Uploaded bycentralohioissa
PPTX, PDF888 views

Jerod Brennen - What You Need to Know About OSINT

The document discusses Open Source Intelligence (OSINT) and its importance in penetration testing, outlining a structured process for profiling companies, individuals, and their security vulnerabilities. It highlights essential OSINT tools for research and automation while emphasizing self-defense strategies against potential security breaches. The text is aimed at providing foundational knowledge and resources for effectively utilizing OSINT in cybersecurity efforts.

Embed presentation

Downloaded 20 times
Detecting the Undetectable: What You Need to Know About OSINT
Hack all the things! Jerod Brennen, CISSP, GWAPT You can find me at: Twitter: @slandail LinkedIn: /in/slandail
Hacker, hack thyself.
Want Answers? Start With the Right Questions. ◉What the heck is OSINT? ◉What’s your process? ◉What OSINT tools should I know about? ◉How do I defend myself?
1. What the heck is OSINT? Let’s begin at the beginning.
OSINT Open Source INTelligence
Penetration Testing OSINT is a key component of the Penetration Testing Execution Standard (PTES). [Image from https://www.trustedsec.com/penetration-testing/]
2. What’s your process? Wash. Rinse. Repeat.
EDGAR U.S. Securities and Exchange Commission. Over 20 million filings for publicly traded companies. You can also split your content Google Finance Leadership, performance, news stories, external links. Step 1: Profile the Company LinkedIn Company page. Products, services, 30k foot view. Company Website Careful, here. Visits from your laptop = a record of your IP touching their web infrastructure.
LinkedIn Employee names, titles, history with the company, and technologies that the IT staff uses. You can also split your content Facebook What do they eat for lunch? (More importantly, the answers to their secret questions.) Step 2: Profile the People Twitter Who do they talk to? What do they talk about? Search Engines Google, Bing, Duck Duck Go Individual Internet footprint
In two or three columns The Wall of Shame U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Breaches Affecting 500 or More Individuals PrivacyRights.org Chronology of Data Breaches (2005 – present). Filter by source (if known), industry, and/or year. PasteBin / Cryptbin Designed to let programmers share and troubleshoot snippets of code, they’ve also become repositories for proof of breach. For example. “Here are 1,000 passwords. Send xxx bitcoins to this address for the other 49,000. Step 3: Research Previous Breaches
Mobile Apps Start with Google Play and iTunes. Download the app file (.apk, .ipa) to your testing machine, unzip it, and start poking around. If they have an app in Google Play, reverse the app back to it’s original Java source code. You can also split your content Web Infrastructure Lots to cover here, folks. Let’s save the details for the next section. Step 4: Profile the Internet-Facing Infrastructure
3. What OSINT tools do I need to know about? Automation, folks. That’s where it’s at.
Tell Me About Your Web Apps ◉ Netcraft Site Report http://toolbar.netcraft.com/site_report ◉ ICANN WHOIS https://whois.icann.org/en ◉ ARIN WHOIS-RWS https://whois.arin.net/ui/advanced.jsp ◉ Hurricane Electric BGP Toolkit http://bgp.he.net/
These Are a Few of My Favorite Things ◉ Qualys SSL Labs – SSL Server Test https://www.ssllabs.com/ssltest/ ◉ PunkSPIDER https://www.punkspider.org/ ◉ UltraTools DNS Zone Transfer Lookup https://www.ultratools.com/tools/zoneFileDump ◉ SHODAN https://www.shodan.io/
◉FOCA https://www.elevenpaths.co m/labstools/foca/index.ht ml ◉ Google Hacking http://www.hackersforcharity.o rg/ghdb/ Passive  Active
““Automation, folks. That’s where it’s at.” – Jerod Brennen, just a few minutes ago
◉Maltego https://www.paterva.com/w eb6/products/maltego.php ◉ recon-ng https://bitbucket.org/LaNMaSt eR53/recon-ng Replace Yourself With a Very Small Shell Script
4. How do I defend myself? Sitting under your desk and crying is not an option.
Riddle Me This, Batman… How much of what we’ve discussed would trigger an alert in your IDS/IPS?
◉ Unauthorized ports open on Shodan? Close them. ◉ Web app vulnerabilities on PunkSPIDER? Fix them. ◉ Zone transfers were successful? Disable them. ◉ Passwords on Pastebin? Change them. ◉ Users oversharing on social media? Train them. Let’s Not Overcomplicate Things
Would You Like to Know More? ◉Online Strategies http://www.onstrat.com/osint/ ◉Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page ◉IT Security Career http://www.itsecuritycareer.com/blog/what-you-dont-know- about-osint-can-hurt-you/
Thanks! ANY QUESTIONS? You can find me at: Twitter: @slandail LinkedIn: /in/slandail

More Related Content

PPTX
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 
PPTX
Jason Samide - State of Security & 2016 Predictions
bycentralohioissa
 
PPTX
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
byShawn Tuma
 
PPTX
Crowd-Sourced Threat Intelligence
byAlienVault
 
PPTX
Red team Engagement
byIndranil Banerjee
 
PPTX
An Introduction To IT Security And Privacy In Libraries
byBlake Carver
 
PDF
Zero-Knowledge Proofs: Identity Proofing and Authentication
byClare Nelson, CISSP, CIPP-E
 
PPTX
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
byClare Nelson, CISSP, CIPP-E
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
bycentralohioissa
 
Jason Samide - State of Security & 2016 Predictions
bycentralohioissa
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
byShawn Tuma
 
Crowd-Sourced Threat Intelligence
byAlienVault
 
Red team Engagement
byIndranil Banerjee
 
An Introduction To IT Security And Privacy In Libraries
byBlake Carver
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
byClare Nelson, CISSP, CIPP-E
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
byClare Nelson, CISSP, CIPP-E
 

What's hot

PPT
3 Hkcert Trend
bySC Leung
 
PPTX
An Introduction To IT Security And Privacy In Libraries & Anywhere
byBlake Carver
 
PDF
Is AI going to provide safety for us?
byDLabs
 
PPTX
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
byClare Nelson, CISSP, CIPP-E
 
PDF
Ransomware ly
byLisa Young
 
PPTX
Attack Vectors in Biometric Recognition Systems
byClare Nelson, CISSP, CIPP-E
 
PPT
Mark Arena - Cyber Threat Intelligence #uisgcon9
byUISGCON
 
PPTX
Maltego Webinar Slides
byThreatConnect
 
PPTX
Targeted attacks
byBarry Shteiman
 
PDF
Cyber Forensics & Challenges
byDeepak Kumar (D3)
 
PPTX
An Introduction To IT Security And Privacy - Servers And More
byBlake Carver
 
PPTX
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
byClare Nelson, CISSP, CIPP-E
 
PDF
Threat Hunting Report
byMorane Decriem
 
PDF
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
bySSIMeetup
 
PPT
Hacking
byPurohit Rock
 
PPT
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
byUISGCON
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PPTX
Cyber threat intelligence: maturity and metrics
byMark Arena
 
PPTX
Common Techniques To Identify Advanced Persistent Threat (APT)
byYuval Sinay, CISSP, C|CISO
 
PDF
Welcome to the world of Cyber Threat Intelligence
byAndreas Sfakianakis
 
3 Hkcert Trend
bySC Leung
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
byBlake Carver
 
Is AI going to provide safety for us?
byDLabs
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
byClare Nelson, CISSP, CIPP-E
 
Ransomware ly
byLisa Young
 
Attack Vectors in Biometric Recognition Systems
byClare Nelson, CISSP, CIPP-E
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
byUISGCON
 
Maltego Webinar Slides
byThreatConnect
 
Targeted attacks
byBarry Shteiman
 
Cyber Forensics & Challenges
byDeepak Kumar (D3)
 
An Introduction To IT Security And Privacy - Servers And More
byBlake Carver
 
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
byClare Nelson, CISSP, CIPP-E
 
Threat Hunting Report
byMorane Decriem
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
bySSIMeetup
 
Hacking
byPurohit Rock
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
byUISGCON
 
Threat Intelligence
byDeepak Kumar (D3)
 
Cyber threat intelligence: maturity and metrics
byMark Arena
 
Common Techniques To Identify Advanced Persistent Threat (APT)
byYuval Sinay, CISSP, C|CISO
 
