SlideShare ist ein Scribd-Unternehmen logo
1 von 33
Downloaden Sie, um offline zu lesen
Full Auto OSINT
OSINT for Pentesters
Me Me Me…
•Who/What am I?
•Simple answer:
• Father/Husband/Son/Brother
• Programmer/Pentester/Researcher
• Hillbilly
What is OSINT?
“Open Source Intelligence, often referred to as OSINT, can mean
many things to many people. Officially, it is defined as any
intelligence produced from publicly available information
that is collected, exploited, and disseminated in a timely manner
to an appropriate audience for the purpose of addressing a
specific intelligence requirement. For the CIA, it may mean
information obtained from foreign broadcasts. For an attorney, it
may mean data obtained from official government documents that
are available to the public. For most people, it is publicly available
content obtained from the internet.”
--Michael Bazzell
Is it legal?
Why OSINT?
Goal oriented OSINT…
•What are you after?
Goal oriented OSINT…
•What are you after?
• Usernames?
• Passwords?
• Personal details?
• Locate someone?
Where/How to Gather OSINT
Where/How to Gather OSINT
•Internet
• Search Engines
• Social Media
• Online Communities
• Data Sharing/Hosting
• Corporate
Where/How to Gather OSINT
•Internet
• Search Engines
• Social Media
• Online Communities
• Data Sharing/Hosting
• Corporate
•Tools
• System/OS Tools
• Pentester Tools
• APIs
To the webs!!!!
To the webs!!!!
•Search Engines
•Social Media
•Online Communities
•Data Sharing
•Corporate
Search Engines
Social Media
Demo
Online Communities
Data Sharing
Demo
Corporate
Demo
Time for the command line!!!
Time for the command line!!!
•System Tools
•Pentester Tools
•APIs
System Tools
•dig
•whois
•traceroute
Pentester Tools
•theHarvester
•Sublist3r
•FOCA
•Recon-ng
•Metagoofil
•Fierce
•Spiderfoot
•Creepy
•Tinfoleak
•EyeWitness
•Instalooter
•…
Demo
APIs
Demo
MultiTools
Demo
Lets Automate It!!!
Demo ... Not Quite Yet
Sorry 
Resources
• https://inteltechniques.com/
• https://start.me/p/m6XQ08/osint
• http://osintframework.com/
• https://github.com/Ph055a/awesome_osint
THANK YOU
Questions? Comments? Thoughts?
Contact Info:
•adam_compton@rapid7.com
•adam.compton@gmail.com
•@tatanus
•https://www.hillbillystorytime.com

Weitere ähnliche Inhalte

Was ist angesagt?

OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigacionesOSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigacionesemilianox
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)Molfar
 
Osint skills
Osint skillsOsint skills
Osint skillsFelixK4
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

Was ist angesagt? (20)

OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and future
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)Practical White Hat Hacker Training -  Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
OSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigacionesOSINT e Ingeniería Social aplicada a las investigaciones
OSINT e Ingeniería Social aplicada a las investigaciones
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
 
Osint skills
Osint skillsOsint skills
Osint skills
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

Ähnlich wie Bsides Knoxville - OSINT

A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
Cyber criminals
Cyber criminalsCyber criminals
Cyber criminalsAin Mazlan
 
P19 open source investigations-deciphering criminals digital footprint_matas_...
P19 open source investigations-deciphering criminals digital footprint_matas_...P19 open source investigations-deciphering criminals digital footprint_matas_...
P19 open source investigations-deciphering criminals digital footprint_matas_...National Retail Federation
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapitolTechU
 
Legal issues facing journalists
Legal issues facing journalistsLegal issues facing journalists
Legal issues facing journalistsEllyn Angelotti
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Donald E. Hester
 
Why your digital reputation matters?
Why your digital reputation matters? Why your digital reputation matters?
Why your digital reputation matters? Parakum Pathirana
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...MRAMidAtlanticChapter
 
The Self-Invasion Of Privacy
The Self-Invasion Of PrivacyThe Self-Invasion Of Privacy
The Self-Invasion Of PrivacyDiane Allen
 
Developing your analytical skills
Developing your analytical skillsDeveloping your analytical skills
Developing your analytical skillsTony Obregon
 
Anonymous sources in Journalism
Anonymous sources in JournalismAnonymous sources in Journalism
Anonymous sources in JournalismCubReporters.org
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 

Ähnlich wie Bsides Knoxville - OSINT (20)

A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
Cyber criminals
Cyber criminalsCyber criminals
Cyber criminals
 
1482734.ppt
1482734.ppt1482734.ppt
1482734.ppt
 
P19 open source investigations-deciphering criminals digital footprint_matas_...
P19 open source investigations-deciphering criminals digital footprint_matas_...P19 open source investigations-deciphering criminals digital footprint_matas_...
P19 open source investigations-deciphering criminals digital footprint_matas_...
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
 
Legal issues facing journalists
Legal issues facing journalistsLegal issues facing journalists
Legal issues facing journalists
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014
 
Why your digital reputation matters?
Why your digital reputation matters? Why your digital reputation matters?
Why your digital reputation matters?
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Whiz final presentation
Whiz final presentationWhiz final presentation
Whiz final presentation
 
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...
Everyone Is an Analyst and Data Is Everywhere, But Research Has Never Been Ne...
 
