SlideShare una empresa de Scribd logo

Open Source Intelligence

Descargar como PPTX, PDF
Napier University
Napier University

https://asecuritysite.com/cyberdata/ch03

Educación
1 de 24
Open Source Intelligence “From bits to information”
Outline • Threat Hunters. • Open Source Data. • OAuth 2.0, APIs and Web scraping. • Photographic sites. • Social Networks. • Crowd—sourced content. • Google hacks, Maltego and Wayback. • Shodan
Threat Hunters “From bits to information”
Threat Hunters • Collect and process data. This is a continual process and involves collecting data from internal systems - such as from SIEM generated data - and also from external sources. • Establish a hypothesis. This defines the basic reason for the hunting and will match to a business-oriented goal and which is relevant to the company. For example, a hypothesis could be that "A known threat actor could pay an insider to get access to our company and plant a backdoor Trojan on the network." • Hunt. This then backs up the hypothesis, and the hunter will go and try to find the required information to either corroborate or dismiss the hypothesis. • Identify threats. The proving of a hypothesis will then lead to a possible threat being identified. An organisation must then understand the scope of this threat, and whether it is real or not. • Respond. If a real threat is identified, it is important to create the required response and to put in place plans to further investigate, or create mitigation plans.
Open Source Data “From bits to information”
Open Source Intelligence • Social networks. This includes sources such as Facebook and Twitter and where individuals consent for their data to be seen either in a public space (such as with Twitter) or for their trusted contacts (as with Facebook). • Crowd-sourced content. Within crowd-sourced sites, groups of people come together to debate topics and/or answer questions. Typical crowd-source sites include Reddit and Stack Overflow. In fact, Reddit is now one of the top Web sites in the world. • Wikis. This includes sites which have been shared as Wikis. These can include publicly sourced information from sites such as Wikipedia, or less publicly-facing Wikis, such as FANDOM. The open-source information could contain information around company locations, key company employees, and links to sensitive company publications. The problem with less publicly available Wikis is that they are often created for sharing within a given project, but are still publicly scannable. • Google Hacks (aka Google Dorking). This involves using extensions within the Google search engine, and often target sites and document types.
Open Source Intelligence • Organisational web site. A typical source of intelligence might be from an organisation's Web site such as for key staff, organisational structure, locations, telephone numbers, and so on. • Job sites. Job postings can reveal information around the technologies that are used within an organisation, along with other information on the structure of the organisation and their locations. For example, a posting for an Oracle database designer might thus reveal some information around the type of data architecture that the company is using. • Business databases. This includes government sites which publish details of companies. One example of this in the US is the EDGAR database, and which reveals information about publicly trading companies. • Photographic sites. One of the largest growth areas within on-line content is in the hosting of photographs from users. Instagram, Flickr and Pinterest are three key sites which are popular for uploading photographs and short videos. Typically the location information within the EXIF data is stripped from the content.
Open Source Intelligence • Music information, services such as Spotify support the publishing of playlists to friends. • Video. The viewing of video information and likes/dislikes are normally kept private, but the posting of comments on videos, such as within YouTube, may reveal information into an open environment. • Interest sites. Sites of special interest are often good sources of open source intelligence, as users typically use a pseudo-ID and which can be linked to their core identity. The sites, too, are normally moderated for fake users, and for those who are abusing the terms and conditions of the site. LinkedIn is one site which requires users to define their proper name and often to provide their job history. Those who abuse the terms and conditions of the site are likely to be spotted, and removed from the site. • Location-based services. For some, the natural extension of sharing information on social media is to share location information on sites such as Foursquare. In a public space, it is typically associated with either a lifelogging - and where users document their life to others from their travels - or for swarm activities, and where users aim to swarm together. A swarming activity might relate to a political demonstration, and where activists aim to find other activists.
Open Source Intelligence • Influence. There are a number of sites which aim to measure the impact of things like users, brands and organisations. They typically gather federated access for a key social media account related to the user, and then measure their impact. A popular site is Kred and which publishes impact metrics, such as the number of followers that a user has, and the number of retweets that they gain. These metrics are then used by other sites, in order to publish league tables of key influencers. • Blogs. These sites include Tumblr and Medium, and are often sources of opinion pieces. • Collaboration. These types of sites support collaboration, and they typically constrain the open data to a range of trusted users. A typical service is Doodle. • Dark Web. While not quite open source, as it is not possible to access the Web infrastructure on the Dark Web, we can use the Tor protocol to connect to a Web server in the Dark Web, and scan for content. While the Tor project is useful for protecting privacy, the Dark Web has often been used for malicious purposes. A Tor browser can be used to connect to the open Web, and where the IP address which is defining in the log of the Web accesses will be defined with the IP address of the exit node of the Tor network. A full end-to-end encrypted connection can also be implemented onto a .onion site. It should be noted that a .onion site is not an automatic identifier that a site could have criminal activities.
Photographic Sites “From bits to information”
Photo information • Photographic sites can be used to build up timelines of activity, or at least build up a picture of the life of someone. In 2012, a hacker known as "w0rmer," broke into a number of law enforcement sites. He then posted a photograph on Twitter of a woman holding a sign taunting investigators. Unfortunately for him, the photograph contained EXIF metadata, and which included the GPS data of the location where the photograph was taken. Investigators traced it down to a house in Wantirna South, Australia. Increasingly, though, the GPS coordinates are stripped off online pictures by the service provider, but where the serial number of the camera is still defined. A sample of the metadata contained within a photograph is:
Photo information • Exif Image Size: 200x200 • Make: samsung • Camera Model Name: M-G965F • Orientation: Horizontal (normal) • Modify Date: 2019:07:27 10:08:09 • Y Cb Cr Positioning: Centered • Exposure Time: 1/100 • F Number: 2.40 • Exposure Program: Program AE • ISO: 125 • Exif Version: 0220 • Date/Time Original: 2019:07:27 10:08:09 • Create Date 2019:07:27 10:08:09 • Aperture Value: 2.39 • Brightness Value: 3.58 • Image Size: $512 times 288$ • Software: G965FXXU5CSF2 • Shutter Speed Value: 1/100 • Max Aperture Value: 1.5 • Focal Length: 4.3 mm • Image Unique ID: I12LLKF00SM • Compression: JPEG (old-style) • Resolution: 72 pixels/inch • Thumbnail Length: 13,528
Social Networks “From bits to information”
Social Networks
Twitter (User search)
Twitter (Search keyword)
Reddit
Google Hacks “From bits to information”
Google Hacks “fletype:xls "site:bobco” “inurl:passwords" "intext:bob". "intitle", and "daterange".
Wayback “From bits to information”
Wayback
Shodan “From bits to information”
Shodan
Open Source Intelligence “From bits to information”

