Tom Eston, profile picture
Uploaded byTom Eston
28,173 views

Enterprise Open Source Intelligence Gathering

The document discusses open source intelligence (OSINT), focusing on methods for gathering, monitoring, and removing information related to companies from various online sources. It highlights the importance of understanding metadata, monitoring social media, and formulating an internet posting policy for employees. The document offers practical tools and strategies, as well as recommendations for effective monitoring and handling of online presence.

Embed presentation

Enterprise Open Source Intelligence Gathering Tom Eston
Open source intelligence (OSINT) is a form of intelligence collection management...
Open source intelligence (OSINT) is a form of intelligence collection management... ...involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. - wikipedia
What do the Internets say?
18% had a data loss event via blog or message board... - Proofpoint, Inc. 2009 Survey
18% had a data loss event via blog or message board... 11% in 2008 - Proofpoint, Inc. 2009 Survey
17% experienced data loss related to social networks... - Proofpoint, Inc. 2009 Survey
17% experienced data loss related to social networks... 12 % in 2008 - Proofpoint, Inc. 2009 Survey
“A brand is the personification of a product, service, or even entire company.” - Robert Blanchard, former P&G executive
5 things you will learn • What is out there on your company? • Metadata • Removal of Internet postings, metadata • Setting up a simple (cheap) monitoring program • Building a Internet Posting Policy
What gets posted? • Customer and Employee Complaints • Exposure of Confidential Information • Security Vulnerabilities
Customer Complaints
Employee Complaints
FAIL
Exposure of Confidential Information
What about Vulnerabilities?
Things you wouldn't expect...
Where does this information get posted? ...and how to find it!
Social Networks
300 Million Users 110 Million Users 40 Million Users Grew 752% in 2008
Finding Information on Social Networks • Socnet Search Engines • Maltego (Twitter/Facebook) • RSS feeds/Google Hacks • Google Alerts + Google Reader = WIN • Manual Searching • Facebook status updates
Socnet Search Engines • Wink, Spock, Twoogle, Knowem, WhosTalkin (there are many more, see my blog post) • Twitter Search • Social Bookmark Sites • Delicious, StumbleUpon • Don’t forget about photos/video! • Flickr Photo Search • YouTube and Vimeo Video Search
Maltego + Mesh = WIN *Screen shot from the “Maltego and Twitter!” post on paterva.com
Searching Facebook • Good: Maltego Facebook Transform (violates TOS) ** No longer working! :-( • Better: Login and use the search! FB doesn’t make status updates public...yet. • Best: site:facebook.com inurl:group (bofa | "bank of america") = Groups • inurl:pages = Facebook Pages • allinurl: people "John Doe" site:facebook.com = Public Profiles • Yahoo! Pipe for Facebook Groups: Facebook Discussion Board RSS Feed • Create Google Alert(s)
Searching LinkedIn • Similar to Facebook • Google dorks • site:linkedin.com inurl:pub (bofa | "bank of america") = Public Profiles • inurl:updates = Profile Updates • inurl:companies = Company Profiles
Blogs and News • Blogpulse, Technoratti, IceRocket • Social Mention (Search Engine for blogs, comments) • Google/Yahoo News
Document Repositories • DocStoc • Scribd • SlideShare • PDF Search Engine
Message Boards • Internet Forums (yes, even 4chan) • Craigslist • Full Disclosure Mailing List (vulnerabilities) • Google Groups/Yahoo Groups
All your metadata are belong to us...
What is Metadata? • Metadata = Data that describes Data • Catalog, index files, documents and more • Often overlooked by: • Document/File Creators • Your Company
Why do we care? • Can expose potential vulnerable software/ hardware in use! (client side attack) • OS and version numbers • Location information (GPS from smartphones) • User names, naming schemes, file paths
Where do you find it? • Microsoft Office Documents • PDF • JPEG’s (photos) • Other file types
Metadata is everywhere!
How do you find it? • Google • Document Repositories • Wget to download photos (many other tools) • Your Company Website
Tools to analyze Metadata • EXIFtool (cmd line or GUI) • Maltego • Metagoofil • Metadata Extraction Tool • FOCA
Real World Example
Removing Internet Postings and Metadata
Removing posts from the Internet • Hard, but not impossible. Search Engine Cache FTL • Submit request to Search Engines to remove (there are multiple) • Legal team involvement, especially w/ socnets
Metadata Removal Techniques • MS Office Documents • Office 2002/03: CMD Line app “Remove Hidden Data” (Offrhd.exe) • Office 2007: Document Inspector • EXIFtool (photos) • Can be scripted to auto remove
Metadata Removal Continued... • PDFs: File -> Document Properties • EXIFtool • Many third-party tools! ($)
Setting up a monitoring program
What do you want to monitor? • Impossible to monitor everything! • Pick the most popular social networks, news sites, blogs, forums... • Monitoring should be defined with your PR/Marketing groups!
Free Tools • Yahoo! Pipes (mashups) • RSS Feeds/RSS Reader Google Reader FTW • Maltego (community version) Good for defining relationships, not automated • Maltego for specific searching when you need “more details”
Yahoo! Pipes
Google Reader RSS
What works best? • Assign someone! (someone in infosec, social media skill sets) • Create RSS Feeds from identified sites • Utilize Yahoo! Pipes, create RSS from pipes • Monitor w/Google Reader • Sites you can’t monitor automatically...determine manual methods. Build this into your Incident Response Procedures!
Building a Internet Posting Policy
Define your Social Media Strategy • Partner with Marketing/Public Relations/HR • What is acceptable for employees to post? • At work/off work • Employees have mobile devices, home computers!
Define what gets monitored? • Difficult or impossible to monitor everything • Determine with your partners what should be monitored • Careful with policy conflicts!
Cisco Example
Intel Example
Communicate to your employees! How can you enforce a policy if employees don’t know about it?
Where to learn more? • Great paper on Metadata (SANS Reading Room): “Document Metadata, the Silent Killer” - Larry Pesce • Maltego Tutorials: Chris Gates, EthicalHacker.net • My blog: spylogic.net
OSINT 3 Part Series • All the details from this presentation! • Part 1 - Social Networks http://bit.ly/osint1 • Part 2 - Blogs, Message Boards, Metadata http://bit.ly/osint2 • Part 3 - Monitoring, Social Media Policies http://bit.ly/osint3
Enterprise Open Source Intelligence Gathering

