osint open source intelligence osint
play

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami - PowerPoint PPT Presentation

Nov 11, 2023 •277 likes •454 views

OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1 Whoami Adam Nurudini CEH, ITIL V3, CCNA, CCNP, CASP, PCI-DSS, BSC-IT Lead Security Researcher @ Netwatch Technologies Project Consultant, Information Security Architects Ltd

  1. OSINT OPEN-SOURCE INTELLIGENCE OSINT Offensive OSINT * 1

  2. Whoami • Adam Nurudini CEH, ITIL V3, CCNA, CCNP, CASP, PCI-DSS, BSC-IT Lead Security Researcher @ Netwatch Technologies Project Consultant, Information Security Architects Ltd Member, Cybersecurity Resilience Service Team Web Application Penetration Tester President – GIMPA School Of Technology Student Association * 2

  3. DISCLAIMER Any Views or opinions presented in this presentation are solely mine and do not necessarily represent my employer. ▪ I am not a lawyer or giving you legal advice ▪ I am not giving you permission or authorizing you to do anything ever. ▪ In fact don't do anything ever . * 3

  4. * 4

  5. TakeAway s • What is OSINT • Collect data indirectly without knowing other information • Collect data about servers, location, operating systems, etc. • Threat intelligence for your organization • Data gathering that could protect you and your company • Skills of GHDB • Shodan methods and operations • OSINT using free tools only * 5

  6. OSINT Open-Source Intelligence (OSINT) is intelligence collected from public available sources “ Open ” refers overt, public available sources (as opposed to covert sources) Its not related to open-source software or public intelligence This information comes from a variety of sources, including the social media pages of your company and staff. These can be a goldmine of information, revealing information such as the design of ID badges, layout of the buildings and software used on internal systems. Source: https://en.wikipedia.org/wiki/Open-source_intelligence * 6

  7. Open-Source Intelligence (OSINT) Fields and Sectors where OSINT is mostly required. Government, Finance, Telecom, Critical Infrastructure, Cyber Security Advisory Firms, Cyber Threat Intelligence Teams, Law, Cyber Forensic Teams and etc. TYPES OF OSINT From Security perspective we can separate OSINT into: • Offensive: Gathering information before an attack • Defensive: Learning about attacks against the company. The OSINT gives opportunities to both the defender and attacker; you can learn the weakness of a company and fix it while at the same time the weakness could be exploited. * 7

  8. The OSINT Process * 8

  9. OSINT - What information to look 1. Technology infrastructure IP, Hostname, Services, Networks, Software / hardware versions and OS information, Geo-location and Network diagrams. 2. Database Documents, papers, presentations, spreadsheets and configuration files 3. Metadata Email and employee search (name and other personal information) * 9

  10. Offensive OSINT – End goals The information above can lead to the following cyber attacks: Social Engineering 1. Denial of Service 2. Password brute force attacks 3. Target infiltration 4. User accounts take over 5. Identity theft 6. Data theft 7. * 10

  11. Brace your self demo is starting Everybody is interested in something * 11

  12. Offensive OSINT – Resources and tools 1. OSINT Search Engines Attackers rely on these OSINT search engines to conduct passive reconnaissance. • Google - https://google.com • Shodan - https://shodan.io • Censys - https://censys.io • Fofa - https://fofa.so • Dogpile - http://www.dogpile.com • Archives - https://archive.org/ * 12

  13. Offensive OSINT – Resources and tools 2. Email Harvesting Harvesting email address is an OSINT technique that gives attackers more information to conduct attacks such as password stuffing and social engineering attacks. Theharvester https://github.com/laramies/theHarvester Prowl https://github.com/nettitude/prowl Haveibeenpawned - https://haveibeenpwned.com/ * 13

  14. Offensive OSINT – Resources and tools 3. Google Hacking Database (GHDB) The GHDB is an index of search queries (we call them dorks) used to find publicly available information. Dorks - https://www.exploit-db.com * 14

  15. Offensive OSINT – Resources and tools 3. DNS / Subdomain Enumeration Subdomain enumeration is the process of finding valid (resolvable) subdomains for one or more domain(s). Having unsecured subdomain can lead to serious risk to your business. Tools for subdomain enumeration Aquatone - https://github.com/michenriksen/aquatone Sublister - https://github.com/aboul3la/Sublist3r DNS dumpster - https://dnsdumpster.com/ Facebook - https://developers.facebook.com/tools/ct * 15

  16. OSINT is important and still gets overlooked by attackers and defenders I hope that you found this talk useful References https://www.slideshare.net https://resources.infosecinstitute.com https://google.com https://www.exploit-db.com https://www.wikipedia.org/ * 16

