Open-Source Intelligence (OSINT)

Open Source Intelligence (OSINT) refers to the collection and analysis of data about a target organisation or company from publicly available sources. This method is often used by attackers during the initial phase of cyber attacks.

Through targeted searches of public sources, an attacker may be able to identify information about the organisation, its information technologies, or its employees, which could enable or facilitate subsequent attacks.

Benefits

Using OSINT, you can gain insight into the information that is publicly available about your organisation. The assessment output may include leaked credentials, files, cryptographic keys, details about the use of outdated software versions, or information about publicly accessible internal applications.

Awareness of this information enables remediation, which is often not difficult to implement.

Testing Process

To search for information about the target organisation or company, we use publicly available search engines, databases, specialised tools, and proprietary scripts that analyse various sources.

Specifically, we focus on:

• Obtaining IP addresses, IP ranges, domains, and subdomains using DNS records, information available from TLS certificates, and other online services.

• Identifying published or leaked email addresses belonging to the assessed company.

• Reviewing publicly accessible source code repositories related to the customer’s applications.

• Searching published credential leaks for records associated with the assessed target.

• Identifying the technologies in use, their versions, and any related vulnerabilities.

• Searching for mentions of the target company using darknet search engines.

Relationship to other assessments

We most commonly offer the OSINT service as part of an External perimeter penetration test. Within this assessment, OSINT outputs can be used as a basis for a more detailed security review of the identified endpoints. We also verify whether the discovered credentials, vulnerability information, and details about the technologies in use are current, and whether they can be practically exploited.

OSINT can also complement a Penetration test from insider threat perspective and is often included in Red teaming activities.

Using OSINT can also be beneficial as a preparatory phase for other types of penetration testing. See Penetration testing – overview.

Final report

The information obtained is processed into a compact final report in MS Word and PDF formats. The deliverables also include an MS Excel file containing all data collected about the target company. All outputs are provided to the customer through a secure channel.