Recomendados

Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
Chris Gates
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
Christian Martorella
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Maltego
MaltegoMaltego
Maltego
penetration Tester
 
Search Engine Skills for Workplace Investigators
Search Engine Skills for Workplace InvestigatorsSearch Engine Skills for Workplace Investigators
Search Engine Skills for Workplace Investigators
Case IQ
 
Investigating online conducting pre-interview research
Investigating online conducting pre-interview researchInvestigating online conducting pre-interview research
Investigating online conducting pre-interview research
Case IQ
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
phexcom1
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 

Recomendados

Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
Chris Gates
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
Christian Martorella
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Maltego
MaltegoMaltego
Maltego
penetration Tester
 
Search Engine Skills for Workplace Investigators
Search Engine Skills for Workplace InvestigatorsSearch Engine Skills for Workplace Investigators
Search Engine Skills for Workplace Investigators
Case IQ
 
Investigating online conducting pre-interview research
Investigating online conducting pre-interview researchInvestigating online conducting pre-interview research
Investigating online conducting pre-interview research
Case IQ
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
phexcom1
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow 30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow
Mike Kujawski
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc
Cyber Threat Intelligence Network
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
Case IQ
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
Adam Nurudini
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
n|u - The Open Security Community
 
Digital investigations
Digital investigationsDigital investigations
Digital investigations
garrettdiscovery
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
c0c0n - International Cyber Security and Policing Conference
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
Social Media and Privacy
Social Media and PrivacySocial Media and Privacy
Social Media and Privacy
Typeset
 
Deep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia HetheringtonDeep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia Hetherington
Case IQ
 
Conducting Anonymous Online Investigations - Webinar
Conducting Anonymous Online Investigations - WebinarConducting Anonymous Online Investigations - Webinar
Conducting Anonymous Online Investigations - Webinar
Case IQ
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
Artificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine LearningArtificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine Learning
Gordon Haff
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
Falgun Rathod
 
