Let’s hunt the target using OSINT

1. Let’s Hunt the Target using OSINT

2. Who am I ? ● Chandrapal ● Security Enthusiast ● Founder of Hack with GitHub ● Open Source Developer (@Chan9390) ● GSoC 2017 - Metasploitable 3

3. Session is targeted to ● Beginners who are interested in Open Source Intelligence. ● For people who want to know what information lies there open on internet.

4. Agenda ● What is intelligence ? ● What is Open Source Intelligence ? ● Recent trends in OSINT ● OSINT in real life with example (Twitter, Facebook) ● OSINT in pentests (offensive) ● Few Demos

5. What is Intelligence ?

6. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving

7. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information

8. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information

9. Types of Intelligence ● Human Intelligence (HUMINT) ● Geospatial Intelligence (GEOINT) ● Signals Intelligence (SIGINT) ● Open-Source Intelligence (OSINT)

10. Open Source Intelligence ● Art of collecting information which is scattered on publicly available sources ● Open here refers to overt, publicly available sources ● Not completely legal, as it is against the privacy of a person ● Gathering bits to form the big picture ● Depends on sources. Continuously evolving. ● Information sources could be anything not limited to metadata, social media and blogs

11. Traditional Methods ● Using search engines Eg: Google, Bing, etc ● News sites Eg: CNN, BBC, etc ● Corporate Websites ● Government Websites ● Blogs

12. Modern Resources ● Advanced Search Engines ● Social Media sites ● Deepweb/Darkweb ● Automated tools

13. Recent Trends in OSINT https://trends.google.com

14. OSINT tools

15. OSINT in Real life We use OSINT in everyday life ● Finding download links for Game of Thrones series ● Finding the best looking person ● Knowing about the company before applying for a position ● Knowing your ex’s latest crush :P

16. Why OSINT has become so important ? ● Humans by nature try to get others attention ● So many post (personal) information on online platforms thinking that only intended members will look. ● New smartphones have geo-tagging feature enabled by default ● Metadata of those images can give a glimpse of your daily life

17. What can you figure out from this ?

18. Car License

19. Bank and Bank Account

20. Credit card and DOB

21. Mobile No, Phone Model, much more

22. tinfoleak Demo - Twitter

23. Inteltechniques.com Demo - Facebook https://inteltechniques.com/menu.html

24. The problem I faced Hack with GitHub - initiative to showcase open source security tools on GitHub along with their Author’s twitter handle

25. How OSINT has helped me ? 80% - @xyz123 - @xyz123 6% - @xyz123 - @_xyz123, @xyz123_, @xyz_123 or @_xyz123_ 4% - Check their websites for Twitter handles 2% - Impossible to find What about the other 8% ?

26. How OSINT has helped me ? 3% - Check the links on Twitter. People generally brag about their tools. 2% - Same profile pictures. Use reverse image (https://tineye.com/) 3% - Git log - Email OSINT

27. OSINT in Pentest ● Webapp ○ Wappalyzer ○ RetireJS ● Domain-IP lookup ○ Whois lookup ○ Reverse IP Lookup ● Find if emails were previously pwned ○ HaveIBeenPwned lookup

28. OSINT in Pentest ● Advanced Search engine searches: site:*.example.org ext:php | ext:txt | ext:log ● Checking robots.txt ● Advanced search: Wolfram Alpha ● Subdomain enumeration ○ Certificate transparency ○ Shodan ○ Censys

29. Examples

30. Intrigue - Demo You can know more about Intrigue at: https://www.youtube.com/watch?v=kWrdxuFaEVg

31. espi0n - Coming Soon !

32. Any Questions ?

33. References: ● https://github.com/jivoi/awesome-osint ● https://blog.appsecco.com/open-source-intelligence-gathering-101- d2861d4429e3 ● https://www.slideshare.net/SudhanshuChauhan ● http://www.automatingosint.com/blog/ ● https://intrigue.io

Let’s hunt the target using OSINT

Let’s hunt the target using OSINT

Recommended

More Related Content

What's hot

What's hot(20)

Similar to Let’s hunt the target using OSINT

Similar to Let’s hunt the target using OSINT(20)

More from Chandrapal Badshah

More from Chandrapal Badshah(10)

Recently uploaded

Recently uploaded(20)

Let’s hunt the target using OSINT

Editor's Notes