OSINT

OSINT, or open-source intelligence, is the practice of collecting information from published or otherwise publicly available sources.

Why is OSINT important?

Penetration testers as well as malicious actors, gather information about target organisations and their infrastructures during the initial stages of the pentest engagement or attack. Either way, the goal is to attempt to gather as much as information possible, to ensure the effectiveness of subsequent steps.

Common examples of what OSINT techniques can discover and why they are beneficial to businesses:

  1. Identify sensitive data that has been leaked on social media and other platforms.
  2. Leakage confidential information
  3. Information left in source code of websites
  4. Discover obsolete software or operating systems that may be vulnerable
  5. Discover open ports and insecure devices

OSINT can be a valuable source of data to security teams that need to secure a continuously changing attack surface. These OSINT findings can enrich the threat intelligence of an organisation, minimizing the exposure of pivot-able data and ultimately enhance the security of an organisation’s information and infrastructure

passive and non-invasive approach

We employ passive and non-invasive techniques, that utilize only publicly available sources for open-source intelligence gathering. This prevents, potential damage to systems and does not impact integrity and availability of the networks that any services may be running on.

Additionally, note that some information may be outdated or incorrect, and teams should not rely on every piece of information found with 100% certainty.

Tools and Frameworks applied

Using tools such as the OSINT Framework, Google Dorking and various linux tools we can find and report on the following:

  • Publicly Exposed Documents
  • Exposed Website Directory Listings
  • Company information left on sites like Stackoverflow
  • Company information found on pasting sites
  • Exposed database files
  • Compromised email accounts on public databases
  • Cached versions of Websites

For a full list of our service offerings, head to our Services page.