An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information...
Transcript of An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information...
![Page 1: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/1.jpg)
www.8arc.com
AnintroductiontoOpenSourceIntelligence
![Page 2: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/2.jpg)
www.8arc.com
Introduction
![Page 3: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/3.jpg)
www.8arc.com
OpenSourceIntel:whatisit?
wheretofindit?andwhydoweneedit?
![Page 4: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/4.jpg)
www.8arc.com
Data
Information
Intelligence
![Page 5: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/5.jpg)
www.8arc.com
Closed
• InternalCorporateInformation• IntelligenceDatabase• RiskManagementDocuments• Partner(Agency)Data• Profiles:current+previous• WebsiteAnalytics(Internal)• BIData• FinancialData• IntellectualProperty• CRMs• HRrecords
ClosedvsOpenSourceOpen
• Accounts• Whois• Google(searchengines)• Publicfacingdocuments• NewsChannels• PeertoPeerForum• WebsiteAnalytics(External)• SocialMedia• CompanyInformation• Personneldetails
![Page 6: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/6.jpg)
www.8arc.com
“WhenItookoffice,onlyhighenergyphysicistshadeverheardofwhatiscalledtheWorldWideWeb,nowevenmycathasit’sownpage.”
BillClinton,exAmericanPresident
![Page 7: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/7.jpg)
www.8arc.com
We’realwayslookingforentitiesandlinks!
Themorewehavetheclearerthepicture
![Page 8: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/8.jpg)
www.8arc.com
InvestigationEnvironment
![Page 9: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/9.jpg)
www.8arc.com
Thingstoconsider?
• Standalonenetwork/machine• Dedicatedbroadband– dynamicIPaddress(mobilebroadband)• Backupbroadband&network/machine• Standardsoftware– antivirus,firewall,IDS/IPS/OperatingSystem,browseretc.• Specialistsoftware– OSINT/intelligence/evidentialsoftware &capturetools• Onlinelegends• VisualisationTools• Buildajumpkit
![Page 10: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/10.jpg)
www.8arc.com
Alsoconsider…
• Defineasetfilestructure• Setafilenamingconvention• Keepaninvestigationlog/workbook• InvestigationPlan• Riskassessment• VPNs&Proxies(AWS)• Setyourstandpointonanonymity
![Page 11: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/11.jpg)
www.8arc.com
Anonymity
![Page 12: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/12.jpg)
www.8arc.com
• Digitalfootprintsarethetrailleftbyinteractionswithdigitalenvironments
• Theseinteractionsareusedtoprofileyou• Tofootprintornottofootprint?
Anonymity&DigitalFootprints
![Page 13: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/13.jpg)
www.8arc.com
OperatingSystemsPros&Cons• Linux• Windows• MacOS• Chrome• IOS• Android• (VirtualMachines)
![Page 14: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/14.jpg)
www.8arc.com
Browsers,DevOptions,Add-ons
![Page 15: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/15.jpg)
www.8arc.com
Browsers
![Page 16: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/16.jpg)
www.8arc.com
LynxTextBrowser
![Page 17: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/17.jpg)
www.8arc.com
BrowsersDevOptions
![Page 18: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/18.jpg)
www.8arc.com
BrowserAdd-Ons
![Page 19: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/19.jpg)
www.8arc.com
Demo- Lightbeam
![Page 20: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/20.jpg)
www.8arc.com
Add-ons– afewmore• ExifViewer– (AlanRaskin)• FireShot• Unshorten.it!• UserAgentOverrider• Livehttpheaders• CookiesManager+
![Page 21: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/21.jpg)
www.8arc.com
Windows+R%APPDATA%thenMozilla– Firefox- Profiles
SelecttherightprofileSelectExtensions
Add-OnswillbeinanxpifileExtractasyouwouldazipfile
Ifyoudon’tlikesomething,Changeit!
![Page 22: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/22.jpg)
www.8arc.com
CaptureTools
![Page 23: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/23.jpg)
www.8arc.com
SnagIt/Camtasia
![Page 24: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/24.jpg)
www.8arc.com
FireShot
![Page 25: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/25.jpg)
www.8arc.com
Httrack
![Page 26: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/26.jpg)
www.8arc.com
SearchEngines
• Google• Bing• Yahoo• Duckduckgo• Dogpile• Httrack?
![Page 27: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/27.jpg)
www.8arc.com
![Page 28: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/28.jpg)
www.8arc.com
GoogleHacking
•Cache:•Intitle:•Allintitle:•Inurl:•Allinurl:•Filetype:(orext:)•Allintext:
•Site:•Link:•Inanchor:•Daterange:•Numrange:•View-source
![Page 29: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/29.jpg)
www.8arc.com
GoogleHacking• Cache:‘&strip=1’usedwiththe‘cache:’operator• Stringsearchbyuseofspeechmarks“”• Logical(Boolean)Operators:• ‘AND’‘+’• ‘NOT’‘-’• ‘OR’‘|’
![Page 30: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/30.jpg)
www.8arc.com
OtherGoogleareasofinterest:• News• Finance• Groups• Images• Blogs• Scholar
![Page 31: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/31.jpg)
www.8arc.com
GoogleHacking
Demonstration
![Page 32: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/32.jpg)
www.8arc.com
ContentDeliveryNetworks
•Asystemofdistributedserversthataccelerates delivery ofwebsites,APIs,video content orotherwebassets.
![Page 33: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/33.jpg)
www.8arc.com
Example– AWSCloudFront
![Page 34: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/34.jpg)
www.8arc.com
BuildingaJumpKit
![Page 35: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/35.jpg)
www.8arc.com
Robtex
![Page 36: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/36.jpg)
www.8arc.com
DomainTools
![Page 37: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/37.jpg)
www.8arc.com
A fewmorefavs• CompaniesHouse• Companycheck.co.uk• Namesense.com• SameID.net• Builtwith.com• Majestic.com(SEOBacklinkChecker)
![Page 38: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/38.jpg)
www.8arc.com
PortableApps
![Page 39: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/39.jpg)
www.8arc.com
Automation&Visualisation
![Page 40: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/40.jpg)
www.8arc.com
Maltego
![Page 41: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/41.jpg)
www.8arc.com
Man&Machine
Machinesaregoodatautomation=transformsHumansaregoodatpatternrecognition=visualgraph
![Page 42: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/42.jpg)
www.8arc.com
Sowehave...
Maltegoconcept:• Entities:‘things’– informationtype• DNSName/Person/Phonenumber/more...
• Transforms:movesonetypeofthingtoanothertype• DNSresolving/Searching/Databaseaccess/Deepweb
![Page 43: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/43.jpg)
www.8arc.com
Maltego
![Page 44: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/44.jpg)
www.8arc.com
VisualProgramming
![Page 45: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/45.jpg)
www.8arc.com
VisualProgrammingviaRapidminer
![Page 46: An introduction to Open Source Intelligence - OWASP Closed •Internal Corporate Information •Intelligence Database • Risk Management Documents • Partner (Agency) Data • Profiles:](https://reader034.fdocuments.net/reader034/viewer/2022042307/5ed3b5a288b4c2224555033e/html5/thumbnails/46.jpg)
www.8arc.com
VisualProgramming