Welcome to the world of Cyber Threat Intelligence
byAndreas Sfakianakis
 

Similar to Jerod Brennen - What You Need to Know About OSINT

PDF
What you need to know about OSINT
byJerod Brennen
 
PDF
OWASP_OSINT_Presentation.pdf
bynetisBin
 
PPT
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
PDF
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
byChris Gates
 
PDF
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
PDF
Advanced Threats and Lateral Movement Detection
byGreg Foss
 
PPTX
OpenSourceIntelligence-OSINT.pptx
byanonymousanonymous428352
 
PDF
Osint
byKamal Rathaur
 
PDF
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
byfangjiafu
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
Let’s hunt the target using OSINT
byChandrapal Badshah
 
PDF
DECEPTICONv2
by👀 Joe Gray
 
PDF
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
DOCX
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
PDF
Top Security Challenges Facing Credit Unions Today
byChris Gates
 
PPTX
DEF CON 23 - Hacking Web Apps @brentwdesign
bybrentwdesign
 
PPTX
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
PDF
What makes OSINT Methodologies Vital for Penetration Testing?
byZoe Gilbert
 
PDF
How to Use OSINT and Web Scraping for Data Collection.pdf
byStefan Smiljkovic
 
PPTX
Hacking - Breaking Into It
byCTruncer
 
What you need to know about OSINT
byJerod Brennen
 
OWASP_OSINT_Presentation.pdf
bynetisBin
 
Owasp osint presentation - by adam nurudini
byAdam Nurudini
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
byChris Gates
 
From OSINT to Phishing presentation
byJesse Ratcliffe, OSCP
 
Advanced Threats and Lateral Movement Detection
byGreg Foss
 
OpenSourceIntelligence-OSINT.pptx
byanonymousanonymous428352
 
Osint
byKamal Rathaur
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
byfangjiafu
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
Let’s hunt the target using OSINT
byChandrapal Badshah
 
DECEPTICONv2
by👀 Joe Gray
 
CEH Module 2 Footprinting CEH V13, concepts
byammarhassan185568
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
Top Security Challenges Facing Credit Unions Today
byChris Gates
 
DEF CON 23 - Hacking Web Apps @brentwdesign
bybrentwdesign
 
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
What makes OSINT Methodologies Vital for Penetration Testing?
byZoe Gilbert
 
How to Use OSINT and Web Scraping for Data Collection.pdf
byStefan Smiljkovic
 
Hacking - Breaking Into It
byCTruncer
 

More from centralohioissa

PPTX
Mike Spaulding - Building an Application Security Program
bycentralohioissa
 
PPTX
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
bycentralohioissa
 
PPTX
Bob West - Educating the Board of Directors
bycentralohioissa
 
PDF
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
PPTX
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
PPTX
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
bycentralohioissa
 
PPTX
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
PPTX
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
PPTX
Tre Smith - From Decision to Implementation: Who's On First?
bycentralohioissa
 
PDF
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
PPTX
Sean Whalen - How to Hack a Hospital
bycentralohioissa
 
PDF
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
PPTX
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
bycentralohioissa
 
PDF
Rafeeq Rehman - Breaking the Phishing Attack Chain
bycentralohioissa
 
PDF
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
PPTX
Jack Nichelson - Information Security Metrics - Practical Security Metrics
bycentralohioissa
 
PPTX
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
bycentralohioissa
 
PDF
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 
PDF
Ofer Maor - Security Automation in the SDLC - Real World Cases
bycentralohioissa
 
PPTX
Jim Libersky: Cyber Security - Super Bowl 50
bycentralohioissa
 
Mike Spaulding - Building an Application Security Program
bycentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
bycentralohioissa
 
Bob West - Educating the Board of Directors
bycentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
bycentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
bycentralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
bycentralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
bycentralohioissa
 
Sean Whalen - How to Hack a Hospital
bycentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
bycentralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
bycentralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
bycentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
bycentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
bycentralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
bycentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
bycentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
bycentralohioissa
 

Recently uploaded

PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
AI Technology important knowledge ......
byutkarshj2007
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
The year in review - MarvelClient in 2025
bypanagenda
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 

