.jpg)
Section 3 - OSINT in Information Security
OSINT in information security plays an important role in identifying potential threats and vulnerabilities, as well as in risk analysis. For example, when conducting an internal audit or network security check, using OSINT allows you to obtain information about the company and its employees from open sources. This helps to identify possible problems, such as weak passwords, leaks of confidential information, and other threats that can become an entry point for intruders.
Identification of risks and vulnerabilities The main advantages of using OSINT in information security include the ability to quickly detect potential threats and vulnerabilities, as well as the analysis of intruder trends. This can be the purchase of paid subscriptions on closed forums, as well as the purchase of exploits themselves.
Section 4 - Tools and Techniques in OSINT
The use of search engines in Open Source Intelligence (OSINT) is an integral part of the process and should be one of the first tasks of the researcher.
The most effective technique for advanced use of search engines (in our example, Google) is called Google Dorking.
Google Dorking
Google Dorking is a way to search for information using special queries and filters in Google. This type of search allows you to reduce the selection and describe the search query more specifically, thereby obtaining more relevant results.
Considering that the settings of many sites allow search robots to dive quite deeply into their structure, we can receive confidential or vulnerable information in such results.
I'll show you a couple of examples.
The site: operator limits the search… In our case, we
.jpg)
We search only by domain codeby.net
.jpg)
You can view all operators on the Wikipedia page.
Also, here are a few more resources on the topic of Google Dorking.
Shodan
.jpg)
Shodan is a Google-like search engine that primarily focuses on searching for devices connected to the Internet using various filters.
Reconnaissance: Shodan can be used to find information about a specific device or company such as IP address, location, open ports, etc. This can help in gaining valuable information.
Device and System Identification: SHODAN provides information about the type and version of devices used on the network. This can help identify specific devices and their characteristics, as well as identify potential vulnerabilities.
Search for public information: Shodan can be used to search for public information related to a particular device such as the device name, type, manufacturer, etc. This can help in getting a more complete picture of the device and its functionality.
Overall, Shodan in the OSINT area provides valuable information that can be used for security analysis.
.png)
Whois
Whois is a network protocol used to determine the owner of a domain name, IP address, or autonomous system used on the Internet. There is a Whois database that contains information about registered domains, their owners, and contact information.
When you register a domain name, you are required to provide contact information that is entered into the Whois database. This may include your name, email address, phone number, and postal address. The database also contains information about the domain registrar and the date of registration.
I'll show you an example:
.png)
“whois” is a command line utility that allows you to obtain information about registered domains and IP addresses using the Whois protocol.
.jpg)
What data/information can we extract from this output?
The company that registered the domain is MarkMonitor Inc (Registar). The contacts that should be used in case of violations related to this domain are also indicated. abusecomplaints@markmonitor.com (Register Abuse Contact Email).
+1.2086851750 (Registar Abuse Contact Phone).
Also, the servers of the specified site are issued, you can get the owner's full name. What other tools can be used?
- Whois.ru
- Whois.com
- Who.is
- Reg.ru
.png)
Wayback Machine is a collection of archived copies of web pages and other resources saved from the time of their creation and available for public viewing. It is one of the most popular tools for searching and viewing past versions of web pages.
The Wayback Machine builds its archive by regularly scanning and indexing millions of web pages. The search is performed on the site via the search bar. The system then displays a list of available archive copies of that page at different times. Users can select a specific date and time and view the saved version of the page as it looked at the time of scanning.
.jpg)
What useful information can we extract from the Wayback Machine service?
Studying website changes: The Wayback Machine allows you to track the evolution of websites over time. You can see how the design, structure, and content of a site have changed. This can be useful for analyzing a company's development strategy, changes in products or services, and identifying industry trends.
Checking Facts and Evidence: The Wayback Machine can be used to check the accuracy of information provided on a website in the past. This is especially useful in cases where a page has been modified or removed.
Finding outdated contact information: If a website owner has previously listed contact information on pages, the Wayback Machine can help you find this information. This can be useful for contacting previous owners or administrators of the site.
Detecting Policy Changes: Using the Wayback Machine, you can find out what changes have occurred to a website's privacy policy, terms of use, or other legal documents. This can be useful for understanding what data is being collected and how it is being used.
Section 5 - Practical Task Let's look at the task "Crypto Investor" from the OSINT category from
.jpg)
“I invested in cryptocurrency and accidentally sent all my coins to an unknown wallet” - this is the description we are greeted with at the beginning of the task. Let's get started!
.png)
The hint tells us that cryptocurrency and Telegram are related.
.png)
.png)
.jpg)
