SlideShare a Scribd company logo

Jerod Brennen - What You Need to Know About OSINT

Download as PPTX, PDF
C
centralohioissa

The document discusses Open Source Intelligence (OSINT) and its importance in penetration testing, outlining a structured process for profiling companies, individuals, and their security vulnerabilities. It highlights essential OSINT tools for research and automation while emphasizing self-defense strategies against potential security breaches. The text is aimed at providing foundational knowledge and resources for effectively utilizing OSINT in cybersecurity efforts.

Technology
1 of 23
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Detecting the Undetectable: What You Need to Know About OSINT
Hack all the things! Jerod Brennen, CISSP, GWAPT You can find me at: Twitter: @slandail LinkedIn: /in/slandail
Hacker, hack thyself.
Want Answers? Start With the Right Questions. ◉What the heck is OSINT? ◉What’s your process? ◉What OSINT tools should I know about? ◉How do I defend myself?
1. What the heck is OSINT? Let’s begin at the beginning.
OSINT Open Source INTelligence
Penetration Testing OSINT is a key component of the Penetration Testing Execution Standard (PTES). [Image from https://www.trustedsec.com/penetration-testing/]
2. What’s your process? Wash. Rinse. Repeat.
EDGAR U.S. Securities and Exchange Commission. Over 20 million filings for publicly traded companies. You can also split your content Google Finance Leadership, performance, news stories, external links. Step 1: Profile the Company LinkedIn Company page. Products, services, 30k foot view. Company Website Careful, here. Visits from your laptop = a record of your IP touching their web infrastructure.
LinkedIn Employee names, titles, history with the company, and technologies that the IT staff uses. You can also split your content Facebook What do they eat for lunch? (More importantly, the answers to their secret questions.) Step 2: Profile the People Twitter Who do they talk to? What do they talk about? Search Engines Google, Bing, Duck Duck Go Individual Internet footprint
In two or three columns The Wall of Shame U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Breaches Affecting 500 or More Individuals PrivacyRights.org Chronology of Data Breaches (2005 – present). Filter by source (if known), industry, and/or year. PasteBin / Cryptbin Designed to let programmers share and troubleshoot snippets of code, they’ve also become repositories for proof of breach. For example. “Here are 1,000 passwords. Send xxx bitcoins to this address for the other 49,000. Step 3: Research Previous Breaches
Mobile Apps Start with Google Play and iTunes. Download the app file (.apk, .ipa) to your testing machine, unzip it, and start poking around. If they have an app in Google Play, reverse the app back to it’s original Java source code. You can also split your content Web Infrastructure Lots to cover here, folks. Let’s save the details for the next section. Step 4: Profile the Internet-Facing Infrastructure
3. What OSINT tools do I need to know about? Automation, folks. That’s where it’s at.
Tell Me About Your Web Apps ◉ Netcraft Site Report http://toolbar.netcraft.com/site_report ◉ ICANN WHOIS https://whois.icann.org/en ◉ ARIN WHOIS-RWS https://whois.arin.net/ui/advanced.jsp ◉ Hurricane Electric BGP Toolkit http://bgp.he.net/
These Are a Few of My Favorite Things ◉ Qualys SSL Labs – SSL Server Test https://www.ssllabs.com/ssltest/ ◉ PunkSPIDER https://www.punkspider.org/ ◉ UltraTools DNS Zone Transfer Lookup https://www.ultratools.com/tools/zoneFileDump ◉ SHODAN https://www.shodan.io/
◉FOCA https://www.elevenpaths.co m/labstools/foca/index.ht ml ◉ Google Hacking http://www.hackersforcharity.o rg/ghdb/ Passive  Active
““Automation, folks. That’s where it’s at.” – Jerod Brennen, just a few minutes ago
◉Maltego https://www.paterva.com/w eb6/products/maltego.php ◉ recon-ng https://bitbucket.org/LaNMaSt eR53/recon-ng Replace Yourself With a Very Small Shell Script
4. How do I defend myself? Sitting under your desk and crying is not an option.
Riddle Me This, Batman… How much of what we’ve discussed would trigger an alert in your IDS/IPS?
◉ Unauthorized ports open on Shodan? Close them. ◉ Web app vulnerabilities on PunkSPIDER? Fix them. ◉ Zone transfers were successful? Disable them. ◉ Passwords on Pastebin? Change them. ◉ Users oversharing on social media? Train them. Let’s Not Overcomplicate Things
Would You Like to Know More? ◉Online Strategies http://www.onstrat.com/osint/ ◉Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page ◉IT Security Career http://www.itsecuritycareer.com/blog/what-you-dont-know- about-osint-can-hurt-you/
Thanks! ANY QUESTIONS? You can find me at: Twitter: @slandail LinkedIn: /in/slandail