More Related Content

PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PPT
Open source intelligence
bybalakumaran779
 
PDF
OSINT for Attack and Defense
byAndrew McNicol
 
PDF
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
PDF
Offensive OSINT
byChristian Martorella
 
PDF
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
PDF
Threat Hunting Report
byMorane Decriem
 
PDF
Open source intelligence information gathering (OSINT)
byphexcom1
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
Open source intelligence
bybalakumaran779
 
OSINT for Attack and Defense
byAndrew McNicol
 
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
Offensive OSINT
byChristian Martorella
 
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
Threat Hunting Report
byMorane Decriem
 
Open source intelligence information gathering (OSINT)
byphexcom1
 

What's hot

PDF
Windows Threat Hunting
byGIBIN JOHN
 
PDF
Osint presentation nov 2019
byPriyanka Aash
 
PPT
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PDF
What is Open Source Intelligence (OSINT)
byMolfar
 
PDF
Cyber Threat Intelligence
byseadeloitte
 
PPTX
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
PPTX
How to Use Open Source Intelligence (OSINT) in Investigations
byCase IQ
 
PPTX
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 
PPTX
Cyber threat intelligence: maturity and metrics
byMark Arena
 
PDF
Cyber Threat Intelligence
byMarlabs
 
PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
PPTX
Social engineering
byMaulik Kotak
 
PDF
Purple Team Exercises - GRIMMCon
byJorge Orchilles
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
PPTX
Osint {open source intelligence }
byAkshayJha40
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
PPTX
The Dark Web
bySuraj Jaundoo
 
PPTX
What is zero trust model (ztm)
byAhmed Banafa
 
Windows Threat Hunting
byGIBIN JOHN
 
Osint presentation nov 2019
byPriyanka Aash
 
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
What is Open Source Intelligence (OSINT)
byMolfar
 
