Successfully reported this slideshow.

Let’s hunt the target using OSINT

2

Share

1 of 33
1 of 33

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Let’s hunt the target using OSINT

  1. 1. Let’s Hunt the Target using OSINT
  2. 2. Who am I ? ● Chandrapal ● Security Enthusiast ● Founder of Hack with GitHub ● Open Source Developer (@Chan9390) ● GSoC 2017 - Metasploitable 3
  3. 3. Session is targeted to ● Beginners who are interested in Open Source Intelligence. ● For people who want to know what information lies there open on internet.
  4. 4. Agenda ● What is intelligence ? ● What is Open Source Intelligence ? ● Recent trends in OSINT ● OSINT in real life with example (Twitter, Facebook) ● OSINT in pentests (offensive) ● Few Demos
  5. 5. What is Intelligence ?
  6. 6. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving
  7. 7. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information
  8. 8. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information
  9. 9. Types of Intelligence ● Human Intelligence (HUMINT) ● Geospatial Intelligence (GEOINT) ● Signals Intelligence (SIGINT) ● Open-Source Intelligence (OSINT)
  10. 10. Open Source Intelligence ● Art of collecting information which is scattered on publicly available sources ● Open here refers to overt, publicly available sources ● Not completely legal, as it is against the privacy of a person ● Gathering bits to form the big picture ● Depends on sources. Continuously evolving. ● Information sources could be anything not limited to metadata, social media and blogs
  11. 11. Traditional Methods ● Using search engines Eg: Google, Bing, etc ● News sites Eg: CNN, BBC, etc ● Corporate Websites ● Government Websites ● Blogs
  12. 12. Modern Resources ● Advanced Search Engines ● Social Media sites ● Deepweb/Darkweb ● Automated tools
  13. 13. Recent Trends in OSINT https://trends.google.com
  14. 14. OSINT tools
  15. 15. OSINT in Real life We use OSINT in everyday life ● Finding download links for Game of Thrones series ● Finding the best looking person ● Knowing about the company before applying for a position ● Knowing your ex’s latest crush :P
  16. 16. Why OSINT has become so important ? ● Humans by nature try to get others attention ● So many post (personal) information on online platforms thinking that only intended members will look. ● New smartphones have geo-tagging feature enabled by default ● Metadata of those images can give a glimpse of your daily life
  17. 17. What can you figure out from this ?
  18. 18. Car License
  19. 19. Bank and Bank Account
  20. 20. Credit card and DOB
  21. 21. Mobile No, Phone Model, much more
  22. 22. tinfoleak Demo - Twitter
  23. 23. Inteltechniques.com Demo - Facebook https://inteltechniques.com/menu.html
  24. 24. The problem I faced Hack with GitHub - initiative to showcase open source security tools on GitHub along with their Author’s twitter handle
  25. 25. How OSINT has helped me ? 80% - @xyz123 - @xyz123 6% - @xyz123 - @_xyz123, @xyz123_, @xyz_123 or @_xyz123_ 4% - Check their websites for Twitter handles 2% - Impossible to find What about the other 8% ?
  26. 26. How OSINT has helped me ? 3% - Check the links on Twitter. People generally brag about their tools. 2% - Same profile pictures. Use reverse image (https://tineye.com/) 3% - Git log - Email OSINT
  27. 27. OSINT in Pentest ● Webapp ○ Wappalyzer ○ RetireJS ● Domain-IP lookup ○ Whois lookup ○ Reverse IP Lookup ● Find if emails were previously pwned ○ HaveIBeenPwned lookup
  28. 28. OSINT in Pentest ● Advanced Search engine searches: site:*.example.org ext:php | ext:txt | ext:log ● Checking robots.txt ● Advanced search: Wolfram Alpha ● Subdomain enumeration ○ Certificate transparency ○ Shodan ○ Censys
  29. 29. Examples
  30. 30. Intrigue - Demo You can know more about Intrigue at: https://www.youtube.com/watch?v=kWrdxuFaEVg
  31. 31. espi0n - Coming Soon !
  32. 32. Any Questions ?
  33. 33. References: ● https://github.com/jivoi/awesome-osint ● https://blog.appsecco.com/open-source-intelligence-gathering-101- d2861d4429e3 ● https://www.slideshare.net/SudhanshuChauhan ● http://www.automatingosint.com/blog/ ● https://intrigue.io

Editor's Notes

  • HUMINT - intelligence gathered by means of interpersonal contact
    GEOINT - analysis of imagery and geospatial information to gather information
    SIGINT - intelligence-gathering by interception of signals
  • WhoIS - query and response protocol that queries DB that stores the details of the registerd domains
  • Certificate transparency - https://transparencyreport.google.com/https/certificates
  • ×