More Related Content

PPTX
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
PPTX
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
PPTX
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
PPTX
Crowd-Sourced Threat Intelligence
AlienVault
 
PPTX
Red team Engagement
Indranil Banerjee
 
PPTX
An Introduction To IT Security And Privacy In Libraries
Blake Carver
 
PDF
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
PPTX
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Clare Nelson, CISSP, CIPP-E
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Crowd-Sourced Threat Intelligence
AlienVault
 
Red team Engagement
Indranil Banerjee
 
An Introduction To IT Security And Privacy In Libraries
Blake Carver
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Clare Nelson, CISSP, CIPP-E
 

What's hot (20)

PPT
3 Hkcert Trend
SC Leung
 
PPTX
An Introduction To IT Security And Privacy In Libraries & Anywhere
Blake Carver
 
PDF
Is AI going to provide safety for us?
DLabs
 
PPTX
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
Clare Nelson, CISSP, CIPP-E
 
PDF
Ransomware ly
Lisa Young
 
PPTX
Attack Vectors in Biometric Recognition Systems
Clare Nelson, CISSP, CIPP-E
 
PPT
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
PPTX
Maltego Webinar Slides
ThreatConnect
 
PPTX
Targeted attacks
Barry Shteiman
 
PDF
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
PPTX
An Introduction To IT Security And Privacy - Servers And More
Blake Carver
 
PPTX
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
Clare Nelson, CISSP, CIPP-E
 
PDF
Threat Hunting Report
Morane Decriem
 
PDF
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
PPT
Hacking
Purohit Rock
 
PPT
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PPTX
Cyber threat intelligence: maturity and metrics
Mark Arena
 
PPTX
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
PDF
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
3 Hkcert Trend
SC Leung
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
Blake Carver
 
Is AI going to provide safety for us?
DLabs
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
Clare Nelson, CISSP, CIPP-E
 
Ransomware ly
Lisa Young
 
Attack Vectors in Biometric Recognition Systems
Clare Nelson, CISSP, CIPP-E
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
Maltego Webinar Slides
ThreatConnect
 
Targeted attacks
Barry Shteiman
 
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
An Introduction To IT Security And Privacy - Servers And More
Blake Carver
 
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
Clare Nelson, CISSP, CIPP-E
 
Threat Hunting Report
Morane Decriem
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Hacking
Purohit Rock
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
Threat Intelligence
Deepak Kumar (D3)
 
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Ad

Similar to Jerod Brennen - What You Need to Know About OSINT (20)

PPTX
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
PPTX
Intro to INFOSEC
Sean Whalen
 
PPTX
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
PPTX
Data Privacy for Activists
Greg Stromire
 
PPTX
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
PPT
Pentesting hygt frde education of engi.ppt
asranausheenasra
 
PPT
Bulletproof IT Security
London School of Cyber Security
 
PDF
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
PDF
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
PDF
Zen and the art of Security Testing
TEST Huddle
 
PDF
Spyware
Farheen Naaz
 
PDF
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
DOCX
Research Paper Sentence OutlineResearch Question How e-commer.docx
audeleypearl
 
PDF
Daniel billing exploring the security testers toolbox
Romania Testing
 
PPTX
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
PPTX
Peerlyst Delhi NCR Chapter Meet
Abhinav Mishra
 
PPTX
BsidesMCR_2016-what-can-infosec-learn-from-devops
James '​-- Mckinlay
 
DOCX
Earn Money from bug bounty
Jay Nagar
 
PDF
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
PDF
BSides LA/PDX
leifdreizler
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
Intro to INFOSEC
Sean Whalen
 
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Data Privacy for Activists
Greg Stromire
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
Pentesting hygt frde education of engi.ppt
asranausheenasra
 
Bulletproof IT Security
London School of Cyber Security
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Zen and the art of Security Testing
TEST Huddle
 
Spyware
Farheen Naaz
 
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
audeleypearl
 
Daniel billing exploring the security testers toolbox
Romania Testing
 
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
Peerlyst Delhi NCR Chapter Meet
Abhinav Mishra
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
James '​-- Mckinlay
 
Earn Money from bug bounty
Jay Nagar
 
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
BSides LA/PDX
leifdreizler
 
Ad

More from centralohioissa (20)

PPTX
Mike Spaulding - Building an Application Security Program
centralohioissa
 
PPTX
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
centralohioissa
 
PPTX
Bob West - Educating the Board of Directors
centralohioissa
 
PDF
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
centralohioissa
 
PPTX
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
PPTX
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
PPTX
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
PPTX
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
PPTX
Tre Smith - From Decision to Implementation: Who's On First?
centralohioissa
 
PDF
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
PPTX
Sean Whalen - How to Hack a Hospital
centralohioissa
 
