Menu

The Blogging of Kelley 935

selecthook8's blog

Open Source Intelligence

In the previous article ( Part I ), we discussed the context around open source intelligence (OSINT) research - how OSINT fits into the intelligence cycle, the explosion in social media use, and background information about the internet & browsing. This information taught in this section is a key component for the success of an OSINT analyst because without these concepts and processes in place, researchers can get themselves into serious trouble during assessments by inadvertently alerting their targets or improperly collecting data.
Sometimes referred to as Open Source Intelligence because of the use of publicly accessible information outlets and media sources, OSINT involves identifying, OSINT selecting, and acquiring information from publicly available sources while being able to analyze that data in order to produce actionable intelligence.

Our two part series is divided into the following segments: Part I, in which we highlight the context in which protective intelligence professionals use open source intelligence (OSINT) and Part II, a brief overview of OSINT collection methods and how they relate to our organizations' protection strategies.
My research is covered more in depth in previous blog But with a minimal amount of effort stretched over a long amount of time I was able to create a data set that lets me narrow down the date that a Facebook account was created based on the Facebook account ID number alone.
February 2019-Sonatype, with expertise in automated open source, has entered a partnership with Kenna Security, a leader in predictive cyber risk, for improving the risk-based vulnerability management strategies of modern organizations backed by the high-quality intelligence on open source components.

The real world use for this Facebook analysis has come in handy for cases where people have been impersonated online with false accounts and for cases where a subject created multiple accounts and I needed to map out potential account involvement based on an activity or event that had occurred at a certain point in time.
Google, Yandex, Bing, and Exalead are search engines that are used in backend as a source, while Shodan is also a search engine but not the conventional one and we already discussed a bit about it earlier and we will discuss in detail about the same in this chapter later.

Many vertical sectors also have information sharing and analysis centers (ISACs), which are excellent sources of information, as are sector-independent fora like Facebook's ThreatExchange and AlienVault's Open Threat Exchange The IBM X-Force Exchange also provides an extensive threat database that is searchable by a range of parameters, including application name, IP and URL.
It's not recommended to approach open source intelligence from the perspective of finding anything and everything that might be interesting or useful — as we've already discussed, the sheer volume of information available through open sources will simply overwhelm you.

In particular, Mike Bazell hosts an amazing website and podcast about OSINT that constantly points to new and innovative investigation techniques, and both Twitter and Github are full of new OSINT tools being developed and released by the OSINT community.
Using OSINT, though, they're able to discover, and eventually target, the employees that have administrative access to critical business applications. Finding competitive and market intelligence using open sources is a key skill that separates novice CI professionals from the expert.

Go Back

Comment

Blog Search

Comments

There are currently no blog comments.