Twitter Terms of Service Explained - Jake White
Twitter Terms of Service Explained - Jake WhiteTwitter Terms of Service Explained - Jake White
Twitter Terms of Service Explained - Jake White
Jake White
 
Lightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising PrivacyLightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising Privacy
Gordon Haff
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
Sloan Carne
 
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT ToolsIntroduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
Mike Kujawski
 

Más contenido relacionado

La actualidad más candente

30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow 30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow
Mike Kujawski
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
Case IQ
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
Artificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine LearningArtificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine Learning
Gordon Haff
 
Lightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising PrivacyLightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising Privacy
Gordon Haff
 

La actualidad más candente (20)

30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow 30 Tools and Tips to Speed Up Your Digital Workflow
30 Tools and Tips to Speed Up Your Digital Workflow
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
 
Digital investigations
Digital investigationsDigital investigations
Digital investigations
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Social Media and Privacy
Social Media and PrivacySocial Media and Privacy
Social Media and Privacy
 
Deep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia HetheringtonDeep Web Search Part 2 by Cynthia Hetherington
Deep Web Search Part 2 by Cynthia Hetherington
 
Conducting Anonymous Online Investigations - Webinar
Conducting Anonymous Online Investigations - WebinarConducting Anonymous Online Investigations - Webinar
Conducting Anonymous Online Investigations - Webinar
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Artificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine LearningArtificial Intelligence: Beyond Machine Learning
Artificial Intelligence: Beyond Machine Learning
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Twitter Terms of Service Explained - Jake White
Twitter Terms of Service Explained - Jake WhiteTwitter Terms of Service Explained - Jake White
Twitter Terms of Service Explained - Jake White
 
Lightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising PrivacyLightning Talk: Using Data without Compromising Privacy
Lightning Talk: Using Data without Compromising Privacy
 

Similar a Open Source Intelligence

Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
Open Analytics
 

Similar a Open Source Intelligence (20)

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT ToolsIntroduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
Introduction to the Responsible Use of Social Media Monitoring and SOCMINT Tools
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Social Media Dataset
Social Media DatasetSocial Media Dataset
Social Media Dataset
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Presentation social networking service
Presentation social networking servicePresentation social networking service
Presentation social networking service
 
The Open, Social Web Workshop
The Open, Social Web WorkshopThe Open, Social Web Workshop
The Open, Social Web Workshop
 
Going beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conferenceGoing beyond google 2 philadelphia loss conference
Going beyond google 2 philadelphia loss conference
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
Social Media and the Future of Privacy
Social Media and the Future of PrivacySocial Media and the Future of Privacy
Social Media and the Future of Privacy
 
Footprinting
FootprintingFootprinting
Footprinting
 
Designing for Privacy NY Studio—10/04/21
Designing for Privacy NY Studio—10/04/21Designing for Privacy NY Studio—10/04/21
Designing for Privacy NY Studio—10/04/21
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
Becoming a verification ninja - Sona Patel - Fresno NewsTrain 4.22-23.22
Becoming a verification ninja - Sona Patel - Fresno NewsTrain 4.22-23.22Becoming a verification ninja - Sona Patel - Fresno NewsTrain 4.22-23.22
Becoming a verification ninja - Sona Patel - Fresno NewsTrain 4.22-23.22
 
dark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdfdark-web-and-cybercrime.pdf
dark-web-and-cybercrime.pdf
 
Social Media & Open Social Introduction
Social Media & Open Social IntroductionSocial Media & Open Social Introduction
Social Media & Open Social Introduction
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docx
 

Más de Napier University

Más de Napier University (20)

Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
Networks
NetworksNetworks
Networks
 
Memory, Big Data and SIEM
Memory, Big Data and SIEMMemory, Big Data and SIEM
Memory, Big Data and SIEM
 
What is Cyber Data?
What is Cyber Data?What is Cyber Data?
What is Cyber Data?
 
