OSINT: Open Source Intelligence gathering 101
Slides from my talk on OSINT. I listed examples in the slides about tools, legal methods for both online and physical information security reconnaissance.
2. WHAT IS OSINT?
OSINT stands for Open Source INTelligence
According to The U.S. Department of Defense (DoD), OSINT is "produced from publicly available
information that is collected, exploited, and disseminated in a timely manner to an appropriate audience
for the purpose of addressing a specific intelligence requirement.
These methods allow for legal collection and analysis of individuals and organizations.
OSINT gathering is the widely accepted first step in both security testing and penetration or hacking.
3. WHERE TO FIND OPEN SOURCE INTELLIGENCE?
Physical Media: magazine archives, printed
newspapers, radio recordings
Public Government Data: (applicable to all
levels of government) gov’t reports, FOIA,
directories of contacts
Internet media: social media, blogs, Youtube
Commercial sources: software APIs, Open CV
Google Patent Search
Unsecured or open directories
4. BENEFITS OF OSINT
For Individuals
Verify information prior to blind dates or
online dating sites
Crime and safety information
Travel safety
New or recently enacted ordinances & laws
For Professionals
Emerging technologies
Due diligence on potential vendors
Ensuring culture fit with potential hires
Competitor markets
Verified consumer contact information
5. TOOLS AND FRAMEWORKS TO IMPLEMENT OSINT
Online
osintframework.com
Shodan
Natural language & geek language on search
engines
Operation Systems
Security focused Linux Operation Systems
Open source Chromium
Locally run scripts from sites like github.com
6. UNCONVENTIONAL METHODS OF OSINT
Public Libraries
Hold newspaper & magazine archives
Free Access to commercial contact data sites
like reference USA
Free access to academic journals and abstracts
Form an LLC or Unaccredited University
Allowed to collect data within reason
Free access to certain services for free with a
.edu email address
Provide analysis services in exchange for
submitted data: see data.com’s old business
model