OSINT (Internet Intelligence) skills in Cybersecurity |
OSINT (Open Source Intelligence) – collection and analysis of information from publicly available sources. In the current reality, we are talking mainly about Internet sources. From Russian-speaking experts, you can hear the term "Internet intelligence", which is equivalent to OSINT in meaning. As part of cybersecurity, OSINT is used for pentest, forensics, reverse engineering, and social engineering. Information security training often includes a section with the study of OSINT techniques and tools. Pentesters use OSINT to optimize the first stage of their work: exploration and collection of information about a certain online object or subject. In this case, OSINT is necessary to identify the targets that need to be attacked, or to understand that nothing needs to be broken – it is already available to everyone. OSINT is convenient because: it implies much fewer risks: you do not violate someone's privacy and laws; 1. Passive. In this case, you do not give yourself away in any way and what you are looking for. The search is limited to the content on the site of the research object, archived or cached information, and unprotected files. 2. Active. This method is used for Internet intelligence much less often. To get information, you explore the company's IT infrastructure and actively interact with computers and machines. Advanced techniques are used to gain access to open ports, scan vulnerabilities and web server applications. In this case, your intelligence can be easily recognized. Social engineering also belongs here. The choice of method depends on the conditions under which you collect information, as well as on what data you need. Are you analyzing the company's security, have you signed an NDA and can you go anywhere you want? Or were you asked to get information about competitors? It is important to understand that what you can easily access is not always legal. For example, through Shodan (an Internet of Things search engine), it is not difficult to access the management of any of the systems, both personal and corporate. You can do this in a few clicks. However, if you start interacting with it somehow, trying to enter different passwords, this can already be counted as a hacking attempt and goes into active information collection, where the permission of the system owner is needed. OSINT (Internet Intelligence) skills in Cybersecurity Let's focus on the main areas that information security specialists explore on a regular basis. 1. File metadata. In them, you can find the date of creation of the document, user names, printer models, software installed on computers, and sometimes geolocation. Information about installed programs and their versions, for example, will allow you to select the most vulnerable and select exploits. User names, in turn, will become potential logins to personal or corporate systems. 2. Confidential documentation. Even in the most advanced companies and serious government agencies, some classified document may accidentally end up in the public domain. Examples of how to search for such documents can be found in the lectures of Andrei Masalovich. Confidential information may include the password creation policy, as well as the software and services used. 3. Domain information. There are a lot of tools that help collect all the data from the site (including those that are not visible to ordinary users). For example: e-mails, 4. Server-side web applications, Internet of Things. Servers, routers, CCTV cameras, webcams, online storage devices, etc. can be indexed. In addition to the fact that some can be accessed simply by clicking on the link, these devices contain technical information. Geolocation, open ports, running services, the domain name associated with the device, the Internet provider, web technologies. OSINT (Internet Intelligence) skills in Cybersecurity To immerse yourself in the topic and explore certain aspects, it is worth reading the following books: Business Intelligence 1. Mastering basic techniques like Google dorks (advanced Google search). To do this, read the blogs of specialists or specialized companies. For example: Hrazvedka – in the section "Razvednet" you can find a selection of different tools. In addition, the blog collects videos, articles, books, and films on the topic in Russian; The necessary tools for exploration are available in the collections:
creating fake profiles; A lot of materials on this subject can be found in the blogs and books described above. Here is one of them. 4. Learn more advanced tools that require knowledge: Kali Linux. There are many OSINT tools that only work on this operating system. OSINT (Internet Intelligence) skills in Cybersecurity 2. MaltegoMaltego is a software that collects all the data together, helps to see the relationships and draw conclusions. The result is visualized as a tree that collects IP addresses, e-mails, phones, domains, etc. Into a single system. There are three versions of the client, but for most specialists it will be enough for free. Maltego tutorials: in Russian and English (they are different). 3. Google Dorks are queries to Google using special operators. You've probably heard that to find the exact phrase, you need to put the words in quotation marks, and to exclude a word from the output, you need to put a "-" in front of it. This is just about Google dorking. Here you will find the basic operators, and here you will find a huge number of holes for finding vulnerabilities. 4. Foca is a program that helps with uploading, classifying and analyzing files on a remote web server. To do this, it scans a specific domain using Google, Bing, DuckDuckGo search engines. The software is free and installs quickly. In this material, you can find a small instruction on how to use the program. 5. Spyse is a search engine for technical information on websites. With it, you will find a variety of data, such as vulnerabilities, IP addresses, subdomains and SSL/TLS. Conclusion Go back |
26-02-2024, 01:39 |