SlideShare une entreprise Scribd logo
1  sur  64
Enterprise Open Source
Intelligence Gathering
Tom Eston
Open source intelligence (OSINT) is a form
of intelligence collection management...
Open source intelligence (OSINT) is a form
of intelligence collection management...


...involves finding, selecting, and acquiring information
from publicly available sources and analyzing it
                     to produce actionable intelligence.

                                            - wikipedia
What do the Internets say?
18% had a data
loss event via blog
       or message
           board...



    - Proofpoint, Inc. 2009 Survey
18% had a data
loss event via blog
       or message
           board...


  11% in 2008
    - Proofpoint, Inc. 2009 Survey
17%
experienced
data loss
related to social
networks...

- Proofpoint, Inc. 2009 Survey
17%
experienced
data loss
related to social
networks...
12 % in 2008
- Proofpoint, Inc. 2009 Survey
“A brand is the
personification of a product,
service, or even entire company.”
        - Robert Blanchard, former P&G executive
5 things you will learn
• What is out there on your company?
• Metadata
• Removal of Internet postings, metadata
• Setting up a simple (cheap) monitoring
  program
• Building a Internet Posting Policy
What gets posted?

• Customer and Employee Complaints
• Exposure of Confidential Information
• Security Vulnerabilities
Customer Complaints
Employee Complaints
FAIL
Exposure of Confidential
     Information
What about
Vulnerabilities?
Things you wouldn't
     expect...
Where does this
information get posted?
       ...and how to find it!
Social Networks
300 Million Users

110 Million Users

40 Million Users

Grew 752% in 2008
Finding Information on
   Social Networks
• Socnet Search Engines
• Maltego (Twitter/Facebook)
• RSS feeds/Google Hacks
 • Google Alerts + Google Reader = WIN
• Manual Searching
 • Facebook status updates
Socnet Search Engines
•   Wink, Spock, Twoogle, Knowem, WhosTalkin
    (there are many more, see my blog post)
•   Twitter Search
•   Social Bookmark Sites
    •   Delicious, StumbleUpon
•   Don’t forget about photos/video!
    •   Flickr Photo Search
    •   YouTube and Vimeo Video Search
Maltego + Mesh = WIN




*Screen shot from the “Maltego and Twitter!” post on paterva.com
Searching Facebook
•   Good: Maltego Facebook Transform (violates TOS)
    ** No longer working! :-(
•   Better: Login and use the search! FB doesn’t make status
    updates public...yet.
•   Best:
    site:facebook.com inurl:group (bofa | "bank of america") =
    Groups
    •   inurl:pages = Facebook Pages
    •   allinurl: people "John Doe" site:facebook.com = Public Profiles
    •   Yahoo! Pipe for Facebook Groups:
        Facebook Discussion Board RSS Feed
    •   Create Google Alert(s)
Searching LinkedIn
• Similar to Facebook
• Google dorks
 • site:linkedin.com inurl:pub (bofa | "bank
    of america") = Public Profiles
  • inurl:updates = Profile Updates
  • inurl:companies = Company Profiles
Blogs and News

• Blogpulse, Technoratti, IceRocket
• Social Mention
  (Search Engine for blogs, comments)
• Google/Yahoo News
Document Repositories

• DocStoc
• Scribd
• SlideShare
• PDF Search
  Engine
Message Boards
• Internet Forums (yes, even 4chan)
• Craigslist
• Full Disclosure Mailing List (vulnerabilities)
• Google Groups/Yahoo Groups
All your metadata are
    belong to us...
What is Metadata?

• Metadata = Data that describes Data
• Catalog, index files, documents and more
• Often overlooked by:
 • Document/File Creators
 • Your Company
Why do we care?
• Can expose potential vulnerable software/
  hardware in use! (client side attack)
 • OS and version numbers
• Location information (GPS from
  smartphones)
• User names, naming schemes, file paths
Where do you find it?

• Microsoft Office Documents
• PDF
• JPEG’s (photos)
• Other file types
Metadata is everywhere!
How do you find it?