Cyber Threat Intelligence
byseadeloitte
 
Tools for Open Source Intelligence (OSINT)
bySudhanshu Chauhan
 
How to Use Open Source Intelligence (OSINT) in Investigations
byCase IQ
 
OSINT: Open Source Intelligence gathering
byJeremiah Tillman
 
Cyber threat intelligence: maturity and metrics
byMark Arena
 
Cyber Threat Intelligence
byMarlabs
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
Social engineering
byMaulik Kotak
 
Purple Team Exercises - GRIMMCon
byJorge Orchilles
 
Cyber Threat Intelligence
bymohamed nasri
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
Osint {open source intelligence }
byAkshayJha40
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
The Dark Web
bySuraj Jaundoo
 
What is zero trust model (ztm)
byAhmed Banafa
 

Similar to Enterprise Open Source Intelligence Gathering

PDF
Open Source Information Gathering Brucon Edition
byChris Gates
 
KEY
Tactical Information Gathering
byChristian Martorella
 
PDF
A fresh new look into Information Gathering - OWASP Spain
byChristian Martorella
 
PDF
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
byMike Kujawski
 
PPTX
hacking techniques and intrusion techniques useful in OSINT.pptx
bysconalbg
 
PPT
Social mobile safety
byErnest Staats
 
PDF
Osint ashish mistry
byn|u - The Open Security Community
 
PDF
Gates Toorcon X New School Information Gathering
byChris Gates
 
PDF
Advanced Research Investigations for SIU Investigators
bySloan Carne
 
PDF
Privacy, Ethics, and Future Uses of the Social Web
byMatthew Russell
 
KEY
Social Networks - The Good and the Bad
byXavier Mertens
 
PPTX
Risk Assessment of Social Media Use v3.01
byovercertified
 
PPT
"Using Web 2.0 as a Weapon Against Corruption"
byJ T "Tom" Johnson
 
PDF
Keeping Tabs on the Competition
byResearch Edge
 
PPTX
A brief of Osint and its uses in cyber crime.pptx
byBhaskarRanjan7
 
PPTX
Internet Privacy
byrealpeterz
 
PDF
Infocom Security
bymmavis
 
PDF
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
PDF
Online Privacy, the next Battleground
bySensePost
 
PDF
Osint part 1_personal_privacy
bySandra (Sandy) Dunn
 
Open Source Information Gathering Brucon Edition
byChris Gates
 
Tactical Information Gathering
byChristian Martorella
 
A fresh new look into Information Gathering - OWASP Spain
byChristian Martorella
 
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
byMike Kujawski
 
hacking techniques and intrusion techniques useful in OSINT.pptx
bysconalbg
 
Social mobile safety
byErnest Staats
 
Osint ashish mistry
byn|u - The Open Security Community
 
Gates Toorcon X New School Information Gathering
byChris Gates
 
Advanced Research Investigations for SIU Investigators
bySloan Carne
 
Privacy, Ethics, and Future Uses of the Social Web
byMatthew Russell
 
Social Networks - The Good and the Bad
byXavier Mertens
 
Risk Assessment of Social Media Use v3.01
byovercertified
 
"Using Web 2.0 as a Weapon Against Corruption"
byJ T "Tom" Johnson
 
Keeping Tabs on the Competition
byResearch Edge
 
A brief of Osint and its uses in cyber crime.pptx
byBhaskarRanjan7
 
Internet Privacy
byrealpeterz
 
Infocom Security
bymmavis
 
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
Online Privacy, the next Battleground
bySensePost
 
Osint part 1_personal_privacy
bySandra (Sandy) Dunn
 

More from Tom Eston

PDF
Privacy Exposed: Ramifications of Social Media and Mobile Technology
byTom Eston
 
PDF
Cash is King: Who's Wearing Your Crown?
byTom Eston
 
PDF
Social Zombies: Rise of the Mobile Dead
byTom Eston
 
PDF
The Android vs. Apple iOS Security Showdown
byTom Eston
 
PDF
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
byTom Eston
 
PDF
Smart Bombs: Mobile Vulnerability and Exploitation
byTom Eston
 
PDF
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
byTom Eston
 
PDF
Attacking and Defending Apple iOS Devices
byTom Eston
 
PDF
Social Zombies Gone Wild: Totally Exposed and Uncensored
byTom Eston
 
PDF
Social Zombies II: Your Friends Need More Brains
byTom Eston
 
KEY
Staying Safe & Secure on Twitter
byTom Eston
 
KEY
New School Man-in-the-Middle
byTom Eston
 
KEY
Rise of the Autobots: Into the Underground of Social Network Bots
byTom Eston
 
