OSINT mindset to protect your organization - Null monthly meet version

Offensive OSINT mindset to
defend your Organization
Chandrapal Badshah
About Me
Chandrapal Badshah
Security Researcher
Open Source Enthusiast
Twitter : @bnchandrapal
Website : badshah.io
Story time ...
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Fiction ?
https://hackerone.com/reports/397527
What is Open Source Intelligence ?
What is OSINT ?
“An art of collecting publicly available data and deriving
useful information from it”
The OSINT Mindset
The OSINT Mindset
Consists of 3 phases in general:
Data
aggregation
Deriving
intelligence
Storing the data
& intel
The OSINT Mindset
Consists of 3 phases in general:
Data
aggregation
Deriving
intelligence
Storing the data
& intel
The OSINT Mindset
Consists of 3 phases in general:
Data
aggregation
Deriving
intelligence
Storing the data
& intel
The OSINT Mindset
Consists of 3 phases in general:
Data
aggregation
Deriving
intelligence
Storing the data
& intel
Three questions to ask yourself ?
What do you know about the organization ?
What do you technically know about the organization ?
Did you checkout the employees of the organization ?
What do you know about the organization ?
What do you know about the organization ?
● What does it sell - a product / service / something else ?
● How does the company make profit ?
● Board of Directors & Investors
● Acquisitions and Partnerships
● Job openings
● Supply chain / vendors
Sources
● Company website
● Blogs
● LinkedIn
● Newspapers
● Third party review blogs
● Crunchbase
Example : Job openings
Impact : Breaches on Acquisitions might affect you
https://www.infosecurity-magazine.com/news/paypal-acquired-company-suffered/
Impact : Supply Chain Attacks
What do you technically know about the
organization ?
Domains and subdomains
Virustotal
Domains and subdomains
Virustotal
SecurityTrails
Domains and subdomains
Virustotal
SecurityTrails
Rapid7’s FDNS
Domains and subdomains
Virustotal
SecurityTrails
Rapid7’s FDNS
Google Certificate Transparency
Logs
Digital Assets
Subdomain takeovers
Exposed databases
Software with default and weak passwords
Impact : Digital Assets
IP addresses & open ports
● Shodan
IP addresses & open ports
● Shodan
● Software running on non standard ports
Did you checkout the employees of the
organization ?
Email addresses
hunter.io - allows to get email address patterns
Email addresses
hunter.io - allows to get email address patterns
HaveIBeenPwned
Online coding platforms
Online code platforms:
● GitHub
● Gitlab
● Bitbucket
Online code compiling platforms:
● Repl.it
Online content sharing
● Pastebin & other pastie sites
● Public GitHub gists / Gitlab snippets
● Google docs / sheets with public shareable link
● Trello boards
Password Reuse
How can we protect organization using OSINT ?
Understand what’s in your control and what’s not
Digital assets
What the organization posts online
Security & Organizational policies
Understand what’s in your control and what’s not
Digital assets
What the organization posts online
Security & Organizational policies
Employees’ personal online accounts
How to tackle (un)intentional data leaks ?
Continuous Monitoring
Monitor for keywords on about your organization on online platforms
● Google alerts
● Tools like Real Time Scrapper & DataSploit
● Third party monitoring services
Continuous Monitoring
Monitor for keywords on about your organization on online platforms
● Google alerts
● Tools like Real Time Scrapper & DataSploit
● Third party monitoring services
Monitor if employee’s email is found in a data breach
● HaveIBeenPwned FREE notification service
How to proactively defend your organization ?
Never Reuse Passwords
Evangelize the use of password managers
Never Reuse Passwords
This breach
could have
never happened
Vulnerability Management
● Allows you to know your network
○ Network
○ DNS records
○ Open Ports
○ Software / Technology stack used
● Vulnerable software
○ Dependency Check
Vulnerability Management
This could have
been prevented
Thank You
Any Questions ?
1 of 52

Recommended

Let’s hunt the target using OSINT by
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
1.2K views33 slides
How to get started in InfoSec ? by
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?Chandrapal Badshah
568 views31 slides
OSINT for Proactive Defense - RootConf 2019 by
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
5.2K views31 slides
Empowering red and blue teams with osint c0c0n 2017 by
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
3.8K views40 slides
OSINT using Twitter & Python by
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
4.2K views44 slides
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech... by
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
4.4K views10 slides

More Related Content

What's hot

Osint ashish mistry by
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
2K views32 slides
From OSINT to Phishing presentation by
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
445 views21 slides
Owasp osint presentation - by adam nurudini by
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
405 views18 slides
Open source intelligence by
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
5.9K views19 slides
Osint presentation nov 2019 by
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
5.1K views12 slides

What's hot(20)

