Explain about OSINT?

What is OSINT?

The abbreviation of OSINT is Open-Source INTelligence. It is a visible method for data collection. Generally the word open-source refers to any information can easily available for public utilization.

The definition of OSINIT according to U.S. public Law is:

• It is produced from publicly available information.
• It is collected, analyzed, and distributed in a timely manner to a suitable audience.
• Addresses a specific intelligence requirement.

Basically, open-source information systems are not limited to what you can find using the major search engines. More Additional Information On Ethical Hacking Online Training

OSINT PROCESS:

OSINT includes the 5 phases in its process. The following diagram shows the OSINT process.

1. Source Identification:- It is the initial phase of the OSINT process. In this phase, the attacker identifies the potential sources from which information may be gathered.
2. Data harvesting:- In this phase, the attacker collects and harvests information from the select sources and other sources that are discovered.
3. Data processing and information:- During this phase, the attacker processes the harvest information for actionable observation by searching for information that may assist in the enumeration.
4. Data analysis:- In this phase, the attacker performs data analysis of the processed information using OSINT analysis tool.
5. Results delivery:- It is the final phase in the OSINT analysis and findings are reported to other red team members.

How is OSINT used?

OSINT can be used in 2 cases they are:

1.Ethical hacking and penetration testing

2. Identifying External threats.

1. Ethical hacking and penetration testing:

Open-source intelligence can be used by security professionals to identify potential weaknesses in friendly networks. So that they can be remediated before they are exploited by threat actors.

Commonly founded weakness is

• An accidental leak of sensitive information.
• Open port and unsecured internet-connected devices.
• Uncorrected software such as websites running old versions of common CMS products.

2. Identifying external threats:

The internet has an excellent source of insights into an organization’s most pressing threats. In most cases, this type requires an analyst to identify and correlate multiple data points to validate a threat before the action is taken.

one of the most important things of open source intelligence is that it is often used in combination with other intelligence subtypes. Intelligence from sources are internal telemetry, closed dark web communities are regularly used to filter and verify the open-source intelligence.

OSINT TOOLS:

The following are some of the OSINT tools, that are mostly used by penetration testers, social engineers and security researches for their different projects. To get in-depth knowledge on Cyber Security Online Training

1.Maltego

2.Shodan

3.google darks

4. The harvester

5.Tineye

1.Maltego:

Paterva had developed the maltego. It is used by security professionals and forensic investigators for collecting and analyzing open-source intelligence. By using this we can easily collect the information from various sources and use various transforms to generate graphical results. Maltigi is written in java. User registration is required. And there is no registration fee for registration.

2.shodan:

Google is a search engine for all users. But, shodan is a search engine for hackers. Shodan provides a lot of information about the assets that have been connected to the network. The network devices are computers, laptops, webcams, traffic signals, and various IoT devices. Shodan helps the security analysts to identify the target and test it for various default settings or passwords, available ports, banners, services, etc.

3.Google Darks:

In the internet one most commonly used search engine is google. If we search any single thing it shows the various hundred of pages sorted in order of relevance. The results range from ads, websites, social media posts, images, etc. Google dorks help users to search results in a better and efficient way. This done as below:

4.The harvester:

A harvester is an important and very good tool for getting email and domain-related information. It is very useful for elaborating information.

Take your career to new heights of success with an Hacking, enroll for live free demo on Ethical Hacking Training

5.Tineye:

Tineye is used to perform image related operations searches on the web. It has various products like a Tineye alert system, color search API, mobile engine, etc. By using Tineye we can search images available online and from where the image has been taken. Tineye uses neural networks, machine learning, and pattern recognition for getting the results. It uses the image matching, watermark identification, signature matching, and other parameters to match image matching keyword.

This article has covered the three types of aspects of OSINT. One is what is OSINT and the other is the OSINT process, and the final one is OSINT tools. I hope you have gotten enough ideas on this.