Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Blackmagic Open Source Intelligence OSINT

1 110 vues

Publié le

Open Source Intelligence

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Blackmagic Open Source Intelligence OSINT

  1. 1. Listen who whispers your name in the dark!!! OSINT Black Magic:
  2. 2. A Man needs a Name Nutan Kumar Panda (@TheOsintGuy) InfoSec Engineer eBay.inc OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/nkpanda Real World Existence: Gamer, Rider, Keyboard Player
  3. 3. A Man needs a Name Sudhanshu Chauhan(@Sudhanshu_c) Director OctoGence Technologies OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/SudhanshuC Real World Existence: Avid reader, Cook, traveler
  4. 4. • What is OSINT? • Why OSINT? • Why this weird title? • What is the biggest problem an organization faces? • Some recent hacks • What are the solution available? • Where our solution stands? • Demo • What else can be done with our solution? • Q/A
  5. 5. Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
  6. 6. • Internet is not limited to Google Searches. • Not even limited to search engines, social media and blogs • Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms. • Basic recon usually ignored during security assessments. • If you SECRET is out there in the open, someone WILL find it. • It's just data until you leverage it to create intelligence.
  7. 7. • Tools/Techniques which are seldom used and are not talked about much. • Methods used are not new but effective to hear the digital whispers those are generally missed or ignored (but shouldn’t be).
  8. 8. Sensitive Information Hard coded keys in Github Credential leaks in Pastebin 0-days sold in darknet Hack info in micro blog Corporate email credentials Open Bugs or ports
  9. 9. • Commercial tools that are good but expensive for small organizations. • Open source tools but solving individual issues. • A team of experts for internet monitoring.
  10. 10. • Integrating all open source solutions/freeware solutions into one place. • Categorized menu for all the essential steps of the process. • Adding futuristic solutions to make use of technology not just to monitor real time but to make it as sophisticated alarming system. • Our own ideas and scripts which will help it enhancing the already available solution or the new one to work differently.
  11. 11. There are endless possibilities, even we are yet to explore its limits. Any Suggestions?
  12. 12. • Raghav Bisht- Configuration and Setup • Shubham Mittal- Twitter Monitor and suggestions • Laura Rokita- Get Tweet • Tim Tomes- Recon-ng • Troy Hunt- HIBP And to the whole open source community
  13. 13. • http://orig03.deviantart.net/919e/f/2012/252/a/7/black_magic_dive_by_firefrank- d5e6pst.jpg • http://www.lovesamrat.com/images/black1.jpg • http://www.zdnet.com/article/stolen-us-government-passwords-leaked-across-web/ • http://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are- growing-cause-concern/analysis/2015/01/05 • http://thehackernews.com/2015/02/mongodb-database-hacking.html • http://spellshelp.com/upload/medialibrary/e0b/e0b3bd034aaea1136c9de5f97a364d9d.jpg • http://www.bestastrosolution.com/images/BlackMagic.jpg
  14. 14. Thank You THE END