• Google
• Document Repositories
• Wget to download photos
  (many other tools)
• Your Company Website
Tools to analyze
         Metadata
• EXIFtool (cmd line or GUI)
• Maltego
• Metagoofil
• Metadata Extraction Tool
• FOCA
Real World Example
Removing Internet
Postings and Metadata
Removing posts from
    the Internet
• Hard, but not impossible.
  Search Engine Cache FTL
• Submit request to Search Engines to
  remove (there are multiple)
• Legal team involvement, especially w/
  socnets
Metadata Removal
      Techniques
• MS Office Documents
 • Office 2002/03: CMD Line app “Remove
    Hidden Data” (Offrhd.exe)
 • Office 2007: Document Inspector
• EXIFtool (photos)
 • Can be scripted to auto remove
Metadata Removal
     Continued...

• PDFs: File -> Document Properties
• EXIFtool
• Many third-party tools! ($)
Setting up a monitoring
        program
What do you want to
     monitor?
• Impossible to monitor everything!
• Pick the most popular social networks,
  news sites, blogs, forums...
• Monitoring should be defined with your
  PR/Marketing groups!
Free Tools
• Yahoo! Pipes (mashups)
• RSS Feeds/RSS Reader
  Google Reader FTW
• Maltego (community version)
  Good for defining relationships, not
  automated
 • Maltego for specific searching when you
    need “more details”
Yahoo! Pipes
Google Reader RSS
What works best?
    • Assign someone! (someone in infosec,
      social media skill sets)
    • Create RSS Feeds from identified sites
    • Utilize Yahoo! Pipes, create RSS from pipes
    • Monitor w/Google Reader
    • Sites you can’t monitor
      automatically...determine manual methods.

Build this into your Incident Response Procedures!
Building a Internet
  Posting Policy
Define your Social
    Media Strategy
• Partner with Marketing/Public Relations/HR
• What is acceptable for employees to post?
• At work/off work
 • Employees have mobile devices, home
    computers!
Define what gets
       monitored?
• Difficult or impossible to monitor
  everything
• Determine with your partners what should
  be monitored
• Careful with policy conflicts!
Cisco Example
Intel Example
Communicate to your
    employees!
How can you enforce a policy if employees don’t know
                     about it?
Where to learn more?

• Great paper on Metadata
  (SANS Reading Room):
  “Document Metadata, the Silent
  Killer” - Larry Pesce
• Maltego Tutorials:
  Chris Gates, EthicalHacker.net
• My blog: spylogic.net
OSINT 3 Part Series
• All the details from this presentation!
• Part 1 - Social Networks
  http://bit.ly/osint1
• Part 2 - Blogs, Message Boards, Metadata
  http://bit.ly/osint2
• Part 3 - Monitoring, Social Media Policies
  http://bit.ly/osint3
Enterprise Open Source Intelligence Gathering

Contenu connexe

Tendances

Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 

Tendances (20)

Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Tor Network
Tor NetworkTor Network
Tor Network
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 

Similaire à Enterprise Open Source Intelligence Gathering

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Deep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia HetheringtonDeep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia HetheringtonCase IQ
 
Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & AnalysisScott Sanders
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysisikanow
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisOpen Analytics
 
Creating & managing your scholarly web presence
Creating & managing your scholarly web presenceCreating & managing your scholarly web presence
Creating & managing your scholarly web presenceRebecca Kate Miller
 
Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Fishtank
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
Competitive intelligence for sourcers gutmacher-TA Week 2021
Competitive intelligence for sourcers gutmacher-TA Week 2021Competitive intelligence for sourcers gutmacher-TA Week 2021
Competitive intelligence for sourcers gutmacher-TA Week 2021Glenn Gutmacher
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Online navigation Module 3 lesson.pptx
Online navigation Module 3 lesson.pptxOnline navigation Module 3 lesson.pptx
Online navigation Module 3 lesson.pptxmakoycampos
 

Similaire à Enterprise Open Source Intelligence Gathering (20)

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Social Media Dataset
Social Media DatasetSocial Media Dataset
Social Media Dataset
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More Brains
 
