Harness the power of the internet with OSINT. Defendza helps you to gather information for analysis and then prepare for red team attack operations to ensure your business is totally prepared for cyber attacks.
OSINT (Open Source Intelligence) is a process that involves gathering and analysing information using resources from the internet and other sources that are open to anyone. This exercise is black-box - no prior information is provided by the client.
During complex assignments such as red teaming, intelligence gathering is the reconnaissance process against a target to gather useful information that could be used for attacks such as email-based phishing campaign subjects and voice phishing attacks. It is what a cyber criminal would do to target you or your business.
Given the recent boom in social networking applications, it is critical to be aware of how much information your business might inadvertently be giving away.
This is a passive assessment - all information is collected and analysed using online sources. There are no intrusive attacks attempts on infrastructure.
OSINT ensures you stay informed via regular checks on the sensitivity of your staff, technology, or assets in the web market – knowledge is power. If you have this knowledge, you’re staying ahead of the game.
OSINT determines various entry points into an organisation – they might be physical, electronic, or human – and keeps you informed about your vulnerabilities, so that you can do something about them.
OSINT identifies information that has been made public inadvertently by communications, marketing and other departments through things like case studies, online forums or formal email messages, so that you know what’s out there.
OSINT validates your controls against exposure that could form cyber espionage campaigns: it helps keep you safe.
HUMINT (Human Intelligence) complements the more passive gathering on the asset as this information could not be found using online sources. However, this element is excluded from all our corporate assessments, and no 'personal' perspectives are included to obtain corporate assessment objectives.
Though the majority of the information such as personnel records, locations, etc are correct, however, OSINT may not be accurate or timely. In some cases, the information sources may be deliberately/accidentally manipulated to reflect erroneous data; information may become obsolete as time passes, or simply be incomplete.
It does not encompass dumpster-diving or any methods of retrieving company information off physical items found on-premises.
A high level of OSINT exercise revolves around the following pillars of information.
From email address and social media websites like LinkedIn, details about the staff would be obtained. This would include -
Multiple searches are performed on the internet as well as darknets (overlay networks that require specific software/configuration). Using several web services, utilities, scripts and other techniques are used to search the leaked sensitive information.
As part of Defendza's methodology, online searches are performed about employees that actively posted information online. This involves searches around code repositories such as Github, developer forums, test and staging websites.
Information such as usernames/names of employees, software products names is searched and extracted from inside the documents found online.
In this phase, we obtain details about the organisation and their staff using various online sources. This includes (and is not limited to)
Email addresses are harvested from the internet using special scripts to look for target domains.
Based on the naming notation, personnel names are searched from online sources that are then used to create email addresses. This is one of the techniques used as a preparatory step for phishing campaigns.
A complete address including building and postal code of the organisation including details of ownership (rental, owned, shared) from which it operates. This will also include any international offices or branches that are distributed geographically around the world.
Further, where possible information about the location of cameras, gates, fences, backdoors, anti-tailgating doors and other physical security measures that are posted online or that can be found via Google maps and other online resources. This includes data obtained from Google Street view as well.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
