Open Source Intelligence
Sometimes more than you suspect!
What is Open Source Intelligence?
Open Source Intelligence, or OSINT for short, originates from the vocabulary of the military and state authorities. At this point we do not go into the exact history of the origin, here the opinions are divided.
"OS" means Open Source (public source).
"INT", comes from Intelligence.
Open Source Intelligence refers to the exploitation of public information sources in order to gain knowledge / information. Basically it does not matter which medium the source uses: Internet, radio, video or print media. The information only has to be public, free and legal. So anyone can collect Open Source Intelligence and use it correctly, it can mean a decisive advantage over the competition - you don't have to be an expert or a hacker to do that.
How to use OSINT?
You are using OSINT right now! We make our knowledge publicly and freely available for you and you take it up to gain new insights. Companies and persons constantly record OSINT information: Sales, marketing and product management use Open Source Intelligence for example to improve their reach, services or sales.
We as Cyber Security experts use OSINT tools in the first phase of "reconnaissance" to increase our efficiency and effectiveness. In addition, our approach includes a sophisticated strategy and the knowledge of where to find exploitable OSINT information!
With our expertise we find public information about employees, companies and their assets that could potentially be exploited and should not be public. Furthermore, Open Source Intelligence information helps us to search for weak points in your system. This can be in the form of version numbers of a software or server or which software is used.
Request an OSINT report for your company now!
How is OSINT information collected?
The definition of „passive" in penetration testing differs from the usual use of the term. „Passive" refers to methods that are inconspicuous and do not differ from the usual traffic on the website or the Internet.
A few examples are: Searching the target's website for possible vulnerabilities, searching common sources of information, reading server version numbers, employee names and emails, phone numbers, etc.
Activity comes into play when the pentester uses special tools to scan ports, vulnerabilities of non-updated Windows systems or server applications. The IDS (intrusion detection system) of the target could include these methods in the log. However, these methods are usually also inconspicuous and automated and can still be described as passive.
Social engineering could also be used as an active method. Someone calls your company and tries to gain valuable information.
Our offer for your company
Depending on your number of employees we would like to offer you a black box OSINT report for a location of your company from specialist. A Black-Box OSINT report simulates the behavior of a real attacker who knows nothing about your company. Read here more about penetration testing and black boxes. You don't have to > make any preparations, but you shouldn't warn your colleagues to get a "real" result.
With this report, you know exactly what information in World Wide Web about your company circulates and experience no nasty surprises!