Owasp osint presentation - by adam nurudini by Adam Nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
Adam Nurudini405 views
Osint presentation nov 2019 by Priyanka Aash
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash5.1K views
Enterprise Open Source Intelligence Gathering by Tom Eston
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston28.1K views
Getting started with using the Dark Web for OSINT investigations by Olakanmi Oluwole
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole305 views
osint - open source Intelligence by Osama Ellahi
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
Osama Ellahi250 views
OSINT Black Magic: Listen who whispers your name in the dark!!! by Nutan Kumar Panda
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda1.2K views
Practical White Hat Hacker Training - Passive Information Gathering(OSINT) by PRISMA CSI
Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI1.3K views
OSINT x UCCU Workshop on Open Source Intelligence by Philippe Lin
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
Philippe Lin9.1K views
Datasploit - An Open Source Intelligence Tool by Shubham Mittal
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
Shubham Mittal5.3K views
What you need to know about OSINT by Jerod Brennen
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen1.2K views
Open source intelligence information gathering (OSINT) by phexcom1
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
phexcom11.3K views
Nmapper theHarvester OSINT Tool explanation by Wangolo Joel
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
Wangolo Joel114 views

Similar to OSINT mindset to protect your organization - Null monthly meet version

OpenSourceIntelligence-OSINT.pptx by
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxanonymousanonymous428352
196 views15 slides
Passive Intelligence Gathering and Analytics - It's All Just Metadata! by
Passive Intelligence Gathering and Analytics - It's All Just Metadata!Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!CTruncer
6.3K views66 slides
UKSG - Just Do IT Yourself by
UKSG  - Just Do IT YourselfUKSG  - Just Do IT Yourself
UKSG - Just Do IT YourselfTony Hirst
1.4K views113 slides
Open Source Information Gathering Brucon Edition by
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
5K views68 slides
Social Web 2014: Final Presentations (Part I) by
Social Web 2014: Final Presentations (Part I)Social Web 2014: Final Presentations (Part I)
Social Web 2014: Final Presentations (Part I)Lora Aroyo
5.2K views122 slides
Blackmagic Open Source Intelligence OSINT by
Blackmagic Open Source Intelligence OSINTBlackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINTSudhanshu Chauhan
1.5K views17 slides

Similar to OSINT mindset to protect your organization - Null monthly meet version(20)

Passive Intelligence Gathering and Analytics - It's All Just Metadata! by CTruncer
Passive Intelligence Gathering and Analytics - It's All Just Metadata!Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
CTruncer6.3K views
UKSG - Just Do IT Yourself by Tony Hirst
UKSG  - Just Do IT YourselfUKSG  - Just Do IT Yourself
UKSG - Just Do IT Yourself
Tony Hirst1.4K views
Open Source Information Gathering Brucon Edition by Chris Gates
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates5K views
Social Web 2014: Final Presentations (Part I) by Lora Aroyo
Social Web 2014: Final Presentations (Part I)Social Web 2014: Final Presentations (Part I)
Social Web 2014: Final Presentations (Part I)
Lora Aroyo5.2K views
Blackmagic Open Source Intelligence OSINT by Sudhanshu Chauhan
Blackmagic Open Source Intelligence OSINTBlackmagic Open Source Intelligence OSINT
Blackmagic Open Source Intelligence OSINT
Sudhanshu Chauhan1.5K views
Juliette Melton - Mobile User Experience Research by Web Directions
Juliette Melton - Mobile User Experience ResearchJuliette Melton - Mobile User Experience Research
Juliette Melton - Mobile User Experience Research
Web Directions1.5K views
Introduction To Predictive Modelling by Spotle.ai
Introduction To Predictive ModellingIntroduction To Predictive Modelling
Introduction To Predictive Modelling
Spotle.ai299 views
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016) by Hamza Harkous
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Hamza Harkous175 views
The Ins, Outs, and Nuances of Internet Privacy by eBoost Consulting
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet Privacy
eBoost Consulting652 views
Building Effective Frameworks for Social Media Analysis by Open Analytics
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
Open Analytics1.9K views
OSINT: Open Source Intelligence - Rohan Braganza by NSConclave
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave746 views
OSINT for Attack and Defense by Andrew McNicol
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol9.8K views
Building Effective Frameworks for Social Media Analysis by ikanow
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
ikanow1K views
EMFcamp2022 - What if apps logged into you, instead of you logging into apps? by Chris Swan
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
Chris Swan156 views
Vulnerability Assessment and Penetration Testing using Webkill by ijtsrd
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkill
ijtsrd21 views
Advanced Research Investigations for SIU Investigators by Sloan Carne
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
Sloan Carne122 views
[@IndeedEng] Large scale interactive analytics with Imhotep by indeedeng
[@IndeedEng] Large scale interactive analytics with Imhotep[@IndeedEng] Large scale interactive analytics with Imhotep
[@IndeedEng] Large scale interactive analytics with Imhotep
indeedeng6.9K views
Data Science, Personalisation & Product management by Bhaskar Krishnan
Data Science, Personalisation & Product managementData Science, Personalisation & Product management
Data Science, Personalisation & Product management
Bhaskar Krishnan397 views
OWASP_OSINT_Presentation.pdf by netisBin
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
netisBin24 views

