home.. presentations..

Intro to OSINT (Redacted)

Adam Hassan / February 2024 (442 Words, 3 Minutes)

osint

This presentation consisted of me essentially doxxing myself to a room of cybersecurity students.

Unfortunately, I had to remove some of that before posting it online, but hopefully it’s still useful.

Transcript:

OSINT Open Source Intelligence

Table of Contents OSINT: WHAT WHY HOW Examples / OSINT in the news OSINT Resources Practice!

What is OSINT? Open Source Intelligence Use what is available on the internet (and elsewhere) to find out information Specifically excludes closed-source information from private sources

Digital Footprint Age of Data A lot of data is archived or mirrored archive.org People share: Photos Location Job Information

The Follower Uses open cameras & AI to figure out where you took a photo

Hack Me If You Can (WSJ) https://www.wsj.com/podcasts/the-journal/hack-me-if-you-can-part-1-the-making-of-a-russian-hacker/31cce8f6-94a8-469e-a86e-53600fc4f2c3

Why OSINT?

OSINT In CTFs 🚩 Someone will make a fake profile: Fake accounts GitHub Twitter Fake (AI generated) Profile Picture Goal is to find some information (a flag) found anywhere on the internet Data hidden in profile picture Flag on a social media post Leaked password …

OSINT In Red Team Goal is to find out about the target before you start actively scanning for information Crucial part of reconnaissance Goals: How many employees? Did their passwords get leaked online? What do employee emails look like? Is there a pattern? Did anyone leak information about devices / architecture / responsibilities / network privilege Are there any sites that are vulnerable? For a physical pentest: Cameras? Locks? Security Guards?

How to OSINT?

Google Dorking http://www.google.com/advanced_search “Advanced” Googling that lets you be more specific “” (quotes) Find an exact phrase on google AND / OR Boolean conditions for more specificity

Google Dorking pt.2 site: Specify which site you want results to be from

Google Dorking - Examples

Bing Dorking ?

Different Search Engines Cache different things Google and Bing will let you request to remove cached results https://support.google.com/webmasters/answer/7041154?hl=en Go over this occasionally to find things online that you want there Request Removal

Simulated OSINT

Your Target:

Your Target: UFSIT University of Florida Club Does Cybersecurity Stuff??? They like “Kernel” Sanders

LinkedInt LinkedIn Reconnaissance Tool Search by: Company Keyword Email Generate a list of potential targets

GitHub Can have sensitive code / details in repositories Could be old or in dangling commits Might leak email in commit messages

Sherlock Look for username across hundred of websites Useful to find out more about a target

Holehe Can determine if an email has an account on a website Uses “forgot password”

Hunter.io Guess Standard Email Format Find emails of employees

GHunt Look up people’s emails Find Google Reviews Use location frequency Find Public Calendars Find YouTube account Find Public Photo Libraries

haveibeenpwned

Should-I-Call-Back https://should-i-call-back.org/ Find out information about caller Location Name Mobile Provider

Voterrecords https://voterrecords.com/ Look online for voter registration Can find out: Political Party Rough Location Age

Tineyes Find the original location of a photo Some photos may contain metadata if not properly filtered

Exifdata Exiftool (Terminal Utility) jimpl.com Look for: Location Date Phone model (vulnerabilities??) …

OpenStreetMap (OSM) Database https://www.openstreetmap.org/ Query map info including: Highways Buildings Trees Light Poles Mailboxes …

Querying the OSM with Overpass Turbo

Querying the OSM with Overpass Turbo

https://wiki.openstreetmap.org/

Pimeyes Find photos of people with the same/similar face

What do we have? Full Name Photo Email Hundreds of Accounts Password Hashes (We can try to crack) Phone Number Location Job University API Keys

© 2024 Adam Hassan