Downloaded 16 times
OpenSourceIntelligence-OSINT.pptx
- 1. Open-Source Intelligence (OSINT) -OSINT for Cybersecurity Awareness How you can use it and how others can use it against you… Reynaldo Gonzalez
- 2. Contoso S u it e s Reynaldo Gonzalez • Principal Cybersecurity Architect @ United Airlines • Cisco Academy Instructor & Trainer @ Lonestar College - CyFair • Houston Chapter Lead @ Cybersecurity Non-Profit (CSNP) • Member of Information Systems Security Association (ISSA) • Member of Infragard • M.S. in Cybersecurity @ Utica College • Alpha Phi Sigma (National Criminal Justice Honor Society) @ Utica College • B.S. in Applied Networking & System Administration @ RIT • High School STEM Volunteer for Technology About Me CCNA (R&S, Security, CyberOps) CCNP (R&S, Security) CCDA, CCDP INFOSEC, Security+, CEH OSINT Copyright of the Cybersecmentorship.org
- 3. Contoso S u it e s Any views or opinions expressed in this presentation are solely my own and do not reflect, represent, or associate to my current and previous employers including the organizations I participate in. • I cannot provide any legal advice or recommendations. • I do not condone nor encourage malicious behavior nor give permission nor authorize to do anything related to content with this presentation. • The information presented is solely for information and educational awareness. HOLD ON… OSINT Copyright of the Cybersecmentorship.org
- 4. Contoso S u it e s What is OSINT? OSINT Open-source intelligence… The collection and analysis of information gathered from public or open sources… Various definitions… “publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” “open source acquisition involves procuring verbal, written, or electronically transmitted material that can be obtained legally…” “any and all information that can be derived from overt collection: all types of media, government reports and other documents, scientific research and reports, commercial vendors of information, the Internet, and so on…” So basically…OSINT is used for finding information on anyone and anything that is free and publicly available. Source: https://en.wikipedia.org/wiki/Open-source_intelligence Copyright of the Cybersecmentorship.org
- 5. Contoso S u it e s Digital Footprint OSINT Anything you leave behind while using the Internet, anything you post (metadata), what you log into, from where, etc… Online history can potentially be seen by other people or tracked in a database Websites & Online Shopping Social Media Mobile Phones Tablets/iPads Laptops/Computers Our digital footprint matters… Passive Footprinting Tracking your ip address… Active Footprinting Logged into a site and making a post or change with a registered name… Follow the digital paper trail… Don’t need to be a hacker to find and use it. Copyright of the Cybersecmentorship.org
- 6. Contoso S u it e s Types of Work for OSINT OSINT Cyber Threat Intelligence Cyber Forensics Critical Infrastructure Law Firms Private Investigator Government Finance Telecom Interviews Cyber Analysts Ethical Hacking Penetration Testing Job Seeking/Employment Etc. Source: https://www.netsentries.com/service/osint-intelligence-gathering-and-enumeration/ Provides the opportunity for both the cyber defender and cyber attacker Copyright of the Cybersecmentorship.org
- 7. Contoso S u it e s OSINT Landscape Source: http://www.hisutton.com/OSINT_Landscape.html OSINT Copyright of the Cybersecmentorship.org
- 8. Contoso S u it e s OSINT Process OSINT Gather information – start with what you know (email, username, etc.) Define your requirements/goals – what you want to get Gather data Analyze collected data Pivot as-needed using newly gathered information Validate your assumptions Generate a report Just a few ways… Source: https://medium.com/the-first-digit/osint-how-to-find-information-on-anyone-5029a3c7fd56 Copyright of the Cybersecmentorship.org
- 9. Contoso S u it e s OSINT Framework OSINT is a type of a cybersecurity framework with many tools and techniques available. OSINT Source: https://osintframework.com/ Copyright of the Cybersecmentorship.org
- 10. Contoso S u it e s OSINT & Sock Puppets • Fictional persona can be generated for OSINT purposes – a.k.a Sock Puppets • This Person Does Not Exist • This Resume Does Not Exist • This Rental Does Not Exist • Fake Name Generator • Random User • Uniames • UK Name Generator • Random Word Generator • Elfqrin Fake ID • Behind the Name • Else Where Source: https://www.osinttechniques.com/fictional-accounts.html A social persona with a credible social history across different social media channels: -Name -Personality -Photos -Phone Number Copyright of the Cybersecmentorship.org
- 11. Contoso S u it e s Cyber Attacks Resulting from OSINT Identity Theft Social Engineering Account Take Over Data Breach/Theft Target Infiltration Password Attacks Denial of Service Google – https://google.com Shodan – https://shodan.io Censys – https://censys.io Fofa – https://fofa.so Dogpile – http://www.dogpile.com Archives – https://archive.org/ Search engines for passive reconnaissance Theharvester – https://github.com/laramies/ theHarvester Prowl – https://github.com/nettitude /prowl Haveibeenpawned – https://haveibeenpwned.co m/ Email havesting for password stuffing & social engineering attacks Aquatone - https://github.com/michenriks en/aquatone Sublister - https://github.com/aboul3la/S ublist3r DNS dumpster - https://dnsdumpster.com/ Facebook - https://developers.facebook.co m/tools/ct DNS Enumeration for finding valid subdomains (maybe left unsecure) Google Hacking Database (GHDB) Index of search queries to find public information Source: https://owasp.org/www-pdf-archive/OWASP_OSINT_Presentation.pdf OSINT Copyright of the Cybersecmentorship.org
- 12. Contoso S u it e s For the Good… • Designed to help security professionals to focus on specific areas of interest • Aids privacy minded people to learn how exposed they are • Used for ethical hacking and penetrations testing • Helps to identify external threats • Provides anonymity when conducting passive reconnaissance (Sock Puppet, VPN, TOR) • Find and fix weaknesses in organizational network On the Dark Side… • Threat actors have access to the same tools and techniques as security professionals • Identify potential targets and exploit weaknesses (target the weakest link people social engineering) • Become a victim of a sock puppet persona – you probably wouldn’t even realize it! • Aids in criminal phishing attacks and social engineering campaigns • Highly used by government intelligence agencies • Exploit sensitive information Why does OSINT matter? OSINT Copyright of the Cybersecmentorship.org
- 13. Contoso S u it e s 1. https://osintframework.com/ 2. https://www.fakenamegenerator.com/ 3. https://www.morphthing.com/ 4. https://www.exploit-db.com/google-hacking-database 5. https://tineye.com/ 6. https://www.aware-online.com/en/osint-tools/ Short OSINT Demo… OSINT Copyright of the Cybersecmentorship.org
- 14.
- 15. Contoso S u it e s Links & References • https://www.internetsociety.org/tutorials/your-digital-footprint-matters/ • https://owasp.org/www-pdf-archive/OWASP_OSINT_Presentation.pdf • https://tools.kali.org/information-gathering/osrframework • https://securitytrails.com/blog/osint-tools • https://securitytrails.com/blog/osint-framework • https://www.sentinelone.com/blog/what-is-osint-how-is-it-used/ • https://osintframework.com/ • https://www.osinttechniques.com/ • https://medium.com/the-first-digit/osint-how-to-find-information-on-anyone-5029a3c7fd56 • https://www.aware-online.com/en/osint-tutorials/ • https://osintcurio.us/2018/12/27/the-puppeteer/ • https://www.secjuice.com/the-art-of-the-sock-osint-humint/ Copyright of the Cybersecmentorship.org