OSINT - Introduction

Open Source Intelligence or Passive Open Source Intelligence in short OSINT is a process by which you can gather information about your target - may it be a person or company. By what you could imagine up to this point I suppose that main way of gathering specific information was through interacting with other person, or through some computer system. Whereas both of them might have been connected or could be property of your target. OSINT is a way of gathering information which will determine what technology, what systems and other technology the target is using. But I also mentioned that it could be used against specific person. In that manner, information like where he/she is working, how high salary is, what our target doing in free time, what car does he have, the interests - sometimes all kind of small things may matter. It could be said that we will try to find every information which can be connected to our person of interest. In some cases it could be easy because someone might be active on social media, since today people leave a lot of important info on the net. But there may be also people who don't like to use internet or stray away from social media. For that matter depending on country they live in the information might be obtainable from other sources - even government. What matters most in that case is to know where to look for it, and how to look - but more on that in the future part of this series. Also other interesting although not always connected with OSINT is something as basic as identifying fake news - and in era of the web it is easy to find manipulated or made up information.

For now, I think that you should more or less understand what OSINT is, and to make it kind of appealing topic to you I would ask to choose your colleague who actively uses social media and another who isn't keen on doing that. When you decide, then you could try to for eg. deduce their likes/dislikes - the food, hobbies and something other which can be deduced from internet activity or comments they leave.

Let's get back to the topic but still keeping it simple - for now. If you have done my little exercise then some questions could've popped up in your head. I hope that one of them is about more sources of information - that exclusively will be covered in future special part of this article. For starters you have to understand that web-based information is often incomplete and are not always easy to be visualized. OSINT data can be found at places like basic web searches, social media, security oriented search engines or public databases - to which accessibility ranges differing on what country the target is and many others. Since the data may be fragmented it always will be hard to explicitly say what to do and how to search for it but there are always main things that you have to do. That more or less cover human part of targets, but OSINT as I said previously could be aimed at machines. Here some things are going to be a little complicated to find. But your best bet will be Common Vulnerability and Exposures (CVE) and Common Weakness Enumeration (CVE). These two sources can give you information about system weak points and allow you to use them as entry points. But it is worth mentioning that CVE and CWE are not exactly connected to OSINT - they could be used to make security report for a client to show weak point's of their systems. These two things are more useful for exploitation but on that there will be separate article.

Going back to basics of doing OSINT, there isn't a standard path of doing things, but in my opinion it should be about as I have written in points below.

1. Figure out what you want to achieve
2. Start with what you already know
3. Collect data
4. Analyze data
5. Summarize
6. Use it