These slides are from my presentation on OSINT in Null Delhi December 2014 meet

2. • Have you ever wondered how someone sitting miles
away is able to easily penetrate an organization’s
network?
• How someone who has never had legitimate access to
a network can learn more about that organization than
most of its own employees?
• It’s actually pretty easy, given the right skill set and
a lot of patience.
• I know cyberwarfare isn’t a new thing, but it’s still
impressive to think that someone on the other side of
the globe, a few continents away, is able to wreak so
much havoc.
Why OSINT

3. Uncovering Discrimination Refining Delivery
Open Source Intelligence is a form of intelligence
collection management that involves finding, selecting
and acquiring information from publicly available
sources and analysing it to produce actionable
intelligence.

4.  OSINT is not actively used by many
PenTesters
 But, then you get a real Pentest and
you apply everything – Physical
Security, Phishing, OSINT
 And, Sometimes you are not a
PenTester.You are an Investigator.
SoYou Are a
PenTester!!

5. What DoYou Follow?

6. Use Cases
Corporate Security
• Finding Breaches
• Leaked Business Information
• Leaked Credentials
• Rogue Employees
• Finding Malware
Individual Intelligence
Competitive Intelligence
CyberThreat Intelligence
Defence Intelligence

7. Kid Stuff, Right?

9. • EXIF Data Viewers
• Cyberstalking Tools
• Whois, IP Lookup and
Website Analysis
• Geo-LocationTools
• GHDB
• Recorded Future
• Specialized OSINTTools
• Search Engines
• Social Media
• Image,Video and
Multimedia Search
• LanguageTools
• Online Communities
• People, Phone Number
and Company Finder
• Wikis
OSINT Resources

10. OSINTTools - Robtex

11. • Firefox Plugin
• It does not query the domain directly. In fact it looks up all the
public databases for gathering as much information as possible
about the target.
• Passive Recon passively provides whois information, MX records,
DNS information, and other useful data.
• Significantly, due to the passive nature
of Passive Recon, the owner of the
domain you are querying is not alerted.
OSINTTools – PassiveRecon

12. OSINTTools – People Search

13. • www.paterva.com
• Maltego provides you with a graphical interface that makes seeing
these relationships instant and accurate – making it possible to
see hidden connections.
• Java client app, can run local/remote
• Great data analysis capabilities
• Good Integration /API /TAS/TDS
• Entity -> Transform -> Entities
OSINTTools - Maltego

14. GeoStalker
Takes
• Location(Address or Coordinates)
Retrieves Location Data From
• Wigle.net (Wireless DB)
• Instagram
• Twitter
• Foursquare
• Flickr
Provides
• Wireless access-points nearby
• Photos taken at that location
• Social Media accounts of people
who have visited
FBStalker
Takes
• Facebook user profile
Uses Graph Search to Reverse
• Friends
• Likes
• Check-ins
• Comments
Provides
• Social EngineeringTargets
• Associates of those Targets
• Interests, CommonlyVisited
Places
New Developments

15. Information Brokers Big Data AnalyticsTools
Storm and Kafta
Drill and Dremel
R
Gremlin and Giraph
SAP Hana
D3
BackCheck
Infochimps
LexisNexis
Axciom
Choicepoint
Discreet Data
MasterFiles
Intelius
Future Belongs to Big Data

16. http://www.indeed.com/q-Osint-Analyst-jobs.html
http://rr.reuser.biz/
http://www.uk-osint.net/favorites.html
https://sites.google.com/site/greynetwork2/home/osint-resources
http://www.yougetsignal.com/
http://law.lexisnexis.com/infopro/zimmermans/disp.aspx?z=1752
http://www.fso-online.com/home_login.cfm?sid=49170561
http://www.social-
engineer.org/framework/Social_Engineers:_Information_Brokers
Additional Sources

17. Questions/Comments

18. • OSINT is more than gathering flippin data manually
• Know what attackers know about you
• Use OSINT for Corporate Security and BI
• Data brokers are helpful but not controlled
• Big data gives new avenues to OSINT and some
problems too 
Takeaways

19. ThankYou
@Rathaur_Kamal