Open Source Intelligence (OSINT) refers to the collection and analysis of data about a target organization from open sources. This method is often used by attackers in the early stages of cyber attacks. Through targeted searches of public sources, an attacker may be able to discover information about the company, its information technologies or employees, which may enable or facilitate further attacks.
Don't be surprised about the amount of information that can be found on the Internet about your company. On the contrary, use this information to improve your security. Hire DCIT experts and stay one step ahead of the real hackers.
We use specialized tools to find information about the target company. The information obtained is then processed by the testers into a compact final report. This is prepared in MS Word and PDF format and sent to the customer in a secure manner, as well as an MS Excel file containing all the data obtained about the target company, which is sorted according to the areas listed below:
- Domains and subdomains
- This sheet in the final report contains all domains and subdomains that were found during the test. Each record contains the source of the information, the company to which the record belongs and the domain/subdomain found. In addition, for each domain and subdomain, there is information on whether it resolves to an IP address using DNS.
- IP ranges
- The sheet contains all ASN and IP ranges found for the target company. Each record contains the IP range and the ASN it belongs to.
- Third-party domains and subdomains
- This sheet contains third-party domains and subdomains that are related to the target company. Each record contains information about which data belonging to the target companies was used to locate the third party. For example, it could be subdomains on azurewebsites.net, outlook.com, etc.
- Email addresses
- The sheet contains all e-mail addresses found belonging to the target company.
- The sheet contains all credentials found belonging to the target company. In addition, each record contains information on whether it is a password in plain text or a password hash and in which login data leak it was located.
- The sheet contains all technologies used on servers belonging to the target company.
- The sheet contains all the vulnerabilities found on the servers belonging to the target company.
- Public repositories
- The sheet contains all public repositories that contain a mention of the target company.
- The sheet contains all files and file metadata found in the target company's web applications or mentioning the target company.
- Information from the darknet
- The sheet contains links to darknet sites mentioning the target company.
Other types of pentesting
In addition to the above described testing we provide our clients also with many other types of penetration tests – see Penetration testing overview.