By Tomasz Staroń

OSINT - Introduction

OSINT - Introduction

Open Source Intelligence, or OSINT, is the process of gathering information about a target—whether it’s a person or a company—using publicly available sources. You might imagine that the main way to get specific information is by interacting directly with a person or a computer system belonging to the target. However, OSINT is different. It is a way of gathering data that determines what technologies, systems, and infrastructures a target is using without ever touching their private property and in some cases without walking out of his home.

People as Targets

OSINT can also be used against specific individuals. In this context, we look for details like where they work, their approximate salary, their hobbies, what car they drive, and their general interests. Sometimes, the smallest details matter most. Our goal is to find any piece of information that can be linked to the person of interest.

In many cases, this is easy because people are very active on social media and leave a large "digital footprint" behind. But what about those who avoid the internet or stay away from social media? Depending on the country they live in, information can still be obtained from other sources, such as public government records. The key is knowing where to look and how to look—which I will cover in a future part of this series.

Note: A related skill to OSINT is identifying fake news. In the modern web era, it is incredibly easy to find manipulated or completely fabricated information. Learning to verify your sources is a vital part of the process.

A Small Exercise

To see how appealing this topic can be, I have a small exercise for you:

  1. Choose one colleague who is very active on social media.
  2. Choose another who isn't keen on using it.
  3. Try to deduce their likes, dislikes, favorite foods, or hobbies based solely on their internet activity or the comments they leave.

The Technical Side: From People to Machines

If you tried the exercise, you probably realized that web-based information is often fragmented and hard to visualize. OSINT data can be found through basic web searches, social media, security-oriented search engines, or public databases (though access to these varies by country).

While OSINT often focuses on the "human" element, it can also be aimed at machines. Finding technical details can be a bit more complicated, but your best resources will be:

  • CVE (Common Vulnerabilities and Exposures): A list of publicly disclosed cybersecurity vulnerabilities.
  • CWE (Common Weakness Enumeration): A category system for hardware and software weaknesses.

While CVEs and CWEs aren't "strictly" OSINT in the traditional sense—they are more often used for exploitation or security reporting—they are essential for identifying the entry points of a system. I will cover exploitation in a separate article.

The OSINT Workflow

There is no "standard" way to perform OSINT, but a successful investigation usually follows these steps:

  1. Define the Goal: Figure out exactly what you want to achieve.
  2. Start with the Known: List what you already know about the target.
  3. Collect Data: Gather raw information from various sources.
  4. Analyze Data: Look for patterns and connections between the fragments.
  5. Summarize: Organize your findings into a clear picture.
  6. Apply: Use the information for its intended purpose (like a security audit).