Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Offensive OSINT mindset to defend your Organization Chandrapal Badshah
About Me Chandrapal Badshah Security Researcher Open Source Enthusiast Twitter : @bnchandrapal Website : badshah.io
Story time ...
Fiction ?
https://hackerone.com/reports/397527
What is Open Source Intelligence ?
What is OSINT ? “An art of collecting publicly available data and deriving useful information from it”
The OSINT Mindset
The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
Three questions to ask yourself ? What do you know about the organization ? What do you technically know about the organiz...
What do you know about the organization ?
What do you know about the organization ? ● What does it sell - a product / service / something else ? ● How does the comp...
Sources ● Company website ● Blogs ● LinkedIn ● Newspapers ● Third party review blogs ● Crunchbase
Example : Job openings
Impact : Breaches on Acquisitions might affect you https://www.infosecurity-magazine.com/news/paypal-acquired-company-suff...
Impact : Supply Chain Attacks
What do you technically know about the organization ?
Domains and subdomains Virustotal
Domains and subdomains Virustotal SecurityTrails
Domains and subdomains Virustotal SecurityTrails Rapid7’s FDNS
Domains and subdomains Virustotal SecurityTrails Rapid7’s FDNS Google Certificate Transparency Logs
Digital Assets Subdomain takeovers Exposed databases Software with default and weak passwords
Impact : Digital Assets
IP addresses & open ports ● Shodan
IP addresses & open ports ● Shodan ● Software running on non standard ports
Did you checkout the employees of the organization ?
Email addresses hunter.io - allows to get email address patterns
Email addresses hunter.io - allows to get email address patterns HaveIBeenPwned
Online coding platforms Online code platforms: ● GitHub ● Gitlab ● Bitbucket Online code compiling platforms: ● Repl.it
Online content sharing ● Pastebin & other pastie sites ● Public GitHub gists / Gitlab snippets ● Google docs / sheets with...
Password Reuse
How can we protect organization using OSINT ?
Understand what’s in your control and what’s not Digital assets What the organization posts online Security & Organization...
Understand what’s in your control and what’s not Digital assets What the organization posts online Security & Organization...
How to tackle (un)intentional data leaks ?
Continuous Monitoring Monitor for keywords on about your organization on online platforms ● Google alerts ● Tools like Rea...
Continuous Monitoring Monitor for keywords on about your organization on online platforms ● Google alerts ● Tools like Rea...
How to proactively defend your organization ?
Never Reuse Passwords Evangelize the use of password managers
Never Reuse Passwords This breach could have never happened
Vulnerability Management ● Allows you to know your network ○ Network ○ DNS records ○ Open Ports ○ Software / Technology st...
Vulnerability Management This could have been prevented
Thank You Any Questions ?
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Upcoming SlideShare
Loading in …5
×
Technology
230 views
Apr. 27, 2019

OSINT mindset to protect your organization - Null monthly meet version

This presentation covers different sources of information about organization, some breach case studies and how we could have prevented it using OSINT and other techniques.

no profile picture user

  • Login to see the comments

  • Be the first to like this

OSINT mindset to protect your organization - Null monthly meet version

  1. 1. Offensive OSINT mindset to defend your Organization Chandrapal Badshah
  2. 2. About Me Chandrapal Badshah Security Researcher Open Source Enthusiast Twitter : @bnchandrapal Website : badshah.io
  3. 3. Story time ...
  4. 4. Fiction ?
  5. 5. https://hackerone.com/reports/397527
  6. 6. What is Open Source Intelligence ?
  7. 7. What is OSINT ? “An art of collecting publicly available data and deriving useful information from it”
  8. 8. The OSINT Mindset
  9. 9. The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
  10. 10. The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
  11. 11. The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
  12. 12. The OSINT Mindset Consists of 3 phases in general: Data aggregation Deriving intelligence Storing the data & intel
  13. 13. Three questions to ask yourself ? What do you know about the organization ? What do you technically know about the organization ? Did you checkout the employees of the organization ?
  14. 14. What do you know about the organization ?
  15. 15. What do you know about the organization ? ● What does it sell - a product / service / something else ? ● How does the company make profit ? ● Board of Directors & Investors ● Acquisitions and Partnerships ● Job openings ● Supply chain / vendors
  16. 16. Sources ● Company website ● Blogs ● LinkedIn ● Newspapers ● Third party review blogs ● Crunchbase
  17. 17. Example : Job openings
  18. 18. Impact : Breaches on Acquisitions might affect you https://www.infosecurity-magazine.com/news/paypal-acquired-company-suffered/
  19. 19. Impact : Supply Chain Attacks
  20. 20. What do you technically know about the organization ?
  21. 21. Domains and subdomains Virustotal
  22. 22. Domains and subdomains Virustotal SecurityTrails
  23. 23. Domains and subdomains Virustotal SecurityTrails Rapid7’s FDNS
  24. 24. Domains and subdomains Virustotal SecurityTrails Rapid7’s FDNS Google Certificate Transparency Logs
  25. 25. Digital Assets Subdomain takeovers Exposed databases Software with default and weak passwords
  26. 26. Impact : Digital Assets
  27. 27. IP addresses & open ports ● Shodan
  28. 28. IP addresses & open ports ● Shodan ● Software running on non standard ports
  29. 29. Did you checkout the employees of the organization ?
  30. 30. Email addresses hunter.io - allows to get email address patterns
  31. 31. Email addresses hunter.io - allows to get email address patterns HaveIBeenPwned
  32. 32. Online coding platforms Online code platforms: ● GitHub ● Gitlab ● Bitbucket Online code compiling platforms: ● Repl.it
  33. 33. Online content sharing ● Pastebin & other pastie sites ● Public GitHub gists / Gitlab snippets ● Google docs / sheets with public shareable link ● Trello boards
  34. 34. Password Reuse
  35. 35. How can we protect organization using OSINT ?
  36. 36. Understand what’s in your control and what’s not Digital assets What the organization posts online Security & Organizational policies
  37. 37. Understand what’s in your control and what’s not Digital assets What the organization posts online Security & Organizational policies Employees’ personal online accounts
  38. 38. How to tackle (un)intentional data leaks ?
  39. 39. Continuous Monitoring Monitor for keywords on about your organization on online platforms ● Google alerts ● Tools like Real Time Scrapper & DataSploit ● Third party monitoring services
  40. 40. Continuous Monitoring Monitor for keywords on about your organization on online platforms ● Google alerts ● Tools like Real Time Scrapper & DataSploit ● Third party monitoring services Monitor if employee’s email is found in a data breach ● HaveIBeenPwned FREE notification service
  41. 41. How to proactively defend your organization ?
  42. 42. Never Reuse Passwords Evangelize the use of password managers
  43. 43. Never Reuse Passwords This breach could have never happened
  44. 44. Vulnerability Management ● Allows you to know your network ○ Network ○ DNS records ○ Open Ports ○ Software / Technology stack used ● Vulnerable software ○ Dependency Check
  45. 45. Vulnerability Management This could have been prevented
  46. 46. Thank You Any Questions ?

×