Open-source Intelligence
1/8
This material was developed with funding
from the National Science Foundation
This work is licensed with a
Creative Commons Attribution 4.0 International LicenseEndFragment
Back
Next
Open-source Intelligence
Restart
The hashtag for newhouse does not
provide any useful information.
Karl is not the account owner and
The post does not provide any
further information to identify Karl.
There are five clues containing useful OSINT in this post. Click on the different elements to see if you can find all five.
Bezos is the nickname of the account
Owner, and that can be used as a
potential password.
The 50th birthday reference combined
with the date can be used to compute
his wife’s birthdate—a potential password.
The 50th birthday reference combined
with the date can be used to compute
his wife’s birth year which is a popular password component.
Close
You discovered the address. The city and state are also referenced.
Missy is a hashtag reference for either
his wife’s name or even a nickname.
Another potential password.
The picture of the house does not provide any useful informaiton.
Looking over someone’s shoulder and visually capturing logins or passwords (or other sensitive information) while they are using a computer
Shoulder surfing can occur at close range (by looking over another’s shoulder) or from a longer range with something as simple as a pair of binoculars. Shoulder surfing does not require any techical skill, just keen
observation skills.
In a crowded place, shoulder surfing is easier since you are not as easily observed.
Shoulder Surfing
5/22
Dumpster diving means searching through trash for useful information. Think of all the things that you throw out that may contain either personal or corporate information. You can learn a lot about a person or company from the trash that they throw away, and most dumpsters are in publicly accessible areas. When was the last time you saw a locked dumpster?
Use this technique to retrieve seemingly innocent information like phone lists, organizational charts or employee information.
Dumpster Diving
OSINT
n
Shodan
Nslookup
Spokeo
Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence functions. Alternatively, threat actors can use OSINT to harvest information about potential targets. The victim’s data can then be used for many types of attacks including password guessing, phishing, or even reconnaissance for a bigger attack.
Click on the OSINT circle to learn more.
IANA
WHOIS
Click Next to go to the outer ring
Click on each inner ring icon
The inner ring is comprised of tools that you can use to gather information. Of course the Internet is an obvious source for open-source intelligence. Social media websites and user-created content such as cell phone videos are easy to access and provide useful information. There are also non-technical sources for information. Remember, one person's trash may be another person's treasure.
#3
January 15, 2022 - 7 years = January 15, 2015
#1
Birth Date
#4
Date and Time
#2
Social media intelligence (SOCMINT) is a sub-branch of Open-source Intelligence (OSINT), and it refers to the information collected from social media websites. The data available on these sites can be either open to the public (like public posts on Facebook or LinkedIn) or private. Private information such as contents shared with a friend's circle, cannot be accessed without proper permission from the creator. Read the post from a social media website. Click on each button to discover the information revealed in the posted picture.
Social Media
Family Member Names
Location
#3
#4
Web Pages
Click on each of the highlighted buttons
The most common function of OSINT is to map public facing assets and discover the information that each of the assets possesses. The information is used to discover and develop a potential attack surface.
Dates
Camera
Location
Metadata
Metadata describes other data. It provides information about a certain item's content. For example, an image may include metadata that describes how large the picture is, the color depth, the image resolution, when the image was created, and other data. A text document's metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary of the document.
Click on each button
Picture Owner
Setup Information
Using the location information obtained from the metadata, we can enter the values and obtain an address.
Click to plot metadata values
Latitude
Longitude
Latitude
Longitude
Click to select
Number 10 Downing Street, London
Google Earth
Google Earch renders a 3D or 2D representation of Earth based on satellite images, aerial photographs, and GIS
data. It allows users to visit places virtually giving them an invaluable tool to perform surveillance on the target from a simple map, visual recognition, and computation of distances from other objects in the immediate vicinity.
I need to find 10 Downing
Street in London
Click on Street View to continue
Click on Search Now button
John Smith
Spokeo is a tool that can search by name, phone, address, or email to confidentially look up information about people you know such as friends, family, acquaintances, old classmates, and even yourself.
Spokeo
We can find out who holds executive positions
within the organization and who the members
of the Board of Directors are. Now we have
names and position titles.
Phone numbers, email addresses, store hours, and names all provide information for a possible attack vector.
Locations allow the use of such tools as Google Earth to conduct virtual reconnaissance. Store hour listings pinpoint times when the location might be more vulnerable.
Click on each outer ring icon
The outer ring is comprised of publicly available Internet tools that you can use to gather information.
Click on any of the icons to review
Nslookup
c:\>
Nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between a domain name and IP address or other DNS record.
c:\>nslookup
Shodan is a search engine that lets users search for various types of servers (webcam, routers, servers, etc.) connected to the Internet using a variety of filters.
Shodan
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with him or her. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Click to view Registrar data >>
Whois
Click below for more information
The Internet Assigned Numbers Authority (IANA) performs the global coordination of the DNS Root, IP addressing, and other Internet protocol resources
IANA
IANA is responsible for global coordination of the Internet
Protocol addressing systems and the Autonomous System
Numbers used for routing Internet traffic. You can use this
website to determine the country in which an IP address
originated from.