Presentation is loading. Please wait.

Presentation is loading. Please wait.

Offensive & Defensive Opensource Intelligence (OSINT)

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Offensive & Defensive Opensource Intelligence (OSINT)"— Presentation transcript:

1 Offensive & Defensive Opensource Intelligence (OSINT)
Roy Wattanasin Offensive & Defensive Opensource Intelligence (OSINT) ISSA NE 2018 Meeting 11/07/2018

2 Disclaimer You do not hold the presenter liable and accept full responsibility for your actions The presentation does not endorse or approve and assumes no responsibility for the content, accuracy or completeness of the information presented This presentation does not represent the opinions of any of the organizations that I am currently working for or have worked for You will use any tools mentioned in an ethical, professional and legal manner

3 whoami Healthcare information security professional
Former adjunct faculty at Brandeis University Conference(s) organizer, creator, etc. – Former lead co-organizer co-host IoT, healthcare medical device security, application security & DFIR Former ISSA CISO member CISO Mentor Series Pre-Professionals Meetup @wr0

4 Agenda OSINT Offensive Defensive Questions

5 90 % of breaches come from phishing, social engineering
Where can OSINT be drawn from? - Internet Mass media (Newspapers, magazines, television, radio) Conference and journals Photos Maps, imagery products Verizon and Bank Information Security

6 OSINT “Produced from publically available information that is collected, exploited and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” - Wikipedia The art of gathering information that is publically available using various tools. Where can OSINT be drawn from? - Internet Mass media (Newspapers, magazines, television, radio) Conference and journals Photos Maps, imagery products

7 How Can It Be Used ? Information on your target is valuable and relevant. “Knowledge is power only if man knows what facts not to bother with.” Robert Staughton Lynd “Make sure that the information is accurate and as accurate as possible.” Chris Hadnagy Document, storage and catalog information List questions Determine if information is useful or not Internal DBs, cloud based systems, paper/pen, DBMS Windows – cintanotes.com Other platforms– keepnote.org

8 How Can It Be Used ? Dumpster Diving
The law states that, “ A person has no reasonable expectation of privacy for contents of garbage and has relinquished any property interest of garbage . . .” – (This is dependent on where you are and is a case-by-case basis.) What information can be obtained? Vishing – voice phishing Caller ID spoofing SSNs, credit card #s, cell phones, bank loans, checking/savings accounts, utility accounts, IDs, tax information

9 OSINT Frameworks OSINT-Framework Other Videos and Training
Other Videos and Training

10 Search Engines vs Google vs Baidu vs Others
Duck Duck Go Startpage ReverseIP Google Baidu Bing Yandex Books Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, 5th edition – Michael Bazzell More books Amazon wishlist Google – tracks IP addresses, creates filter bubble for users even when logged out, profiles users & readers info to advertisers, records search history Localized results by default

11 Additional Search Engines
FaceSaerch MashedWorld SocialMention PIPL Geosearchtool (Geolocated Youtube videos by time, keyword, radius etc.) urlscan.io websites Tininfo Twitter Internal DBs, cloud based systems, paper/pen, DBMS

12 Additional Search Engines
Website domains – , Zoominfo.com - Glassdoor.com - Payscale.com - Hoovers.com - Domain IP history, subdomains DNS records - Archive.org - Linkedin -

13 Additional Search Engines
DNS records Mxtoolbox - Nslookup Dig (Linux, Windows etc.) – domain information groper addresses Hunter, theHarvester Browser extensions Chrome extensions Skrapp - Rapportive – plugin connector with info from Linkedin, social media etc. Internal DBs, cloud based systems, paper/pen, DBMS

14 Additional Search Engines
Subdomains Wolframalpha.com - Searchdns.netcraft.com - Sublist3r - Basic checks – vulnerabilities in subdomains Censys IP Search – Website Profiling Wappalyzer - Buildwith - Job boards Forums Source Code Aggregators Github searches, searchcode.com - Gist search - Nerdydata.com -

15 Additional Search Engines
Pasting Websites Pastebin - Psbdmp.com - Scan Engines Qualys - Urlscan.io - Asfaweb.com - (Analyzer for ASP websites) Microsoft Office365 tenant searches Files Exif data (Online ExifTool), FOCA (Elevenpaths) Social Media (Wechat and Whatsapp) Reverse image searching, DataSploit, Geotracking, Username checks, keybase.io, PGP keys, Rapportive, Social Media Monitor Internal DBs, cloud based systems, paper/pen, DBMS

16 Additional Search Engines
IP Whois, ASN ID, MAC, Threat Intel. Feeds, Hurricane Labs Website changes Changedetective.com, follow.net, Page monitor (chrome extension), public websites Reverse image searching Tineye.com - People search engines – Phone number search engines Infosec Mindmaps Internal DBs, cloud based systems, paper/pen, DBMS

