrdxuFaEVg

31. espi0n - Coming Soon !

32. Any Questions ?

33. References: ● https://github.com/jivoi/awesome-osint ● https://blog.appsecco.com/open-source-intelligence-gathering-101- d2861d4429e3 ● https://www.slideshare.net/SudhanshuChauhan ● http://www.automatingosint.com/blog/ ● https://intrigue.io

Notes de l'éditeur

HUMINT - intelligence gathered by means of interpersonal contact GEOINT - analysis of imagery and geospatial information to gather information SIGINT - intelligence-gathering by interception of signals
WhoIS - query and response protocol that queries DB that stores the details of the registerd domains
Certificate transparency - https://transparencyreport.google.com/https/certificates

Let’s hunt the target using OSINT

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Let’s hunt the target using OSINT

Similaire à Let’s hunt the target using OSINT (20)

Plus de Chandrapal Badshah

Plus de Chandrapal Badshah (10)

Dernier

Dernier (20)

Let’s hunt the target using OSINT

Notes de l'éditeur