Before a cybercriminal wants to engage in a targeted attack against a particular organization or individual, they’d like to know a few things first. That’s where OSINT comes into play.
The term OSINT is short for open source intelligence – referring to any bit of information that can be gathered by attackers for free. This is normally details collected on the Internet (e.g., company and title from LinkedIn, etc.), but, technically, can include offline information. These valuable pieces of information are collected using a variety of tools and methods that, in general, do not tip off the victim of the OSINT activity in the slightest.
The goal of any targeted attack is to make it look as legitimate as possible. This involves using as many contextual cues as are available to improve the illusion of legitimacy and lower the potential victim’s defenses. While I’ve given two examples of OSINT that can easily be collected, curiosity normally drives most security professionals to wonder what other kinds of details are relatively simple to find.
The OSINT Framework is a visually-represented collection of what data is able to be collected and by which tools.
Many of these tools fall into the category of penetration testing toolsets used by red teams. Should you want to do a bit more diligence into what these tools can do and how they are used, there are a few places to look:
Don't like to click on redirected buttons? Copy & paste this link into your browser: