What is OSINT?

Free resources

Posted on April 28, 2022

What is OSINT?

This is notes of YouTube interview on April 28 2022

Credit: David Bombal - OSINT: You can’t hide

💡 Reminder - Do not cross any privacy lines or any laws in workplaces

Open source intelligence - OSINT

They are publicly available. Most of them are country-specific & region-specific Stalking is easy and common after social media coming out. Social engineering is one of the OSINT examples. Finding different little gems 💎 can help paint a big picture for us. There is no magic book for OSINT practitioners but it is easy for everyone without any hard skills to get into OSINT.

\

Technique

  • Reconnaissance (recon)
    • Find targets 🔴
      • red teaming recon
    • Find attackers 🔵

Examples:

  • Image
    • Delocate an image on instagram
    • Geolocate back from an image
      • types of plant with specific latitude and longitude
  • Email
    • Searching your own email on
      • haveibeenpwned.com
      • whatsmyname.app
    • PGP key can link to an email address
  • Phone number - google dorking / boolean searches
    • “abc@gmail.com” -useless
  • Strava
    • They share a heat map which is generated by their users’ walks
    • Strava lights up staff at military bases posted on BBC

\

Google Dorks

  • Keyword search
    • Double quote "keywords"
  • File type search
    • keywords:file_type
    • e.g., running:jpg
  • Site specific
    • keywords site:url
    • e.g., running site:www.nike.com

Operational security - OPSEC

You need to protect ourself when you are doing OSINT investigation.

  • Solution:
    • Use VPNs
    • Use virtual machine (avoid MAC address leakage)
    • Use sock puppet accounts (a fake social media account)

Resources:

Tags: OSINT Hacking
Share: Twitter Facebook LinkedIn