10. Data to Information: NumPy and Pandas
10. Data to Information: NumPy and Pandas10. Data to Information: NumPy and Pandas
10. Data to Information: NumPy and Pandas
 
2. Defence Systems
2. Defence Systems2. Defence Systems
2. Defence Systems
 
1. Cyber and Intelligence
1. Cyber and Intelligence1. Cyber and Intelligence
1. Cyber and Intelligence
 
The Road Ahead for Ripple, Marjan Delatinne
The Road Ahead for Ripple, Marjan DelatinneThe Road Ahead for Ripple, Marjan Delatinne
The Road Ahead for Ripple, Marjan Delatinne
 
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
Delivering The Tel Aviv Stock Exchange Securities, Duncan Johnston-Watt
 
ARTiFACTS, Emma Boswood
ARTiFACTS, Emma BoswoodARTiFACTS, Emma Boswood
ARTiFACTS, Emma Boswood
 
RMIT Blockchain Innovation Hub, Chris Berg
RMIT Blockchain Innovation Hub, Chris BergRMIT Blockchain Innovation Hub, Chris Berg
RMIT Blockchain Innovation Hub, Chris Berg
 
Keynote, Naseem Naqvi
Keynote, Naseem Naqvi Keynote, Naseem Naqvi
Keynote, Naseem Naqvi
 
Browser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinBrowser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F Mondschein
 
Should we transform or adapt to blockchain - a public sector perspective?, Al...
Should we transform or adapt to blockchain - a public sector perspective?, Al...Should we transform or adapt to blockchain - a public sector perspective?, Al...
Should we transform or adapt to blockchain - a public sector perspective?, Al...
 
IoT device attestation system using blockchain, Alistair Duke
IoT device attestation system using blockchain, Alistair DukeIoT device attestation system using blockchain, Alistair Duke
IoT device attestation system using blockchain, Alistair Duke
 
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Robust Programming of Smart Contracts in Solidity+, RK ShyamasundarRobust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
 
Using Blockchain for Evidence Purpose, Rafael Prabucki
Using Blockchain for Evidence Purpose, Rafael PrabuckiUsing Blockchain for Evidence Purpose, Rafael Prabucki
Using Blockchain for Evidence Purpose, Rafael Prabucki
 
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
Cryptocurrencies and cyberlaundering- the need for regulation, Gian Marco Bov...
 
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata FereirraEmerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
Emerging Regulatory Approaches to Blockchain-based Token Economy, Agata Fereirra
 
P2P Publication Model on Blockchain, Imtiaz Khan
P2P Publication Model on Blockchain, Imtiaz KhanP2P Publication Model on Blockchain, Imtiaz Khan
P2P Publication Model on Blockchain, Imtiaz Khan
 

Último

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
 

Último (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Open Source Intelligence