PDF
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
PPTX
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
centralohioissa
 
PDF
Rafeeq Rehman - Breaking the Phishing Attack Chain
centralohioissa
 
PDF
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
PPTX
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
PPTX
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
centralohioissa
 
PDF
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
PDF
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
PPTX
Jim Libersky: Cyber Security - Super Bowl 50
centralohioissa
 
Mike Spaulding - Building an Application Security Program
centralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
centralohioissa
 
Bob West - Educating the Board of Directors
centralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
centralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
Sean Whalen - How to Hack a Hospital
centralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
centralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
centralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
centralohioissa
 

Recently uploaded (20)

PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
KodekX | Application Modernization Development
KodekX
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 

Jerod Brennen - What You Need to Know About OSINT

  • 1. Detecting the Undetectable: What You Need to Know About OSINT
  • 2. Hack all the things! Jerod Brennen, CISSP, GWAPT You can find me at: Twitter: @slandail LinkedIn: /in/slandail
  • 4. Want Answers? Start With the Right Questions. ◉What the heck is OSINT? ◉What’s your process? ◉What OSINT tools should I know about? ◉How do I defend myself?
  • 5. 1. What the heck is OSINT? Let’s begin at the beginning.
  • 7. Penetration Testing OSINT is a key component of the Penetration Testing Execution Standard (PTES). [Image from https://www.trustedsec.com/penetration-testing/]
  • 9. EDGAR U.S. Securities and Exchange Commission. Over 20 million filings for publicly traded companies. You can also split your content Google Finance Leadership, performance, news stories, external links. Step 1: Profile the Company LinkedIn Company page. Products, services, 30k foot view. Company Website Careful, here. Visits from your laptop = a record of your IP touching their web infrastructure.
  • 10. LinkedIn Employee names, titles, history with the company, and technologies that the IT staff uses. You can also split your content Facebook What do they eat for lunch? (More importantly, the answers to their secret questions.) Step 2: Profile the People Twitter Who do they talk to? What do they talk about? Search Engines Google, Bing, Duck Duck Go Individual Internet footprint
  • 11. In two or three columns The Wall of Shame U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Breaches Affecting 500 or More Individuals PrivacyRights.org Chronology of Data Breaches (2005 – present). Filter by source (if known), industry, and/or year. PasteBin / Cryptbin Designed to let programmers share and troubleshoot snippets of code, they’ve also become repositories for proof of breach. For example. “Here are 1,000 passwords. Send xxx bitcoins to this address for the other 49,000. Step 3: Research Previous Breaches
  • 12. Mobile Apps Start with Google Play and iTunes. Download the app file (.apk, .ipa) to your testing machine, unzip it, and start poking around. If they have an app in Google Play, reverse the app back to it’s original Java source code. You can also split your content Web Infrastructure Lots to cover here, folks. Let’s save the details for the next section. Step 4: Profile the Internet-Facing Infrastructure
  • 13. 3. What OSINT tools do I need to know about? Automation, folks. That’s where it’s at.
  • 14. Tell Me About Your Web Apps ◉ Netcraft Site Report http://toolbar.netcraft.com/site_report ◉ ICANN WHOIS https://whois.icann.org/en ◉ ARIN WHOIS-RWS https://whois.arin.net/ui/advanced.jsp ◉ Hurricane Electric BGP Toolkit http://bgp.he.net/
  • 15. These Are a Few of My Favorite Things ◉ Qualys SSL Labs – SSL Server Test https://www.ssllabs.com/ssltest/ ◉ PunkSPIDER https://www.punkspider.org/ ◉ UltraTools DNS Zone Transfer Lookup https://www.ultratools.com/tools/zoneFileDump ◉ SHODAN https://www.shodan.io/
  • 17. ““Automation, folks. That’s where it’s at.” – Jerod Brennen, just a few minutes ago
  • 19. 4. How do I defend myself? Sitting under your desk and crying is not an option.
  • 20. Riddle Me This, Batman… How much of what we’ve discussed would trigger an alert in your IDS/IPS?
  • 21. ◉ Unauthorized ports open on Shodan? Close them. ◉ Web app vulnerabilities on PunkSPIDER? Fix them. ◉ Zone transfers were successful? Disable them. ◉ Passwords on Pastebin? Change them. ◉ Users oversharing on social media? Train them. Let’s Not Overcomplicate Things
  • 22. Would You Like to Know More? ◉Online Strategies http://www.onstrat.com/osint/ ◉Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page ◉IT Security Career http://www.itsecuritycareer.com/blog/what-you-dont-know- about-osint-can-hurt-you/
  • 23. Thanks! ANY QUESTIONS? You can find me at: Twitter: @slandail LinkedIn: /in/slandail