OSINT Black Magic: Listen who whispers your name in the dark!!!
•Download as PPTX, PDF•
2 likes•1,224 views
Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organizations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. All recent hacks are related to internal source code disclosure, API keys leakage, known vulnerability in third party plugin, data dump leaks etc. Based on experience and robust research in this domain, for this talk the speakers have created a tool which will help all kind of organizations to monitor cyberspace effectively without much investment. This tool is simple but an effective solution which is capable of hearing digital whispers which are usually missed or ignored but shouldn’t be.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to OSINT Black Magic: Listen who whispers your name in the dark!!!
Similar to OSINT Black Magic: Listen who whispers your name in the dark!!! (20)
More from Nutan Kumar Panda
More from Nutan Kumar Panda (14)
Recently uploaded
Recently uploaded (20)
OSINT Black Magic: Listen who whispers your name in the dark!!!
- 1. Listen who whispers your name in the dark!!! OSINT Black Magic:
- 2. A Man needs a Name Nutan Kumar Panda (@TheOsintGuy) InfoSec Engineer eBay.inc OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/nkpanda Real World Existence: Gamer, Rider, Keyboard Player
- 3. A Man needs a Name Sudhanshu Chauhan(@Sudhanshu_c) Director OctoGence Technologies OSINT Enthusiast Co-Author: Hacking Web Intelligence https://github.com/SudhanshuC Real World Existence: Avid reader, Cook, traveler
- 4. • What is OSINT? • Why OSINT? • Why this weird title? • What is the biggest problem an organization faces? • Some recent hacks • What are the solution available? • Where our solution stands? • Demo • What else can be done with our solution? • Q/A
- 5. Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
- 6. • Internet is not limited to Google Searches. • Not even limited to search engines, social media and blogs • Huge number of sensational hacks in recent times Organizations getting hacked even after using so called "sophisticated" defense mechanisms. • Basic recon usually ignored during security assessments. • If you SECRET is out there in the open, someone WILL find it. • It's just data until you leverage it to create intelligence.
- 7. • Tools/Techniques which are seldom used and are not talked about much. • Methods used are not new but effective to hear the digital whispers those are generally missed or ignored (but shouldn’t be).
- 8. Sensitive Information Hard coded keys in Github Credential leaks in Pastebin 0-days sold in darknet Hack info in micro blog Corporate email credentials Open Bugs or ports
- 10. • Commercial tools that are good but expensive for small organizations. • Open source tools but solving individual issues. • A team of experts for internet monitoring.
- 11. • Integrating all open source solutions/freeware solutions into one place. • Categorized menu for all the essential steps of the process. • Adding futuristic solutions to make use of technology not just to monitor real time but to make it as sophisticated alarming system. • Our own ideas and scripts which will help it enhancing the already available solution or the new one to work differently.
- 13. There are endless possibilities, even we are yet to explore its limits. Any Suggestions?
- 14. • Raghav Bisht- Configuration and Setup • Shubham Mittal- Twitter Monitor and suggestions • Laura Rokita- Get Tweet • Tim Tomes- Recon-ng • Troy Hunt- HIBP And to the whole open source community
- 15. • http://orig03.deviantart.net/919e/f/2012/252/a/7/black_magic_dive_by_firefrank- d5e6pst.jpg • http://www.lovesamrat.com/images/black1.jpg • http://www.zdnet.com/article/stolen-us-government-passwords-leaked-across-web/ • http://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are- growing-cause-concern/analysis/2015/01/05 • http://thehackernews.com/2015/02/mongodb-database-hacking.html • http://spellshelp.com/upload/medialibrary/e0b/e0b3bd034aaea1136c9de5f97a364d9d.jpg • http://www.bestastrosolution.com/images/BlackMagic.jpg
Editor's Notes
- Any of these solutions wont solve the purpose of individual or mid level company