PPT
Information Gathering With Maltego
byTom Eston
 
PPT
Automated Penetration Testing With Core Impact
byTom Eston
 
PPT
Automated Penetration Testing With The Metasploit Framework
byTom Eston
 
PPT
Physical Security Assessments
byTom Eston
 
PDF
Online Social Networks: 5 threats and 5 ways to use them safely
byTom Eston
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
byTom Eston
 
Cash is King: Who's Wearing Your Crown?
byTom Eston
 
Social Zombies: Rise of the Mobile Dead
byTom Eston
 
The Android vs. Apple iOS Security Showdown
byTom Eston
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
byTom Eston
 
Smart Bombs: Mobile Vulnerability and Exploitation
byTom Eston
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
byTom Eston
 
Attacking and Defending Apple iOS Devices
byTom Eston
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
byTom Eston
 
Social Zombies II: Your Friends Need More Brains
byTom Eston
 
Staying Safe & Secure on Twitter
byTom Eston
 
New School Man-in-the-Middle
byTom Eston
 
Rise of the Autobots: Into the Underground of Social Network Bots
byTom Eston
 
Information Gathering With Maltego
byTom Eston
 
Automated Penetration Testing With Core Impact
byTom Eston
 
Automated Penetration Testing With The Metasploit Framework
byTom Eston
 
Physical Security Assessments
byTom Eston
 
Online Social Networks: 5 threats and 5 ways to use them safely
byTom Eston
 

Recently uploaded

PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 

Enterprise Open Source Intelligence Gathering

  • 1.
  • 2.
    Open source intelligence(OSINT) is a form of intelligence collection management...
  • 3.
    Open source intelligence(OSINT) is a form of intelligence collection management... ...involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. - wikipedia
  • 4.
    What do theInternets say?
  • 5.
    18% had adata loss event via blog or message board... - Proofpoint, Inc. 2009 Survey
  • 6.
    18% had adata loss event via blog or message board... 11% in 2008 - Proofpoint, Inc. 2009 Survey
  • 7.
    17% experienced data loss related tosocial networks... - Proofpoint, Inc. 2009 Survey
  • 8.
    17% experienced data loss related tosocial networks... 12 % in 2008 - Proofpoint, Inc. 2009 Survey
  • 9.
    “A brand isthe personification of a product, service, or even entire company.” - Robert Blanchard, former P&G executive
  • 10.
    5 things youwill learn • What is out there on your company? • Metadata • Removal of Internet postings, metadata • Setting up a simple (cheap) monitoring program • Building a Internet Posting Policy
  • 11.
    What gets posted? •Customer and Employee Complaints • Exposure of Confidential Information • Security Vulnerabilities
  • 12.
  • 13.
  • 17.
  • 18.
  • 19.
  • 23.
  • 25.
    Where does this informationget posted? ...and how to find it!
  • 26.
  • 27.
    300 Million Users 110Million Users 40 Million Users Grew 752% in 2008
  • 28.
    Finding Information on Social Networks • Socnet Search Engines • Maltego (Twitter/Facebook) • RSS feeds/Google Hacks • Google Alerts + Google Reader = WIN • Manual Searching • Facebook status updates
  • 29.
    Socnet Search Engines • Wink, Spock, Twoogle, Knowem, WhosTalkin (there are many more, see my blog post) • Twitter Search • Social Bookmark Sites • Delicious, StumbleUpon • Don’t forget about photos/video! • Flickr Photo Search • YouTube and Vimeo Video Search
  • 30.
    Maltego + Mesh= WIN *Screen shot from the “Maltego and Twitter!” post on paterva.com
  • 31.
    Searching Facebook • Good: Maltego Facebook Transform (violates TOS) ** No longer working! :-( • Better: Login and use the search! FB doesn’t make status updates public...yet. • Best: site:facebook.com inurl:group (bofa | "bank of america") = Groups • inurl:pages = Facebook Pages • allinurl: people "John Doe" site:facebook.com = Public Profiles • Yahoo! Pipe for Facebook Groups: Facebook Discussion Board RSS Feed • Create Google Alert(s)