  17. Thank You Questions & Answers Lets connect Twitter: @ Bra__Qwesi Email: adam.nurudini@st.gimpa.edu.gh * 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OSINT tools for security auditing Open Source Intelligence with python tools Jos Manuel Ortega

OSINT tools for security auditing Open Source Intelligence with python tools Jos Manuel Ortega

OSINT tools for security auditing Open Source Intelligence with python tools Jos Manuel Ortega @jmortegac http://jmortega.github.io https://github.com/jmortega/osint_tools_security_auditing Agenda OSINT introduction Server

743 views • 62 slides
Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) Benjamin Brown Akamai

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) Benjamin Brown Akamai

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) Benjamin Brown Akamai Technologies Security Architecture * Law Enforcement Engagement * Systems Safety * Threat Intelligence * Security Research - Novel Attack

1.76k views • 140 slides
My User-experience and Understanding of OSINT and Private Intelligence Agency as

My User-experience and Understanding of OSINT and Private Intelligence Agency as

My User-experience and Understanding of OSINT and Private Intelligence Agency as Fresh Intelligence Analyst Presented by Animus CHOW Chun Pong REVLUN 19 Before I joined the Industry Brief Outlook of My Background, My Skills,

429 views • 27 slides
Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December

Italys Surveillance Toolbox Riccardo Coluccini @ORARiccardo 34C3 27th-30th December 2017 OSINT OSINT Google Search VAT numbers OSINT Payments by Ministry of Interior due to transparency law n33/2013 OSINT Google

399 views • 36 slides
OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo

OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo

OSINT is the next Internet goldmine: Spain as an unexplored territory Javier Pastor Galindo Pantaleone Nespoli Flix Gmez Mrmol Gregorio Martnez Prez V Jornadas Nacionales de Investigacin en Ciberseguridad Contents Open Source

912 views • 13 slides
Digital Intelligence Gathering Using The Powers Of OSINT For Both Blue And Red Teams BSidesSF

Digital Intelligence Gathering Using The Powers Of OSINT For Both Blue And Red Teams BSidesSF

Digital Intelligence Gathering Using The Powers Of OSINT For Both Blue And Red Teams BSidesSF February 2016 1 / 71 Ethan Dodge DFIR @ Nuna Health. DFIR professional and perpetual learner. @__eth0 dodgesec.com 2 / 71 Nuna Health

861 views • 71 slides
Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg

Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg

Sourcing meets OSINT 3rd of March 2020 // ERA webinar // www.theera.org by Gordon Lokenberg What is OSINT? Used by Law Enforcement Used by the ARMY Used by Private Investigators Used by Sourcers MAINLY ONLINE, mainly

610 views • 14 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz

OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz

DETECT . ANALYZE . REMEDIATE OSINT: The Secret Weapon in Hunting Nation-State Campaigns alon@intsights.com Alon Arvatz +972-545444313 1 1 1 What People Think 2 True or False? Threat intelligence Nation-state actors Commercial threat

247 views • 24 slides
Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill

Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill

Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill drshill@gmx.co.uk We believe that data is the phenomenon of our time. It is the worlds new natural resource. It is the new basis of competitive advantage,

676 views • 51 slides
Lazy-Mode RF OSINT and Reverse Engineering Marc Newlin | @marcnewlin | TROOPERS18 $(whoami)

Lazy-Mode RF OSINT and Reverse Engineering Marc Newlin | @marcnewlin | TROOPERS18 $(whoami)

Lazy-Mode RF OSINT and Reverse Engineering Marc Newlin | @marcnewlin | TROOPERS18 $(whoami) Red Team @ Snap Former Wireless Security Researcher @ Bastille Networks Wireless CVEs in products from 21 vendors Radios

755 views • 64 slides
word2vec Durgesh Kumar OSINT LAB, CSE Department IIT Guwahati Table of contents 1 Overview 2

word2vec Durgesh Kumar OSINT LAB, CSE Department IIT Guwahati Table of contents 1 Overview 2

word2vec Durgesh Kumar OSINT LAB, CSE Department IIT Guwahati Table of contents 1 Overview 2 Background 3 Introduction Training word2vec algorithm 4 Terminologies References 5 Durgesh Kumar word2vec 13th December 2019 1 / 16 Word

241 views • 20 slides
Network Embedding Introductory Talk by Akash Anil Research Scholar OSINT Lab Dept. of Computer

Network Embedding Introductory Talk by Akash Anil Research Scholar OSINT Lab Dept. of Computer

Network Embedding Introductory Talk by Akash Anil Research Scholar OSINT Lab Dept. of Computer Science & Engineering Indian Institute of Technology Guwahati September 11, 2019 Akash Anil Network Embedding September 11, 2019 1 / 25

307 views • 29 slides
Open Source Business Intelligence Open Source Business Intelligence Produkte, Anbieter,

