OSINT Tools - Recommendations List With the New Year fast approaching I thought now would be a great time to post the first draft of some recommended Open Source Intelligence (OSINT) gathering tools and resources. I will look to maintain this list overtime and have it grow, so if you come across something you think should be on the list, drop me an email or leave a comment for consideration. The reconnaissance phase of any engagement is very important and can often save you alot of time and of course money. Facebook FBStalker tool uses Graph Search for powerful OSINT analysis Facebook, and more in general social networks, is a platform that if not properly managed could harm user’s privacy, the fact that also friends’ social behavior could have a dangerous impact on our digital experience is very concerning. Recently at the Hack In The Box conference in Kuala Lumpur, security experts Jonathan Werrett and Keith Lee from SpiderLabs demonstrated how to conduct a powerful OSINT analysis using a simple tool they created, anyone using it could find a comprehensive amount of data on any user of the popular social network. The tool for information gathering on Facebook created by the researchers is named FBStalker, a name that give us the idea of the potential of the instrument.
OSINT Resources - The Grey Network Why: This site is a guide to resources for finding information on the internet and some tools that allow it to be aggregated and interpreted into actionable intelligence. It is a link to search tools to find information. What: This site has information on Open source data sources. Some open source data may be contained in proprietary search tools.
Deep Web Search - A How-To Site The realm of Deep Web and that of Open Source Intelligence overlap heavily. I won’t deny it (even with plausible denibility). What is Open Source Intelligence aka OSInt? For those who aren’t familiar with Open Source Intelligence, it is merely intelligence gathering from open third party sources. Take for example a military analyst for Ghana, he has a limited budget and time.
Search: The Future of OSINT [is M4IS2-Multinational] Paradise Found The future of OSINT is M4IS2. The future of Open Source Intelligence (OSINT) is Multinational, Multifunctional, Multidisciplinary, Multidomain Information-Sharing & Sense-Making (M4IS2). The following, subject to the approval of Executive and Congressional leadership, are suggested hueristics (rules of thumb): Rule 1: All Open Source Information (OSIF) goes directly to the high side (multinational top secret) the instant it is received at any level by any civilian or military element responsive to global OSINT grid. This includes all of the contextual agency and mission specific information from the civilian elements previously stove-piped or disgarded, not only within the US, but ultimately within all 90+ participating nations.
Automated Open Source Intelligence (OSINT) Using APIs Introduction The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement. In this post, we will discuss what Open Source Intelligence (OSINT) is and why it takes so much time, as well as ways we can use various application programming interfaces (APIs) to automate much of this process for us. Hopefully this post will help shed light on the importance of proper privacy settings, and the threat of automated information gathering due to APIs. Table of Contents
2008 Open Source Intelligence (Strategic) 2.0 Now that everyone is paying attention, this is being posted in full text online in support of a larger M4IS2 / OSE dialog. Document: Strategic OSINT (Chapter 6 in Strataegic Intelligence Vol 2) 10 MB Links added below throughout, updated where appropriate. Network Intelligence Gathering This article is all about different information-gathering techniques on the network. It is the most essential and important task of attackers. Knowing the opponents and their interests can be valuable. Here I am going to show you which are the different ways and techniques one can do the network information/intelligence gathering. A U.S. Apache attack helicopter appears in China. Did they clone it? Images have surfaced on the Chinese Internet of what seems to be an actual AH-64D Apache or a real-size copy of the world’s most famous attack chopper. The helicopter, on a truck, seems to be in the process of being moved even if it is at least strange that it is not hidden below a protective covering, as happened for other mysterious choppers spotted on the move in China. It’s not easy to guess how Beijing put their hands on the helicopter. It could be one of the U.S. Army Apaches downed or crash landed in Iraq, that was later fixed and exported in China.
OSINT Training created by Michael Bazzell Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and Michael Bazzell, and distributions are maintained on this page. The current build is 3GB and includes the following resources (Further Info): OSINT (Open-Source Intelligence) With an estimated 80% of required information available for use in an open source for specific information vital for a deep analysis in newspapers, magazines, industry newsletters, television transcripts, and blogs. OSINT makes our work easier, by using OSINT we are able to get important information in just a couple of minutes. Ethical Hacking Training – Resources (InfoSec)