The Self-Invasion Of Privacy
The Self-Invasion Of PrivacyThe Self-Invasion Of Privacy
The Self-Invasion Of Privacy
 
Developing your analytical skills
Developing your analytical skillsDeveloping your analytical skills
Developing your analytical skills
 
Anonymous sources in Journalism
Anonymous sources in JournalismAnonymous sources in Journalism
Anonymous sources in Journalism
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Osint part 1_personal_privacy
Osint part 1_personal_privacyOsint part 1_personal_privacy
Osint part 1_personal_privacy
 
Citizen (Online / Social) Media Ethics
Citizen (Online / Social) Media EthicsCitizen (Online / Social) Media Ethics
Citizen (Online / Social) Media Ethics
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 

Mehr von Adam Compton

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a PentesterAdam Compton
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatAdam Compton
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest FailsAdam Compton
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest FailsAdam Compton
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsAdam Compton
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFailsAdam Compton
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsAdam Compton
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFailsAdam Compton
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsAdam Compton
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2Adam Compton
 

Mehr von Adam Compton (14)

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a Pentester
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White Meat
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest Fails
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFails
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFails
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
DerbyCon - Legion
DerbyCon - LegionDerbyCon - Legion
DerbyCon - Legion
 
DerbyCon - APT2
DerbyCon - APT2DerbyCon - APT2
DerbyCon - APT2
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFails
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFails
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2
 

Kürzlich hochgeladen

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Test Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationTest Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationUiPathCommunity
 
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDiscussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDesmond Israel
 
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Anju21552
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 

Kürzlich hochgeladen (13)

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Test Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationTest Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_Presentation
 
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDiscussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
 
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 

Bsides Knoxville - OSINT

Hinweis der Redaktion

  1. Me? I have been around for a while… Somewhere around 18 years or so in the InfoSec field. Over that time, I have been a programmer, researcher, and pentester (currently for Rapid7). But most of all, I am a father, husband, son, and brother.
  2. OSINT is intelligence produced from publicly available information
  3. First of all I am NOT a lawyer: By from what I understand the answer is …Maybe.. But usually yes. If you were able to collect the data by access a website or other source without breaking access controls or something similar, then you should be fine. What about password/data breaches/leaks.. Well.. It is probably best to not download/view them. I know that sometimes it can cause issues if you have a security clearance or can cause issues in court cases and such.
  4. pentester
  5. Search Engines Google, Bing, … Social Media Facebook, Twitter, LinkedIn, … Online Communities Reddit, … Data Sharing Pastebin, … Corporate www.company.com, jobs.company.com, …
  6. Google Bing Yandex Yahoo Baidu Duckduckgo SHODAN
  7. Google dorks Google SHODAN Archive.org / waybackmachine Facebook searches https://www.facebook.com/search/str/Adrian%20Sanabria/users-named/intersect https://www.facebook.com/adrian.sanabria adrian.sanabria 508092249 https://www.facebook.com/search/508092249/photos-by https://www.facebook.com/search/508092249/photos-liked https://www.facebook.com/search/508092249/photos-of https://www.facebook.com/search/508092249/apps-used https://www.facebook.com/search/508092249/events https://www.facebook.com/search/508092249/employers https://www.facebook.com/search/508092249/friends Twitter site:linkedin.com adrian sanabria
  8. Reddit 4chan Pintrest Ebay
  9. Pastebin Slideshare Scribd Gist.github.com
  10. https://twitter.com/checkmydump https://twitter.com/dumpmon
  11. www.rapid7.com careers
  12. www.rapid7.com careers
  13. System Tools dig, whois, … Pentester Tools Recon-ng, theHarvester, FOCA, … APIs Pipl, Full Contact, Have I Been Pwned, …
  14. System Tools dig, whois, … Pentester Tools Recon-ng, theHarvester, FOCA, … APIs Pipl, Full Contact, Have I Been Pwned, …
  15. Whois Dig
  16. theHarvester Sublist3r FOCA Recon-ng Metagoofil Fierce Spiderfoot Creepy Tinfoleak EyeWitness Instalooter
  17. Dig Whois metagoofil metagoofil -d apple.com -t doc,pdf -l 200 -n 10 -o applefiles -f results.html theHarvester theharvester -d rapid7.com -l 500 -b google ./datasploit.py -i adam.compton@gmail.com
  18. Pipl curl http://api.pipl.com/search/ -d username="sawaba" -d key=SOCIAL-DEMO-xfra8kc0zddque73a7omxtci -d match_requirements="(name and image)" Have I been pwned curl "https://haveibeenpwned.com/api/v2/breachedaccount/adam.compton@gmail.com" | python -m json.tool Hacked-emails curl "https://hacked-emails.com/api?q=adam.compton@gmail.com" | python -m json.tool Hunter.io curl “https://api.hunter.io/v2/domain-search?domain=cisco.com&api_key=efce916c389f87e8c3d2bef14a8e1b3f29e28b45”
  19. Pipl curl http://api.pipl.com/search/ -d username="sawaba" -d key=SOCIAL-DEMO-xfra8kc0zddque73a7omxtci -d match_requirements="(name and image)" Have I been pwned curl "https://haveibeenpwned.com/api/v2/breachedaccount/adam.compton@gmail.com" | python -m json.tool Hacked-emails curl "https://hacked-emails.com/api?q=adam.compton@gmail.com" | python -m json.tool Hunter.io curl “https://api.hunter.io/v2/domain-search?domain=cisco.com&api_key=efce916c389f87e8c3d2bef14a8e1b3f29e28b45”
  20. Recon-ng maltego technisette.com osintframework.com inteltechniques.com https://github.com/Ph055a/awesome_osint
  21. Demo osint framework Demo inteltechniques.com
  22. Michael Bazzell
  23. Now, any questions?