Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organizations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. All recent hacks are related to internal source code disclosure, API keys leakage, known vulnerability in third party plugin, data dump leaks etc. Based on experience and robust research in this domain, for this talk the speakers have created a tool which will help all kind of organizations to monitor cyberspace effectively without much investment. This tool is simple but an effective solution which is capable of hearing digital whispers which are usually missed or ignored but shouldn’t be.
2. A Man needs a Name
Nutan Kumar Panda (@TheOsintGuy)
InfoSec Engineer eBay.inc
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/nkpanda
Real World Existence:
Gamer, Rider, Keyboard Player
3. A Man needs a Name
Sudhanshu Chauhan(@Sudhanshu_c)
Director OctoGence Technologies
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/SudhanshuC
Real World Existence:
Avid reader, Cook, traveler
4. • What is OSINT?
• Why OSINT?
• Why this weird title?
• What is the biggest problem an organization faces?
• Some recent hacks
• What are the solution available?
• Where our solution stands?
• Demo
• What else can be done with our solution?
• Q/A
5. Open Source Intelligence is the art of collecting information
which is scattered on publicly available sources. In contrast to
traditional intelligence methods, OSINT utilizes overt channels
for gathering information. The added benefit is that there is no
direct interaction with the target which substantially reduces
the chances of being caught or raising any red flags.
6. • Internet is not limited to Google Searches.
• Not even limited to search engines, social media and blogs
• Huge number of sensational hacks in recent times
Organizations getting hacked even after using so called
"sophisticated" defense mechanisms.
• Basic recon usually ignored during security assessments.
• If you SECRET is out there in the open, someone WILL find
it.
• It's just data until you leverage it to create intelligence.
7. • Tools/Techniques
which are seldom
used and are not
talked about much.
• Methods used are
not new but
effective to hear the
digital whispers
those are generally
missed or ignored
(but shouldn’t be).
10. • Commercial tools that are good but expensive for small
organizations.
• Open source tools but solving individual issues.
• A team of experts for internet monitoring.
11. • Integrating all open source solutions/freeware
solutions into one place.
• Categorized menu for all the essential steps of the
process.
• Adding futuristic solutions to make use of technology
not just to monitor real time but to make it as
sophisticated alarming system.
• Our own ideas and scripts which will help it enhancing
the already available solution or the new one to work
differently.
12.
13. There are endless possibilities, even we are yet to
explore its limits. Any Suggestions?
14. • Raghav Bisht- Configuration and Setup
• Shubham Mittal- Twitter Monitor and suggestions
• Laura Rokita- Get Tweet
• Tim Tomes- Recon-ng
• Troy Hunt- HIBP
And to the whole open source community