OSINT overview

- [Instructor] While hacking is often defined as unauthorized access to data in a system or computer, open-source intelligence, or OSINT, used publicly available information and doesn't require any type of unauthorized access. The US Director of National Intelligence has a really long definition for OSINT that you can see here. Now, I like to shorten this definition to, "Useful data collected from publicly-available sources," because even though the way we use the information depends on our goals, it's still coming from publicly-available sources like social media or search engines. Most people don't realize how often the information they share can be used against them. Thanks to social media, the amount of information being distributed online often makes it hard for organizations and individuals to keep track of their online footprints. Let's look at an example. A friend posted a photo on social media showing her new car and license plate and a caption saying, "Goodbye, California. "Hello, New Hampshire." Her intentions were to share her excitement with her social network and show off her first car. However, my OSINT brain kicked into high gear seeing the wealth of information she unintentionally shared with the world. Without knowing it, she publicly gave away the following information: Two states where public records could potentially provide additional details about her. The answer to a common password reset question: What's the make and model or color of your first car? A license plate to cross-reference DMV records. Geolocation data in the photo pointing to her new home, and information that could be used for impersonation. For example, a DMV employee saying that there was an issue with her car's registration. Most people don't realize how the information they share, like the previous example, can be used against them by hackers to launch cyber attacks. This course will be directed at ethical hackers and penetration testers in training. However, don't let that discourage you if your career path looks different. The techniques in this course will be applied to information security individuals who want to better understand the hacker's mindset and find ways to protect their organization. From an ethical hackers perspective, no data is irrelevant. OSINT is typically part of the initial phase of the hacking life cycle where an attacker gains information on the target looking to identify weaknesses, or as I like to call them, low-hanging fruit. At times OSINT alone may result in valuable findings such as leaked usernames and passwords. However, more often than not, the results of OSINT aren't that direct. Information like a pet's name found in a target social media post can frequently be used to expedite password cracking or to answer security questions allowing you to reset their password. All this information will be critical in later phases of the hacking lifecycle.