OSINT or Open Source Intelligence is at the heart of what we do. We are as good as the information we work from, so reconnaissance is crucial. That is where OSINT comes in. We can glean what we need to know from many online sources, thanks to social media, especially LinkedIn, Facebook and Twitter. But to do recon well, we need to know how to deep dive, to focus and track our quarry.
Each year, Defcon features the Social Engineering CTF, and the winners consistently say they spent hours in advance doing their OSINT research on their targets. I did my first SE CTF at Hackfest this year and learned how much I need to learn.
There are some truly great resources in our community who have shared what they know (I’ll put a list below of some I follow). I’m borrowing heavily from Joe Grey’s recent piece on Peerlyst here, and he won the Derbycon 2017 Social Engineering CTF. Believe me, OSINT, like any skill, is something you continuously develop and hone. Here is what I can share for now:
You can start with the basics, Google Dorking. Use Google as the tool it is, and modify your search parameters to find anything.
Complete Privacy and Security Podcast
Tools of the Trade:
You’ll find a collection of these in Kali Linux and Buscador (I love this).
Those to Learn From:
Michelle Fincher aka @SultryAsian