17 Shodan

18 Have I Been Pwned?

19 Google https://www.exploit-db.com/google-hacking-database/
intitle:"Residential Gateway Configuration:" intext:"Cable Modem Information." inurl:"sap-system-login" intitle:”index of” .baseh_history intitle:"Index of" "DCIM" Inurl:yahoo_site_admin/credentials index of /htdocs Internal DBs, cloud based systems, paper/pen, DBMS

20 Google Passwords

21 Meta Data Date Time Document Creator Printer Used File Structure
Passwords Where can you find this information?

22 Maltego Opensource intelligence and forensics application
Offers data mining and information gathering that is easy to understand. System requirements Differences between commercial and community editions

23

24 Defensive Information aggregators
Public records Podcasts Disposable addresses Sudo application, Signal, ProtonMail, VPN, Credit Freeze, Privacy app Information Removal Workbook PDF

25 Additional Resources Twitter - #OSINT @apriilwright – 09/09/2017
@peerlyst – 10/26/2017 @peerlyst – 12/26/2017 resources-and-reading-for-those-interested-in-osint-joe- gray

26 Additional Resources Bank Information Security t-breaches-trace-to-phishing-social-engineering- attacks-i-3516

27 Questions Any questions ?
Special thanks to Chris Hadnagy, April Wright, Rachel Tobac, Jayson Street and others for teaching and sharing OSINT tools and techniques! Slides will be publically posted in a few days Thank you! websecr at gmail dot com

Download ppt "Offensive & Defensive Opensource Intelligence (OSINT)"

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
Social Media and Teaching Tools by Hongmei Chi www.vividpointinteractive.com.

Social Media and Teaching Tools by Hongmei Chi
Basic Web Design UVICELL Week 5 Choosing a Domain Name, Hosting and Marketing Your Web Site Week 5 Choosing a Domain Name, Hosting and Marketing Your Web.

Basic Web Design UVICELL Week 5 Choosing a Domain Name, Hosting and Marketing Your Web Site Week 5 Choosing a Domain Name, Hosting and Marketing Your Web.
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
Group #2 - Rebecca Patton, Cecilia Macris, Elizabeth Dunne Google Bookmarks, Google Books, & Google Play.

Group #2 - Rebecca Patton, Cecilia Macris, Elizabeth Dunne Google Bookmarks, Google Books, & Google Play.
The Business of Penetration Testing

The Business of Penetration Testing
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
Over My Shoulder Training Session 4. Over My Shoulder Training Week 3 – Fulfillment – Search Engines and Citations Setting client expectations – More.

Over My Shoulder Training Session 4. Over My Shoulder Training Week 3 – Fulfillment – Search Engines and Citations Setting client expectations – More.
Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.

Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.
Google Docs and Wikis March 6, 2012 Effective Use of Technology Sub-Committee (LTO – DMP – Library) #RUweb20.

Google Docs and Wikis March 6, 2012 Effective Use of Technology Sub-Committee (LTO – DMP – Library) #RUweb20.
Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.

Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.
FlipFlop PD June 12, 2012 Stephanie Dixon, EBRPSS What’s in Your Digital Dossier?

FlipFlop PD June 12, 2012 Stephanie Dixon, EBRPSS What’s in Your Digital Dossier?
Www.TASK.to GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.

An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
OCLC Online Computer Library Center CONTENTdm ® Digital Collection Management Software Ron Gardner, OCLC Digital Services Consultant ICOLC Meeting April.

OCLC Online Computer Library Center CONTENTdm ® Digital Collection Management Software Ron Gardner, OCLC Digital Services Consultant ICOLC Meeting April.
Tablet Camp 2015 Resource Guide for Students at Klein ISD 1:1 Campuses.

Tablet Camp 2015 Resource Guide for Students at Klein ISD 1:1 Campuses.
Internet Skills The World Wide Web (Web) consists of billions of interconnected pages of information from a wide variety of sources. In this section: Web.

Internet Skills The World Wide Web (Web) consists of billions of interconnected pages of information from a wide variety of sources. In this section: Web.
COM 354 Week 2.1 New Media Ethics. Twitter Updates What accounts to follow? Stories of the week?

COM 354 Week 2.1 New Media Ethics. Twitter Updates What accounts to follow? Stories of the week?
Technology Social Media Unit 1. What is Social Media? Social media is the interaction among people in which they create, share or exchange information.

Technology Social Media Unit 1. What is Social Media? Social media is the interaction among people in which they create, share or exchange information.
THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.

THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.

Similar presentations

Ads by Google