From the course: Deep Dive into Open-Source Intelligence
Understanding the value of OSINT
From the course: Deep Dive into Open-Source Intelligence
Understanding the value of OSINT
- [Instructor] During an offensive security engagement such as a penetration test or Red Team Engagement, security professionals typically follow a standard methodology which can be seen in the course notes. While security professionals argue back and forth about which is better and why. Most pros agree that intelligence gathering and reconnaissance is one of the first essential steps in the ethical hacking process. You might be wondering why so many standards and methodologies include intelligences gathering as a foundational step. Well, open source intelligence gathering helps the attacker narrow their focus and profile a victim. Let's take a look at an example. I performed OSINT in the early phases of my penetration test of an organization where the goal was to break in to and steal emails from top executives. During the engagement I used some of the OSINT techniques we'll cover in later videos. By performing DNS harvesting, Advanced search engine queries and other tactics. The reconnaissance resulted in the executive's first name, last name, user name, email address, family members name, and birth dates. I also found the company's internal password policy and the URL used by the organization's employees to access their email. With all this valuable information gathered early in the hacking process, my job at breaking in to the company's email system became a lot easier. From reading the company's password policy document, the requirements mandated a minimum of eight character passwords containing at lease one uppercase letter, a lowercase letter, and a number. Assuming the executive uses the minimum length password, there are over 218 trillion possible passwords. Even with a modern brute force hacking tool it would be impractical to try each password one after the next. Instead of attempting all password combinations I took the information harvested from the executive's social media post to build a custom password list containing their children's first names, birth dates, and frequent vacation spots. Instead of spending what might be a lifetime trying every possible password, the custom password list only took six attempts before gaining access to the executive's email. Mission accomplished. This is just one example of how the results of OSINT can help profile people, technology, and the organizations you're targeting. The more time spent performing reconnaissance in the early phases of an attack, often results in the last time and effort in later phases of the attack.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
OSINT overview2m 38s
-
Understanding the value of OSINT2m 23s
-
(Locked)
Introduction to passive reconnaissance3m 8s
-
(Locked)
Introduction to active reconnaissance2m 39s
-
(Locked)
Pros and cons of active and passive reconnaissance2m 26s
-
(Locked)
Introduction to sources of OSINT4m 39s
-
(Locked)
Introduction to VPN and anonymizers2m 49s
-
-
-
-
-