Open Source Intelligence (OSINT)

Data is growing and continues to spread all over social media, websites, applications, devices, etc. This is especially so with organizations all over the world pushing to “the cloud” to facilitate efficiency productivity. Though this push to “the cloud” can (and has) lead to misconfigurations and exposures of all kinds at all levels.

Security teams have an unbelievably important task given to them: to protect their organization's assets. One of the priorities that always takes precedence is the perimeter: Build up the walls so no one can get in!  What happens when those walls have cracks? These are all issues that Open Source Intelligence (OSINT) can help find!

OSINT is a methodology of collecting and analyzing publicly available resources that can facilitate research, competitive intelligence, general information, and even IT Security.

OSINT is not new as it has been around for a very long time, and continues to evolve with the technological age. Modern day examples of OSINT include posing a question to a community forum or simply performing a search on the Internet. Currently, many security professionals are using OSINT and OSINT tools to improve the security posture of their organizations.  Tasks that may include any or all of the following: validation of company public facing assets, certificates, unintended information disclosure, cloud security, latest threats and staying up-to-date with industry trends.

However, this approach does present many difficulties: lack of staff, lack of OSINT tools, and lack of infrastructure to properly deploy OSINT tools. Empowering organizations to overcome these “difficulties”, is the cornerstone of ThreatNG’s research and development.