Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
2. root@charlie:~$ whoami
• Digital Forensics Analyst
• Co-Leader – OWASP AppSec India
• OSINT Enthusiast
• Consultant to a few Law Enforcement
Agencies
• @TheDeepSYadav
3. Agenda
• What is Intelligence?
• What is OSINT?
• Why OSINT?
• What is Value of OSINT?
• Sources of Data
• Demo
4. What is Intelligence?
• Data : Raw Report, Images or Broadcast
• Information : Collected Data of Generic Interest
• Intelligence : concisely tailored answer reflecting
a deliberate process of discovery, discrimination,
distillation, and delivery of data precisely suited to
need
5. Types of Intelligence
• HUMINT – Human Intelligence Sleeper Cells
• SIGINT - Signal Intelligence Traffic Analysis,
TEMPEST
• MSINT – Measurement and Signature Intelligence
Radar, Nuclear and Earthquake
• Tactical Intelligence – Intelligence about Weapons
used by Forces
• OSINT – Open Source Intelligence
6. What is OSINT?
Open-source intelligence (OSINT) is intelligence
collected from publicly available sources.
It’s not a tool, It’s not a website, It’s not with any
fee but it’s not free….. :)
8. Why OSINT?
• Internet is not limited to Google Searches.
• Not even limited to search engines, social media and
blogs.
• Huge number of sensational hacks in recent times
Organizations getting hacked even after using so
called "sophisticated" defense mechanisms.
• Basic recon usually ignored during security
assessments.
• If your SECRET is out there in the open, someone
WILL find it.
• It's just data until you leverage it to create
intelligence.
21. Data Analysis
• Selecting Data as per Case.
• Removing Noise (Buy Disprin Before it :P )
• Making Intelligence on behalf of data. (Give wake
up call to your inner Sherlock)
23. Data Sources
• Web Directories – WWW Library and Internet Public Library
• Search Engines – Google, Yahoo, Bing, Baidu, MSN etc. etc.
• Important Engine – Wolframe Alpha, ROBTEX
• Serial Search Engines – Soolve , myallsearch
• Hardware Search Engine – Shodan
• Scientific Search Engine – Google Scholar, Academia
• Encyclopedia – Wikipedia
• Book Stores – Amazon, Google Books etc.
• Translations – Google, Bing and many more
• Aeronautical – flightradar24.com and many more
• Blogs – Blogspot, Wordpress and many more
24. Cntd.
• Company Information – MCA.gov.in, Zaubacorp
• Images – Google Images, Flickr, PICASA and much important –
Tineye
• Internet Tools – Archive.org, Whois, VisualRoute,
ip2location.com etc etc
• Thousand of Journals and Print Media Sources
• Maps – Google Maps, Google Earth, Wikimap
• People Finders – pipl, spokeo etc etc, Public Records -
Intellius
• Social Networking Websites – Facebook, Twitter, G Plus,
LinkedIn etc etc
• Matrimonial Websites
• Job Portals
25. Data Harvesting
A.K.A:
• Information Gathering:
The act of collecing informaion
• Foot printing:
Is the technique of gathering informaion about
computer systems and the eniies they belong to.
• Web mining:
The act of collecing informaion from the web
26. Data Harvesting – How?
•
•
•
•
•
•
•
•
Scraping (raw)
Open APIs
Commercial APIS
Network Scanning
Purchasing data
Open source Data sets
Databases
Logfiles
27. Offensive OSINT – goals
•
•
•
•
•
Phishing
Social Engineering
Denial of Services
Password brute force
Target infiltraion
atacks
28. What data is interesting?
Emails
Users / Employees names
-Interests
-People relationships
-Alias
33. Metadata
Metadata: is data about data.
Is used to facilitate the understanding, use and management
of data.
•
•
•
•
•
Office documents
Openoffice documents
PDF documents
Images EXIF metadata
Others
41. Sources
• Slideshare.com
• Google.com
• Some Deep Web Forums
I might have copied some images and content from
other ppt’s and articles and credits are given where
required so don’t worry I got them via googling
only