Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OSINT: Open Source Intelligence - Rohan Braganza

522 views

Published on

Speaker is going to conduct hands-on training on how an individual can use Open-source intelligence (OSINT) to collect data from publicly available sources. Speaker will showcase tools and techniques used in collecting information from the public sources.

https://nsconclave.net-square.com/advanced-reconnaissance-using-OSINT.html

Published in: Technology
  • Be the first to comment

OSINT: Open Source Intelligence - Rohan Braganza

  1. 1. 09/05/2018 1COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. OSINT: Open Source Intelligence By Rohan Braganza, Pradnya Karad and Zubair Khan
  2. 2. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 2 Overview -Introduction -What is OSINT -What can be gained from OSINT -How are OSINT activities carried out -What you need to know before starting out -Introduction to IP addressing and networking -DNS and whois -Some tools we will look at: - Kali linux - OSINT Framework - theHarvester - Fierce - dnsenum - Censys - shodan - builtwith - maltigo - vortimo
  3. 3. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 3 The Internet today
  4. 4. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 4 Well known services on the Internet
  5. 5. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 5 Knowledge is power So much information is out there for the taking: • About people(names, contact info., addresses, etc.) • About companies • About computers (the list is endless) • About networks • About mobile phone (phone numbers, device information…) • And many more
  6. 6. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 6 What is OSINT § The term OSINT stands for Open Source Intelligence. § It originated from within the US military agencies in the late 1980’s. § OSINT is all intelligence that is gathered from public sources such as the Internet but is not limited to digital sources. § It is intelligence that can be gathered for free. § Examples of OSINT include: - Asking questions on a search engine - Researching on public forums on how to fix your computer - Using Youtube to lookup recipes.
  7. 7. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 7 What you can learn - Collect employee full names, job roles as well as the software they use. - Review and monitor search engine information from Google (especially using Google dorks), Bing, Yahoo, and others. - Monitoring personal and corporate blogs, as well as review user activity on digital forums. - Identify all social networks used by the target user or company. - Review content available on social media like Facebook, Twitter, Google Plus, or Linkedin. - Use people data collection tools like Pipl, who will help you to reveal a lot of information about people in one place. - Access old cached data from Google – often reveal interesting information. - Exploring old versions of websites to reveal important information using sites like the wayback machine (now archive.org). - Identify mobile phone numbers, as well as email addresses from social networks, or google results. - Search for photos and videos on common social photo sharing sites. - Use google maps and other open satellite imagery sources to retrieve images of user’s geographic location. - Use tools like GeoCreepy to track down geographic location information to have a clear picture of the users' current locations
  8. 8. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 8 Questions to ask yourself before you begin • What are you looking for? • What is your main research goal? • What or who is your target? • How are you going to conduct your research?
  9. 9. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 9 IP addressing, DNS and WhoIs.
  10. 10. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 10 Introduction to…
  11. 11. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 11 • Kali is Debain based Linux distribution that is designed for digital forensics and penetration testing. • It is maintained and funded by Offensive Security. • The benefit is that all tools come installed and configured. • It contains over 600 preinstalled penetration testing programs. Kali Linux
  12. 12. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 12 OSINT framework
  13. 13. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 13 OSINT framework • OSINT Framework is a cybersecurity framework which is a collection of OSINT tools to simplify intel and data collection tasks. • This tool is mostly used by security researchers and penetration testers for digital footprinting, OSINT research, intelligence gathering, and reconnaissance. • It provides a simple web-based interface that allows you to browse different OSINT tools filtered by categories. • It also provides an excellent classification of all existing intel sources, making it a great resource for knowing what infosec areas you are neglecting to explore, or what will be the next suggested OSINT steps for your investigation. • OSINT Framework is classified based on different topics and goals. This can be easily seen while taking a look at the OSINT tree available through the web interface.
  14. 14. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 14 Gathering Email Addresses ******************************************************************* * _ _ _ * * | |_| |__ ___ / /__ _ _ ____ _____ ___| |_ ___ _ __ * * | __| _ / _ / /_/ / _` | '__ / / _ / __| __/ _ '__| * * | |_| | | | __/ / __ / (_| | | V / __/__ || __/ | * * __|_| |_|___| / /_/ __,_|_| _/ ___||___/_____|_| * * * * theHarvester 3.1.0 * * Coded by Christian Martorella * * Edge-Security Research * * cmartorella@edge-security.com * * * ******************************************************************* • theHarvester is a program that is designed to retrieve information such as email addresses, subdomains, hosts, employee names, open ports and banners from different public sources such as search engines and Shodan computer database. • It is intended to help penetration testers during the early stages of the test to understand the footprint of the customer on the Internet. • It is also helpful to anyone who wants to know what an attacker can see about their organization.
  15. 15. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 15 Fierce • Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. • It is meant specifically to locate likely targets both inside and outside a corporate network. • Because it uses DNS primarily you will often find mis- configured networks that leak internal address space. That's especially useful in targeted malware.
  16. 16. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 16 Getting DNS information: DNSEnum • DNSEnum is a multithreaded pearl script to enumerate DNS information of a domain and to discover non- contiguous IP blocks.
  17. 17. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 17 Censys • Censys is a search engine that allows researchers to quickly get answers to questions about the hosts that compose the Internet. • Censys was created by a team of security researchers. • The goal of this project is to be able to measure if Internet security was improving. • The project aims to track every reachable host on the internet and collect as much information as possible about that host.
  18. 18. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 18 Shodan • Shodan is the world’s first search engine for Internet- connected devices. • Shodan can be used to discover
  19. 19. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 19 What is BuiltWith • BuiltWith is a database that provides a way to detect technologies that a site is buit on. • It includes full detailed information about CMS such as WordPress, Joomla, and Drupal as well as full detailed Javascript and CSS libraries like jquery, bootstrap/foundation, esternal fonts, server types such as Nginx, Apache, IIS, SSL provider as well as web hosting provider used.
  20. 20. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 20 Maltego • Maltego is an amazing tool that is used to track down footprints of any target you may need to track. • Maltego allows you to launch reconnaissance tests against specific targets. • One of the best features of the product is transforms. This allows you to run different kinds of tests and data integration with external applications. • Finally, Maltigo shows you the results of specific targets, like IP, domains, AS numbers, and much more.
  21. 21. 09/05/2018 COPYRIGHT: NET SQUARE SOLUTIONS PVT. LTD. 21 Vortimo • Vortimo is a software that records information on webpages you visit. • It records pages as you go, extracts data from it and enriches the extracted data. • It allows you to tag objects of interest as well as decorating objects that it deems important. • The data is then arranged in a UI for easy review.

×