Jerod Brennen - What You Need to Know About OSINT

  • 1.
    Detecting the Undetectable: WhatYou Need to Know About OSINT
  • 2.
    Hack all thethings! Jerod Brennen, CISSP, GWAPT You can find me at: Twitter: @slandail LinkedIn: /in/slandail
  • 3.
  • 4.
    Want Answers? StartWith the Right Questions. ◉What the heck is OSINT? ◉What’s your process? ◉What OSINT tools should I know about? ◉How do I defend myself?
  • 5.
    1. What the heckis OSINT? Let’s begin at the beginning.
  • 6.
  • 7.
    Penetration Testing OSINT isa key component of the Penetration Testing Execution Standard (PTES). [Image from https://www.trustedsec.com/penetration-testing/]
  • 8.
  • 9.
    EDGAR U.S. Securities andExchange Commission. Over 20 million filings for publicly traded companies. You can also split your content Google Finance Leadership, performance, news stories, external links. Step 1: Profile the Company LinkedIn Company page. Products, services, 30k foot view. Company Website Careful, here. Visits from your laptop = a record of your IP touching their web infrastructure.
  • 10.
    LinkedIn Employee names, titles,history with the company, and technologies that the IT staff uses. You can also split your content Facebook What do they eat for lunch? (More importantly, the answers to their secret questions.) Step 2: Profile the People Twitter Who do they talk to? What do they talk about? Search Engines Google, Bing, Duck Duck Go Individual Internet footprint
  • 11.
    In two orthree columns The Wall of Shame U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Breaches Affecting 500 or More Individuals PrivacyRights.org Chronology of Data Breaches (2005 – present). Filter by source (if known), industry, and/or year. PasteBin / Cryptbin Designed to let programmers share and troubleshoot snippets of code, they’ve also become repositories for proof of breach. For example. “Here are 1,000 passwords. Send xxx bitcoins to this address for the other 49,000. Step 3: Research Previous Breaches
  • 12.
    Mobile Apps Start withGoogle Play and iTunes. Download the app file (.apk, .ipa) to your testing machine, unzip it, and start poking around. If they have an app in Google Play, reverse the app back to it’s original Java source code. You can also split your content Web Infrastructure Lots to cover here, folks. Let’s save the details for the next section. Step 4: Profile the Internet-Facing Infrastructure
  • 13.
    3. What OSINT toolsdo I need to know about? Automation, folks. That’s where it’s at.
  • 14.
    Tell Me AboutYour Web Apps ◉ Netcraft Site Report http://toolbar.netcraft.com/site_report ◉ ICANN WHOIS https://whois.icann.org/en ◉ ARIN WHOIS-RWS https://whois.arin.net/ui/advanced.jsp ◉ Hurricane Electric BGP Toolkit http://bgp.he.net/
  • 15.
    These Are aFew of My Favorite Things ◉ Qualys SSL Labs – SSL Server Test https://www.ssllabs.com/ssltest/ ◉ PunkSPIDER https://www.punkspider.org/ ◉ UltraTools DNS Zone Transfer Lookup https://www.ultratools.com/tools/zoneFileDump ◉ SHODAN https://www.shodan.io/
  • 16.
  • 17.
    ““Automation, folks. That’swhere it’s at.” – Jerod Brennen, just a few minutes ago
  • 18.
  • 19.
    4. How do Idefend myself? Sitting under your desk and crying is not an option.
  • 20.
    Riddle Me This,Batman… How much of what we’ve discussed would trigger an alert in your IDS/IPS?
  • 21.
    ◉ Unauthorized portsopen on Shodan? Close them. ◉ Web app vulnerabilities on PunkSPIDER? Fix them. ◉ Zone transfers were successful? Disable them. ◉ Passwords on Pastebin? Change them. ◉ Users oversharing on social media? Train them. Let’s Not Overcomplicate Things
  • 22.
    Would You Liketo Know More? ◉Online Strategies http://www.onstrat.com/osint/ ◉Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page ◉IT Security Career http://www.itsecuritycareer.com/blog/what-you-dont-know- about-osint-can-hurt-you/
  • 23.
    Thanks! ANY QUESTIONS? You canfind me at: Twitter: @slandail LinkedIn: /in/slandail