Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    OSINT – a Hacker’s First Asset in Targeted Attacks

    OSINT

    Before a cybercriminal wants to engage in a targeted attack against a particular organization or individual, they’d like to know a few things first. That’s where OSINT comes into play.

    The term OSINT is short for open source intelligence – referring to any bit of information that can be gathered by attackers for free. This is normally details collected on the Internet (e.g., company and title from LinkedIn, etc.), but, technically, can include offline information. These valuable pieces of information are collected using a variety of tools and methods that, in general, do not tip off the victim of the OSINT activity in the slightest.

    The goal of any targeted attack is to make it look as legitimate as possible. This involves using as many contextual cues as are available to improve the illusion of legitimacy and lower the potential victim’s defenses. While I’ve given two examples of OSINT that can easily be collected, curiosity normally drives most security professionals to wonder what other kinds of details are relatively simple to find.

    The OSINT Framework is a visually-represented collection of what data is able to be collected and by which tools.

    7-20-19 Image

    Many of these tools fall into the category of penetration testing toolsets used by red teams. Should you want to do a bit more diligence into what these tools can do and how they are used, there are a few places to look:

    • Kali Tools – based on the Kali Linux penetration testing distribution, this site provides information on each tool and how to use it.
    • Searx – a metasearch engine, this site gives you search results from over 70 search engines anonymously.

    Hacking Data Sources-SOCIAL_NODATEIf you’d like to hear more about the topic of OSINT, check out our latest on-demand webinar A Look Behind The Curtain: Open Source Intelligence (OSINT) Hacking Data Sources That Bad Guys Use, featuring world-renowned hacker Kevin Mitnick. Get an inside look into some of Kevin’s most prized, underground OSINT secrets and how the bad guys use those techniques to target your users and your organizations.

    Watch Now

    Don't like to click on redirected buttons? Copy & paste this link into your browser:

    https://info.knowbe4.com/osint-with-kevin-mitnick

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Security Awareness Training, Hacking

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews