Successfully reported this slideshow.

Let’s hunt the target using OSINT

2

Share

Nov. 19, 2017
2 likes 1,150 views
Upcoming SlideShare
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
Loading in …3
×
1 of 33
1 of 33

Let’s hunt the target using OSINT

Nov. 19, 2017
2 likes 1,150 views

2

Share

Download to read offline

Technology

This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.

This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.

Technology

Recommended

More Related Content

More from Chandrapal Badshah

OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
OSINT Mindset to protect your Organization
Chandrapal Badshah
Solving OWASP MSTG CrackMe using Frida
Chandrapal Badshah
OWASP Serverless Top 10
Chandrapal Badshah
Pentesting Android Apps using Frida (Beginners)
Chandrapal Badshah
pwnd.sh
Chandrapal Badshah
Web Application Firewall
Chandrapal Badshah
Netcat - A Swiss Army Tool
Chandrapal Badshah

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free
Uncommon Carriers John McPhee
(3.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
The Art of War Sun Tsu
(3/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(3/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free

Let’s hunt the target using OSINT

  1. 1. Let’s Hunt the Target using OSINT
  2. 2. Who am I ? ● Chandrapal ● Security Enthusiast ● Founder of Hack with GitHub ● Open Source Developer (@Chan9390) ● GSoC 2017 - Metasploitable 3
  3. 3. Session is targeted to ● Beginners who are interested in Open Source Intelligence. ● For people who want to know what information lies there open on internet.
  4. 4. Agenda ● What is intelligence ? ● What is Open Source Intelligence ? ● Recent trends in OSINT ● OSINT in real life with example (Twitter, Facebook) ● OSINT in pentests (offensive) ● Few Demos
  5. 5. What is Intelligence ?
  6. 6. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving
  7. 7. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information
  8. 8. What is Intelligence ? Wikipedia defines Intelligence as: One's capacity for logic, understanding, self-awareness, learning, emotional knowledge, planning, creativity, and problem solving In other words: It is the ability to understand and draw a logical conclusion from the available information
  9. 9. Types of Intelligence ● Human Intelligence (HUMINT) ● Geospatial Intelligence (GEOINT) ● Signals Intelligence (SIGINT) ● Open-Source Intelligence (OSINT)
  10. 10. Open Source Intelligence ● Art of collecting information which is scattered on publicly available sources ● Open here refers to overt, publicly available sources ● Not completely legal, as it is against the privacy of a person ● Gathering bits to form the big picture ● Depends on sources. Continuously evolving. ● Information sources could be anything not limited to metadata, social media and blogs
  11. 11. Traditional Methods ● Using search engines Eg: Google, Bing, etc ● News sites Eg: CNN, BBC, etc ● Corporate Websites ● Government Websites ● Blogs
  12. 12. Modern Resources ● Advanced Search Engines ● Social Media sites ● Deepweb/Darkweb ● Automated tools
  13. 13. Recent Trends in OSINT https://trends.google.com
  14. 14. OSINT tools
  15. 15. OSINT in Real life We use OSINT in everyday life ● Finding download links for Game of Thrones series ● Finding the best looking person ● Knowing about the company before applying for a position ● Knowing your ex’s latest crush :P
  16. 16. Why OSINT has become so important ? ● Humans by nature try to get others attention ● So many post (personal) information on online platforms thinking that only intended members will look. ● New smartphones have geo-tagging feature enabled by default ● Metadata of those images can give a glimpse of your daily life
  17. 17. What can you figure out from this ?
  18. 18. Car License
  19. 19. Bank and Bank Account
  20. 20. Credit card and DOB
  21. 21. Mobile No, Phone Model, much more
  22. 22. tinfoleak Demo - Twitter
  23. 23. Inteltechniques.com Demo - Facebook https://inteltechniques.com/menu.html
  24. 24. The problem I faced Hack with GitHub - initiative to showcase open source security tools on GitHub along with their Author’s twitter handle
  25. 25. How OSINT has helped me ? 80% - @xyz123 - @xyz123 6% - @xyz123 - @_xyz123, @xyz123_, @xyz_123 or @_xyz123_ 4% - Check their websites for Twitter handles 2% - Impossible to find What about the other 8% ?
  26. 26. How OSINT has helped me ? 3% - Check the links on Twitter. People generally brag about their tools. 2% - Same profile pictures. Use reverse image (https://tineye.com/) 3% - Git log - Email OSINT
  27. 27. OSINT in Pentest ● Webapp ○ Wappalyzer ○ RetireJS ● Domain-IP lookup ○ Whois lookup ○ Reverse IP Lookup ● Find if emails were previously pwned ○ HaveIBeenPwned lookup
  28. 28. OSINT in Pentest ● Advanced Search engine searches: site:*.example.org ext:php | ext:txt | ext:log ● Checking robots.txt ● Advanced search: Wolfram Alpha ● Subdomain enumeration ○ Certificate transparency ○ Shodan ○ Censys
  29. 29. Examples
  30. 30. Intrigue - Demo You can know more about Intrigue at: https://www.youtube.com/watch?v=kWrdxuFaEVg
  31. 31. espi0n - Coming Soon !
  32. 32. Any Questions ?
  33. 33. References: ● https://github.com/jivoi/awesome-osint ● https://blog.appsecco.com/open-source-intelligence-gathering-101- d2861d4429e3 ● https://www.slideshare.net/SudhanshuChauhan ● http://www.automatingosint.com/blog/ ● https://intrigue.io

Editor's Notes

  • HUMINT - intelligence gathered by means of interpersonal contact
    GEOINT - analysis of imagery and geospatial information to gather information
    SIGINT - intelligence-gathering by interception of signals
  • WhoIS - query and response protocol that queries DB that stores the details of the registerd domains
  • Certificate transparency - https://transparencyreport.google.com/https/certificates

    • ×