  • 32.
    Searching LinkedIn • Similarto Facebook • Google dorks • site:linkedin.com inurl:pub (bofa | "bank of america") = Public Profiles • inurl:updates = Profile Updates • inurl:companies = Company Profiles
  • 33.
    Blogs and News •Blogpulse, Technoratti, IceRocket • Social Mention (Search Engine for blogs, comments) • Google/Yahoo News
  • 34.
    Document Repositories • DocStoc •Scribd • SlideShare • PDF Search Engine
  • 35.
    Message Boards • InternetForums (yes, even 4chan) • Craigslist • Full Disclosure Mailing List (vulnerabilities) • Google Groups/Yahoo Groups
  • 36.
    All your metadataare belong to us...
  • 37.
    What is Metadata? •Metadata = Data that describes Data • Catalog, index files, documents and more • Often overlooked by: • Document/File Creators • Your Company
  • 38.
    Why do wecare? • Can expose potential vulnerable software/ hardware in use! (client side attack) • OS and version numbers • Location information (GPS from smartphones) • User names, naming schemes, file paths
  • 39.
    Where do youfind it? • Microsoft Office Documents • PDF • JPEG’s (photos) • Other file types
  • 40.
  • 41.
    How do youfind it? • Google • Document Repositories • Wget to download photos (many other tools) • Your Company Website
  • 42.
    Tools to analyze Metadata • EXIFtool (cmd line or GUI) • Maltego • Metagoofil • Metadata Extraction Tool • FOCA
  • 43.
  • 46.
  • 47.
    Removing posts from the Internet • Hard, but not impossible. Search Engine Cache FTL • Submit request to Search Engines to remove (there are multiple) • Legal team involvement, especially w/ socnets
  • 48.
    Metadata Removal Techniques • MS Office Documents • Office 2002/03: CMD Line app “Remove Hidden Data” (Offrhd.exe) • Office 2007: Document Inspector • EXIFtool (photos) • Can be scripted to auto remove
  • 49.
    Metadata Removal Continued... • PDFs: File -> Document Properties • EXIFtool • Many third-party tools! ($)
  • 50.
    Setting up amonitoring program
  • 51.
    What do youwant to monitor? • Impossible to monitor everything! • Pick the most popular social networks, news sites, blogs, forums... • Monitoring should be defined with your PR/Marketing groups!
  • 52.
    Free Tools • Yahoo!Pipes (mashups) • RSS Feeds/RSS Reader Google Reader FTW • Maltego (community version) Good for defining relationships, not automated • Maltego for specific searching when you need “more details”
  • 53.
  • 54.
  • 55.
    What works best? • Assign someone! (someone in infosec, social media skill sets) • Create RSS Feeds from identified sites • Utilize Yahoo! Pipes, create RSS from pipes • Monitor w/Google Reader • Sites you can’t monitor automatically...determine manual methods. Build this into your Incident Response Procedures!
  • 56.
    Building a Internet Posting Policy
  • 57.
    Define your Social Media Strategy • Partner with Marketing/Public Relations/HR • What is acceptable for employees to post? • At work/off work • Employees have mobile devices, home computers!
  • 58.
    Define what gets monitored? • Difficult or impossible to monitor everything • Determine with your partners what should be monitored • Careful with policy conflicts!
  • 59.
  • 60.
  • 61.
    Communicate to your employees! How can you enforce a policy if employees don’t know about it?
  • 62.
    Where to learnmore? • Great paper on Metadata (SANS Reading Room): “Document Metadata, the Silent Killer” - Larry Pesce • Maltego Tutorials: Chris Gates, EthicalHacker.net • My blog: spylogic.net
  • 63.
    OSINT 3 PartSeries • All the details from this presentation! • Part 1 - Social Networks http://bit.ly/osint1 • Part 2 - Blogs, Message Boards, Metadata http://bit.ly/osint2 • Part 3 - Monitoring, Social Media Policies http://bit.ly/osint3

Editor's Notes

  • #7 How many of us as security professionals think of reputational issues in regards to the company brand?