Scribd
Upload
88 views8 pages

OSINT Guide for Security Pros

The document provides an overview of Open-Source Intelligence (OSINT), detailing its definition, types, and applications in security and investigation. It outlines the OSINT cycle, sources of information, advanced techniques, challenges, and ethical considerations. Additionally, it lists tools and resources useful for conducting OSINT research.

Uploaded by

prajaktashende
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
88 views8 pages

OSINT Guide for Security Pros

The document provides an overview of Open-Source Intelligence (OSINT), detailing its definition, types, and applications in security and investigation. It outlines the OSINT cycle, sources of information, advanced techniques, challenges, and ethical considerations. Additionally, it lists tools and resources useful for conducting OSINT research.

Uploaded by

prajaktashende
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Open Source Intelligence

Framework
Report

INTRODUCTION
WHAT IS OSINT?

 OSINT stands for Open-Source Intelligence.


 It involves collecting, evaluating and analysing publicly available
information to answer specific intelligence questions.
 Unlike raw data, OSINT becomes intelligence when we give meaning to
the collected information through critical thinking and analysis.
 Sources of open-source information include public records, news media,
libraries, social media platforms, images, videos, and websites.
Types of OSINT:

1. Defensive: Learning about possible attack against yourself or an


organization.

2. Offensive: Gathering Information before Attack. Black Hat hackers


typically fall into this category

OSINT is widely used to collect information by below entities:


 Governments
 Military
 Private Investigators
 Corporation and Business
 Customers and Clients
 Machines aka Algorithms
 Penetration Testers
 Journalist
WHY IS OSINT USED?

Security and Investigation:


OSINT helps uncover clues that individuals leave in the open which could
compromise security.
For example: It can reveal personal details like dates of birth, Social Security
numbers, family members or hobbies that attackers might exploit.

Risk Assessment:
Organizations use OSINT as a cyber-security tool to assess security risks and
identify vulnerabilities in their IT systems.
ABOUT OSINT IN DEPTH

The OSINT Cycle

The Intelligence Cycle is a framework used in OSINT research. It includes


several stages:

1. Planning and Direction:


Defining the intelligence questions and objectives.

2. Collection:
Gathering relevant information from open sources.

3. Processing and Exploitation:


Organizing and analysing the collected data.

4. Analysis and Production:


Extracting meaningful intelligence from information.

5. Dissemination:
Sharing actionable intelligence with relevant stakeholder.

Sources of OSINT:

1. Public Records: Information available through government agencies,


court records, property registries and business fillings.

2. New Media: Articles, reports, and press releases from reputable news
outlets.

3. Social Media: Public profiles, posts and interactions on platforms like


Twitter, Facebook, Linked IN and Instagram.

4. Websites and Forums: Blogs, forums and websites that share


information on various topics.
5. Academic Research: Published Papers, dissertations and scholarly
articles.

6. Images and Videos: Analysing visual content for clues or context.

Advanced Techniques:

1. Metadata Analysis: Extracting hidden information from files.


a. For e.g. Geo location from photos.

2. Link Analysis: Mapping relationships between entities

3. Keyword Searching: Using specific terms to find relevant information.

4. Social Network Analysis: Identifying connections and patters in social


networks.

5. Geospatial Analysis: Mapping data to geographic locations.

6. Temporal Analysis: Studying changes over time.


1. For e.g. tracing trends or events.

7. Threat Intelligence Feeds: Subscribing to feeds that provide real-time


updates on threats.

Challenge and Ethics:

1. Verification: Ensuring the accuracy and reliability of collected data.

2. Privacy Concerns: Balancing the need for information with


individual’s privacy rights.

3. Bias and Misinformation: Being aware of biases and false


information.

4. Legal Boundaries: Complying with laws and regulations while


conducting OSINT.
5. Attribution: Properly crediting sources when sharing findings.

6. Ethical Use: Avoiding harm or misuse of information.

Tools and Resources:

1. Search Engines: Google, Bing and specialized search engines for


OSINT

2. Social Media Scrapers: Tools that extract data from social platforms.
3. Maltego: A graphical link analysis tool.

4. Wayback Machine: Archives of web pages over time.

5. OSINT Frameworks: Structured of approaches to OSITN


investigations.

6. Online Communities: Forums and groups where OSINT practitioners


share knowledge.
REFERENCES

 https://www.sans.org/blog/what-is-open-source-intelligence/
 https://portswigger.net/daily-swig/osint-what-is-open-source-
intelligence-and-how-is-it-used
 https://www.ibm.com/topics/osint
THANK YOU

Done by
Prajakta Shende
Cybersecurity Intern
CyberSapiens

You might also like