Deep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia HetheringtonDeep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia Hetherington
 
Social Media Data Collection & Analysis
Social Media Data Collection & AnalysisSocial Media Data Collection & Analysis
Social Media Data Collection & Analysis
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
Open Source Intelligence
Open Source IntelligenceOpen Source Intelligence
Open Source Intelligence
 
Creating & managing your scholarly web presence
Creating & managing your scholarly web presenceCreating & managing your scholarly web presence
Creating & managing your scholarly web presence
 
Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
Competitive intelligence for sourcers gutmacher-TA Week 2021
Competitive intelligence for sourcers gutmacher-TA Week 2021Competitive intelligence for sourcers gutmacher-TA Week 2021
Competitive intelligence for sourcers gutmacher-TA Week 2021
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
Online navigation Module 3 lesson.pptx
Online navigation Module 3 lesson.pptxOnline navigation Module 3 lesson.pptx
Online navigation Module 3 lesson.pptx
 

Plus de Tom Eston

Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Tom Eston
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown Tom Eston
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredTom Eston
 
Staying Safe & Secure on Twitter
Staying Safe & Secure on TwitterStaying Safe & Secure on Twitter
Staying Safe & Secure on TwitterTom Eston
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-MiddleTom Eston
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsTom Eston
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With MaltegoTom Eston
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyTom Eston
 

Plus de Tom Eston (17)

Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
 
Staying Safe & Secure on Twitter
Staying Safe & Secure on TwitterStaying Safe & Secure on Twitter
Staying Safe & Secure on Twitter
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-Middle
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network Bots
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With Maltego
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safely
 

Dernier

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Dernier (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 