More from Chandrapal Badshah

Dangling DNS records takeover at scale by
Dangling DNS records takeover at scaleDangling DNS records takeover at scale
Dangling DNS records takeover at scaleChandrapal Badshah
536 views25 slides
Detecting secrets in code committed to gitlab (in real time) by
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Chandrapal Badshah
846 views28 slides
OSINT Mindset to protect your Organization by
OSINT Mindset to protect your OrganizationOSINT Mindset to protect your Organization
OSINT Mindset to protect your OrganizationChandrapal Badshah
118 views24 slides
Solving OWASP MSTG CrackMe using Frida by
Solving OWASP MSTG CrackMe using FridaSolving OWASP MSTG CrackMe using Frida
Solving OWASP MSTG CrackMe using FridaChandrapal Badshah
585 views20 slides
OWASP Serverless Top 10 by
OWASP Serverless Top 10OWASP Serverless Top 10
OWASP Serverless Top 10Chandrapal Badshah
1K views55 slides
Pentesting Android Apps using Frida (Beginners) by
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
6.9K views36 slides

More from Chandrapal Badshah(9)

Recently uploaded

Business Analyst Series 2023 - Week 4 Session 8 by
Business Analyst Series 2023 -  Week 4 Session 8Business Analyst Series 2023 -  Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8DianaGray10
145 views13 slides
Business Analyst Series 2023 - Week 4 Session 7 by
Business Analyst Series 2023 -  Week 4 Session 7Business Analyst Series 2023 -  Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7DianaGray10
146 views31 slides
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
120 views17 slides
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...The Digital Insurer
91 views52 slides
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...ShapeBlue
162 views25 slides
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsShapeBlue
247 views13 slides

Recently uploaded(20)

Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 8Business Analyst Series 2023 -  Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10145 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 7Business Analyst Series 2023 -  Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 views
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by ShapeBlue
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
ShapeBlue120 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue162 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue247 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue225 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue265 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue141 views
The Power of Generative AI in Accelerating No Code Adoption.pdf by Saeed Al Dhaheri
The Power of Generative AI in Accelerating No Code Adoption.pdfThe Power of Generative AI in Accelerating No Code Adoption.pdf
The Power of Generative AI in Accelerating No Code Adoption.pdf
Saeed Al Dhaheri39 views
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc176 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue171 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays36 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue129 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue207 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue199 views

OSINT mindset to protect your organization - Null monthly meet version

Editor's Notes

  1. It was getting dark and our hacker hero was tired of looking at multiple online code repositories. Before he closes his 30 tabbed browser, he stumbled upon an unusual repository. What intrigued him was that the code repo had less code, but lots of releases. After downloading, decompiling and hours of debugging, he found the slack token of the target organization. Using the slack token, he was able to get messages from most of the Slack channels of the target organization.
  2. This has happened even to one of the best companies among us
  3. Data could be scattered on multiple places or could get it in a single place Is not confined to a bunch of tools which call them the best OSINT tool
  4. Let us forget the organizations we work with for some time
  5. http://www.mca.gov.in/mcafoportal/checkCompanyName.do
  6. https://www.tripwire.com/state-of-security/featured/operation-shadowhammer-hackers-planted-malware-code-video-games/
  7. Exactis
  8. Shodan - allows to monitor upto 16 IPs
  9. Shodan - allows to monitor upto 16 IPs
  10. hunter.io - get the email format. Is it {firstname}.{lastname}@company.com or {firstname}@company.com. If you find the pattern, with the help of LinkedIn you could actually get all emails of employees HIBP - was this email leaked in some previous breach ? If yes, can we get the credentials from the breach ?
  11. hunter.io - get the email format. Is it {firstname}.{lastname}@company.com or {firstname}@company.com. If you find the pattern, with the help of LinkedIn you could actually get all emails of employees HIBP - was this email leaked in some previous breach ? If yes, can we get the credentials from the breach ?
  12. If you find the info, contact the website to take down the info
  13. https://github.com/NaveenRudra/RTS https://github.com/DataSploit/datasploit
  14. https://github.com/NaveenRudra/RTS https://github.com/DataSploit/datasploit
  15. Know yourself Since you can look into your digital assets, make sure it is configured properly Remove DNS records when no longer used Think like an attacker Always think how the public information could be used against your company Proper compartmentation Without proper compartmentation, attackers are able to leverage information from one compromised account to access another related account. Vulnerability Management A good vuln mgmt covers all assets. Vuln mgmt tools will find easily exploitable vulns Employee awareness You cannot control the employees’ personal online accounts All you can do is give provide general awareness of how posting company data online / reusing passwords could be tragic ---- Have different accounts for different env HaveIBeenPwned - free updates --- Devils advocate (policies, Data Loss Prevention)