5

I know about threat intelligence services. I've also read definitions of OSINT but I can't get a tangible feeling of what it actually is.

  • What are some examples of OSINT services (apart from blacklisted IPs and malware C2s)?

  • How is OSINT different from threat intelligence services? (Is it just the source of data that is different?)

  • What types of services go under the OSINT title?

freginold
  • 165
  • 6
Silverfox
  • 3,369
  • 2
  • 19
  • 39

1 Answers1

6

Open Source Intelligence is the operation of gathering information about target, from publicly available sources. You don't use anything illegal, you don't get into contact with target so you don't leave trace. In short, you don't do anything to alert the target.

When harmless/unimportant looking publicly available informations about target systematically collected and gathered together, it becomes harmful, especially in social engineering attacks.

Examples of resources for OSINT:

  • Internet Service Registration – The global registration and maintenance of IP address information

  • DNS: Local and global registration and maintenance of host naming

  • Search Engines: The specialist retrieval of distributed material relating to an organisation or their employees
  • Email Systems: The information contained within each email delivery process
  • Naming Conventions: The way an organisation encodes or categorises the services their online hosts provide
  • Website Analysis: The information intentionally made public, that may pose a risk to security

Examples of tools for OSINT:

  • Google Dorks: Sophisticated Google searches, shortly.
  • Shodan: Search engine for inter-connected devices
  • EXIF-Viewers: Sometimes you can find very useful information inside photographs
  • Metagoofil: Info gathering tool for extracting metadata from public sources.

And many others...

ferit
  • 459
  • 3
  • 13
  • There seems to be 2 types of interpretation for OSINT, one is what you mentioned and the examples you gave namely the personal use of publicly available data usually in a malicious manner, the other seems to be the service (e.g http://osint.bambenekconsulting.com/feeds/) given using these data. – Silverfox Mar 25 '16 at 06:51
  • 4
    I think there is only one interpretation. Second one you describe is a OSINT service, it seems they gather OSINT info as a service. – ferit Mar 25 '16 at 06:54
  • 6
    OSINT is not necessarily about the malicious use of openly available data. For instance DNS history is heavily used in tracking down malware distribution pattern, i.e. used for protecting and not for attacking. OSINT is just using openly available data to achieve a specific goal in IT security, no matter if this goal is to attack or to protect. – Steffen Ullrich Mar 25 '16 at 07:12