Enterprise Open Source Intelligence Gathering

  • 2. Open source intelligence (OSINT) is a form of intelligence collection management...
  • 3. Open source intelligence (OSINT) is a form of intelligence collection management... ...involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. - wikipedia
  • 4. What do the Internets say?
  • 5. 18% had a data loss event via blog or message board... - Proofpoint, Inc. 2009 Survey
  • 6. 18% had a data loss event via blog or message board... 11% in 2008 - Proofpoint, Inc. 2009 Survey
  • 7. 17% experienced data loss related to social networks... - Proofpoint, Inc. 2009 Survey
  • 8. 17% experienced data loss related to social networks... 12 % in 2008 - Proofpoint, Inc. 2009 Survey
  • 9. “A brand is the personification of a product, service, or even entire company.” - Robert Blanchard, former P&G executive
  • 10. 5 things you will learn • What is out there on your company? • Metadata • Removal of Internet postings, metadata • Setting up a simple (cheap) monitoring program • Building a Internet Posting Policy
  • 11. What gets posted? • Customer and Employee Complaints • Exposure of Confidential Information • Security Vulnerabilities
  • 14.
  • 15.
  • 16.
  • 17. FAIL
  • 20.
  • 21.
  • 22.
  • 23. Things you wouldn't expect...
  • 24.
  • 25. Where does this information get posted? ...and how to find it!
  • 27. 300 Million Users 110 Million Users 40 Million Users Grew 752% in 2008
  • 28. Finding Information on Social Networks • Socnet Search Engines • Maltego (Twitter/Facebook) • RSS feeds/Google Hacks • Google Alerts + Google Reader = WIN • Manual Searching • Facebook status updates
  • 29. Socnet Search Engines • Wink, Spock, Twoogle, Knowem, WhosTalkin (there are many more, see my blog post) • Twitter Search • Social Bookmark Sites • Delicious, StumbleUpon • Don’t forget about photos/video! • Flickr Photo Search • YouTube and Vimeo Video Search
  • 30. Maltego + Mesh = WIN *Screen shot from the “Maltego and Twitter!” post on paterva.com
  • 31. Searching Facebook • Good: Maltego Facebook Transform (violates TOS) ** No longer working! :-( • Better: Login and use the search! FB doesn’t make status updates public...yet. • Best: site:facebook.com inurl:group (bofa | "bank of america") = Groups • inurl:pages = Facebook Pages • allinurl: people "John Doe" site:facebook.com = Public Profiles • Yahoo! Pipe for Facebook Groups: Facebook Discussion Board RSS Feed • Create Google Alert(s)
  • 32. Searching LinkedIn • Similar to Facebook • Google dorks • site:linkedin.com inurl:pub (bofa | "bank of america") = Public Profiles • inurl:updates = Profile Updates • inurl:companies = Company Profiles
  • 33. Blogs and News • Blogpulse, Technoratti, IceRocket • Social Mention (Search Engine for blogs, comments) • Google/Yahoo News
  • 34. Document Repositories • DocStoc • Scribd • SlideShare • PDF Search Engine
  • 35. Message Boards • Internet Forums (yes, even 4chan) • Craigslist • Full Disclosure Mailing List (vulnerabilities) • Google Groups/Yahoo Groups
  • 36. All your metadata are belong to us...
  • 37. What is Metadata? • Metadata = Data that describes Data • Catalog, index files, documents and more • Often overlooked by: • Document/File Creators • Your Company
  • 38. Why do we care? • Can expose potential vulnerable software/ hardware in use! (client side attack) • OS and version numbers • Location information (GPS from smartphones) • User names, naming schemes, file paths
  • 39. Where do you find it? • Microsoft Office Documents • PDF • JPEG’s (photos) • Other file types
  • 41. How do you find it? • Google • Document Repositories • Wget to download photos (many other tools) • Your Company Website
  • 42. Tools to analyze Metadata • EXIFtool (cmd line or GUI) • Maltego • Metagoofil • Metadata Extraction Tool • FOCA
  • 44.
  • 45.
  • 47. Removing posts from the Internet • Hard, but not impossible. Search Engine Cache FTL • Submit request to Search Engines to remove (there are multiple) • Legal team involvement, especially w/ socnets
  • 48. Metadata Removal Techniques • MS Office Documents • Office 2002/03: CMD Line app “Remove Hidden Data” (Offrhd.exe) • Office 2007: Document Inspector • EXIFtool (photos) • Can be scripted to auto remove
  • 49. Metadata Removal Continued... • PDFs: File -> Document Properties • EXIFtool • Many third-party tools! ($)
  • 50. Setting up a monitoring program
  • 51. What do you want to monitor? • Impossible to monitor everything! • Pick the most popular social networks, news sites, blogs, forums... • Monitoring should be defined with your PR/Marketing groups!
  • 52. Free Tools • Yahoo! Pipes (mashups) • RSS Feeds/RSS Reader Google Reader FTW • Maltego (community version) Good for defining relationships, not automated • Maltego for specific searching when you need “more details”
  • 55. What works best? • Assign someone! (someone in infosec, social media skill sets) • Create RSS Feeds from identified sites • Utilize Yahoo! Pipes, create RSS from pipes • Monitor w/Google Reader • Sites you can’t monitor automatically...determine manual methods. Build this into your Incident Response Procedures!
  • 56. Building a Internet Posting Policy
  • 57. Define your Social Media Strategy • Partner with Marketing/Public Relations/HR • What is acceptable for employees to post? • At work/off work • Employees have mobile devices, home computers!
  • 58. Define what gets monitored? • Difficult or impossible to monitor everything • Determine with your partners what should be monitored • Careful with policy conflicts!
  • 61. Communicate to your employees! How can you enforce a policy if employees don’t know about it?
  • 62. Where to learn more? • Great paper on Metadata (SANS Reading Room): “Document Metadata, the Silent Killer” - Larry Pesce • Maltego Tutorials: Chris Gates, EthicalHacker.net • My blog: spylogic.net
  • 63. OSINT 3 Part Series • All the details from this presentation! • Part 1 - Social Networks http://bit.ly/osint1 • Part 2 - Blogs, Message Boards, Metadata http://bit.ly/osint2 • Part 3 - Monitoring, Social Media Policies http://bit.ly/osint3

Notes de l'éditeur

  1. How many of us as security professionals think of reputational issues in regards to the company brand?