Open Source Business Intelligence Open Source Business Intelligence Produkte, Anbieter,

Open Source Business Intelligence Open Source Business Intelligence Produkte, Anbieter, Geschftsmodelle Produkte, Anbieter, Geschftsmodelle Workshop Open Source Business Intelligence Prof. Dr. Peter Gluchowski 24. September 2009 -

581 views • 41 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts &

Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts &

Hector Open Source Security Intelligence Platform University of Pennsylvania School of Arts & Sciences Ubani A Balogun & Justin Klein Keane Security Intelligence HECTOR was developed out of a desire to leverage security

751 views • 25 slides
Rank-Based Tensor Factorization for Predicting Student Performance Thanh-Nam Doan, Sherry Sahebi

Rank-Based Tensor Factorization for Predicting Student Performance Thanh-Nam Doan, Sherry Sahebi

Rank-Based Tensor Factorization for Predicting Student Performance Thanh-Nam Doan, Sherry Sahebi SUNY, Albany Partially supported by the National Science Foundation, Grant No. 1755910 EDM 2019 1 Introduction Motivation: Online learning

350 views • 15 slides
BF theory on cobordisms endowed with cellular decomposition Pavel Mnev Max Planck Institute for

BF theory on cobordisms endowed with cellular decomposition Pavel Mnev Max Planck Institute for

BF theory on cobordisms endowed with cellular decomposition Pavel Mnev Max Planck Institute for Mathematics, Bonn Poisson 2016, ETH Z urich, July 4, 2016 Joint work with Alberto S. Cattaneo and Nikolai Reshetikhin Introduction BV-BFV

1.25k views • 87 slides
A role for universal pension? Simulating universal pensions in Ecuador, Ghana, Tanzania and South

A role for universal pension? Simulating universal pensions in Ecuador, Ghana, Tanzania and South

A role for universal pension? Simulating universal pensions in Ecuador, Ghana, Tanzania and South Africa Maria Jouste (University of Turku, UNU-WIDER), Pia Rattenhuber (UNU-WIDER) NCDE Conference, June 2018, Helsinki 1 / 19 Outline

234 views • 19 slides
Universal operations in resource theories and local thermodynamics Henrik Wilming , Rodrigo

Universal operations in resource theories and local thermodynamics Henrik Wilming , Rodrigo

Universal operations in resource theories and local thermodynamics Henrik Wilming , Rodrigo Gallego, Jens Eisert @ Freie Universitt Berlin January 16th, 2015 Thermodynamics Charge battery Unitary dynamics of the form charges the battery by

963 views • 84 slides
A Boolean Satisfiability based Solution to the Routing and Wavelength Assignment (RWA) Problem in

A Boolean Satisfiability based Solution to the Routing and Wavelength Assignment (RWA) Problem in

A Boolean Satisfiability based Solution to the Routing and Wavelength Assignment (RWA) Problem in Optical Telecommunication Networks John Valavi , Nikhil Saluja , Sunil P Khatri (valavi,saluja)@colorado.edu

305 views • 19 slides
I/O Mini-apps, Compression, and I/O Libraries for Physics-based Simulations User Productivity

I/O Mini-apps, Compression, and I/O Libraries for Physics-based Simulations User Productivity

I/O Mini-apps, Compression, and I/O Libraries for Physics-based Simulations User Productivity Enhancement, Technology Transfer, and Training (PETTT) Presented by Sean Ziegeler (Engility PETTT) November 13, 2017 PETTT DISTRIBUTION STATEMENT

820 views • 51 slides
HYPERSPACES OF EUCLIDEAN SPACES IN THE GROMOV-HAUSDORFF METRIC SERGEY A. ANTONYAN National

HYPERSPACES OF EUCLIDEAN SPACES IN THE GROMOV-HAUSDORFF METRIC SERGEY A. ANTONYAN National

HYPERSPACES OF EUCLIDEAN SPACES IN THE GROMOV-HAUSDORFF METRIC SERGEY A. ANTONYAN National University of Mexico 12th Symposium on General Topology and its Relations to Modern Analysis and Algebra July 25-29, 2016 Prague Czech Republic S.

1.01k views • 96 slides
PYP Requirements Slides Prepared by: Dr. Quail Middlebrooks: Coordinator, Gifted and Talented

PYP Requirements Slides Prepared by: Dr. Quail Middlebrooks: Coordinator, Gifted and Talented

North Atlanta Cluster PYP Requirements Slides Prepared by: Dr. Quail Middlebrooks: Coordinator, Gifted and Talented Kasele Mshinda: Coordinator, 6-12 Mathematics John Denine: Coordinator, College and Career Readiness Charter System

646 views • 46 slides

More recommend