  • 2. Outline • Threat Hunters. • Open Source Data. • OAuth 2.0, APIs and Web scraping. • Photographic sites. • Social Networks. • Crowd—sourced content. • Google hacks, Maltego and Wayback. • Shodan
  • 3. Threat Hunters “From bits to information”
  • 4. Threat Hunters • Collect and process data. This is a continual process and involves collecting data from internal systems - such as from SIEM generated data - and also from external sources. • Establish a hypothesis. This defines the basic reason for the hunting and will match to a business-oriented goal and which is relevant to the company. For example, a hypothesis could be that "A known threat actor could pay an insider to get access to our company and plant a backdoor Trojan on the network." • Hunt. This then backs up the hypothesis, and the hunter will go and try to find the required information to either corroborate or dismiss the hypothesis. • Identify threats. The proving of a hypothesis will then lead to a possible threat being identified. An organisation must then understand the scope of this threat, and whether it is real or not. • Respond. If a real threat is identified, it is important to create the required response and to put in place plans to further investigate, or create mitigation plans.
  • 5. Open Source Data “From bits to information”
  • 6. Open Source Intelligence • Social networks. This includes sources such as Facebook and Twitter and where individuals consent for their data to be seen either in a public space (such as with Twitter) or for their trusted contacts (as with Facebook). • Crowd-sourced content. Within crowd-sourced sites, groups of people come together to debate topics and/or answer questions. Typical crowd-source sites include Reddit and Stack Overflow. In fact, Reddit is now one of the top Web sites in the world. • Wikis. This includes sites which have been shared as Wikis. These can include publicly sourced information from sites such as Wikipedia, or less publicly-facing Wikis, such as FANDOM. The open-source information could contain information around company locations, key company employees, and links to sensitive company publications. The problem with less publicly available Wikis is that they are often created for sharing within a given project, but are still publicly scannable. • Google Hacks (aka Google Dorking). This involves using extensions within the Google search engine, and often target sites and document types.
  • 7. Open Source Intelligence • Organisational web site. A typical source of intelligence might be from an organisation's Web site such as for key staff, organisational structure, locations, telephone numbers, and so on. • Job sites. Job postings can reveal information around the technologies that are used within an organisation, along with other information on the structure of the organisation and their locations. For example, a posting for an Oracle database designer might thus reveal some information around the type of data architecture that the company is using. • Business databases. This includes government sites which publish details of companies. One example of this in the US is the EDGAR database, and which reveals information about publicly trading companies. • Photographic sites. One of the largest growth areas within on-line content is in the hosting of photographs from users. Instagram, Flickr and Pinterest are three key sites which are popular for uploading photographs and short videos. Typically the location information within the EXIF data is stripped from the content.
  • 8. Open Source Intelligence • Music information, services such as Spotify support the publishing of playlists to friends. • Video. The viewing of video information and likes/dislikes are normally kept private, but the posting of comments on videos, such as within YouTube, may reveal information into an open environment. • Interest sites. Sites of special interest are often good sources of open source intelligence, as users typically use a pseudo-ID and which can be linked to their core identity. The sites, too, are normally moderated for fake users, and for those who are abusing the terms and conditions of the site. LinkedIn is one site which requires users to define their proper name and often to provide their job history. Those who abuse the terms and conditions of the site are likely to be spotted, and removed from the site. • Location-based services. For some, the natural extension of sharing information on social media is to share location information on sites such as Foursquare. In a public space, it is typically associated with either a lifelogging - and where users document their life to others from their travels - or for swarm activities, and where users aim to swarm together. A swarming activity might relate to a political demonstration, and where activists aim to find other activists.
  • 9. Open Source Intelligence • Influence. There are a number of sites which aim to measure the impact of things like users, brands and organisations. They typically gather federated access for a key social media account related to the user, and then measure their impact. A popular site is Kred and which publishes impact metrics, such as the number of followers that a user has, and the number of retweets that they gain. These metrics are then used by other sites, in order to publish league tables of key influencers. • Blogs. These sites include Tumblr and Medium, and are often sources of opinion pieces. • Collaboration. These types of sites support collaboration, and they typically constrain the open data to a range of trusted users. A typical service is Doodle. • Dark Web. While not quite open source, as it is not possible to access the Web infrastructure on the Dark Web, we can use the Tor protocol to connect to a Web server in the Dark Web, and scan for content. While the Tor project is useful for protecting privacy, the Dark Web has often been used for malicious purposes. A Tor browser can be used to connect to the open Web, and where the IP address which is defining in the log of the Web accesses will be defined with the IP address of the exit node of the Tor network. A full end-to-end encrypted connection can also be implemented onto a .onion site. It should be noted that a .onion site is not an automatic identifier that a site could have criminal activities.
  • 11. Photo information • Photographic sites can be used to build up timelines of activity, or at least build up a picture of the life of someone. In 2012, a hacker known as "w0rmer," broke into a number of law enforcement sites. He then posted a photograph on Twitter of a woman holding a sign taunting investigators. Unfortunately for him, the photograph contained EXIF metadata, and which included the GPS data of the location where the photograph was taken. Investigators traced it down to a house in Wantirna South, Australia. Increasingly, though, the GPS coordinates are stripped off online pictures by the service provider, but where the serial number of the camera is still defined. A sample of the metadata contained within a photograph is:
  • 12. Photo information • Exif Image Size: 200x200 • Make: samsung • Camera Model Name: M-G965F • Orientation: Horizontal (normal) • Modify Date: 2019:07:27 10:08:09 • Y Cb Cr Positioning: Centered • Exposure Time: 1/100 • F Number: 2.40 • Exposure Program: Program AE • ISO: 125 • Exif Version: 0220 • Date/Time Original: 2019:07:27 10:08:09 • Create Date 2019:07:27 10:08:09 • Aperture Value: 2.39 • Brightness Value: 3.58 • Image Size: $512 times 288$ • Software: G965FXXU5CSF2 • Shutter Speed Value: 1/100 • Max Aperture Value: 1.5 • Focal Length: 4.3 mm • Image Unique ID: I12LLKF00SM • Compression: JPEG (old-style) • Resolution: 72 pixels/inch • Thumbnail Length: 13,528
  • 13. Social Networks “From bits to information”
  • 18. Google Hacks “From bits to information”
  • 20. Wayback “From bits to information”
  • 22. Shodan “From bits to information”