Scribd
Upload
64 views

BU Security Camp 2020 OSINT

This document discusses open-source intelligence (OSINT) tools and how to use them safely. It begins by defining OSINT as intelligence derived from publicly available information and collected for a specific purpose. It then outlines common OSINT tools like social media, search engines, and public records databases. The document stresses the importance of staying safe by using passive reconnaissance, isolating targets, and protecting one's digital identity with techniques like virtual machines and VPNs. It concludes by encouraging the use of OSINT skills to help organizations like TraceLabs by working on collaborative cases.

Uploaded by

Màu Bay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
64 views

BU Security Camp 2020 OSINT

This document discusses open-source intelligence (OSINT) tools and how to use them safely. It begins by defining OSINT as intelligence derived from publicly available information and collected for a specific purpose. It then outlines common OSINT tools like social media, search engines, and public records databases. The document stresses the importance of staying safe by using passive reconnaissance, isolating targets, and protecting one's digital identity with techniques like virtual machines and VPNs. It concludes by encouraging the use of OSINT skills to help organizations like TraceLabs by working on collaborative cases.

Uploaded by

Màu Bay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

OSINT: CommonTools and

How to use them Safely


Siobhan Kelleher
Senior Security Analyst
Boston College
OSINT: Common Tools and How to use them Safely

Topics

• What is OSINT
• Using OSINT
• Tools and Resources
• Staying Safe
• Using Your Skills for Good

2
OSINT: Common Tools and How to use them Safely

What is OSINT?

“Open-source intelligence (OSINT) is intelligence that is produced from publicly available


information and is collected, exploited, and disseminated in a timely manner to an
appropriate audience for the purpose of addressing a specific intelligence requirement.”

3
https://www.govinfo.gov/content/pkg/USCODE-2011-title50/html/USCODE-2011-title50-chap15-subchapI-sec403-5.htm
OSINT: Common Tools and How to use them Safely

What is OSINT?
• The Internet
• Media (e.g. television, radio, newspapers, magazines)
• Professional Publications (journals, conferences, studies)
• Photos
• Geospatial information (e.g. maps and commercial imagery products)
• …and more

4
https://www.cia.gov/news-information/featured-story-archive/2010-featured-story-archive/open-source-intelligence.html
OSINT: Common Tools and How to use them Safely

How am I using OSINT?

• User Awareness Training


• Malicious email
• Missing People
• Domestic Abuse

5
6
http://www.hisutton.com/OSINT_Landscape.html
OSINT: Common Tools and How to use them Safely

Tools & Resources


• Social Media
• Tiktok, Twitter, Facebook, Snapchat, dating apps…
• Email
• Reverse Image Search
• Public Records
• Address, arrest records, death certificates
• Other

7
OSINT: Common Tools and How to use them Safely

Tools and Resources


• Mind Mapping
• Hunchly
• Excel
• Trello
• Session Buddy

8
9
https://github.com/WebBreacher/osinttools
OSINT: Common Tools and How to use them Safely

10
11
OSINT: Common Tools and How to use them Safely

Tools and Resources

Maltego

12
https://medium.com/@raebaker/a-beginners-guide-to-osint-investigation-with-maltego-6b195f7245cc
13
Image: https://twitter.com/velstadt_com/status/1206902436469911552
https://osintframework.com 14
OSINT: Common Tools and How to use them Safely

Tools and Resources

• SpiderFoot
• Free hobby edition- web based
• Free open source downloadable

https://www.spiderfoot.net/ 15
OSINT: Common Tools and How to use them Safely

Tools and Resources


Scylla Project

16
https://scylla.sh/ https://twitter.com/_hyp3ri0n
OSINT: Common Tools and How to use them Safely

Tools and Resources

• Reverse Image Search


• Find other accounts

https://tineye.com/

https://images.google.com/

17
OSINT: Common Tools and How to use them Safely

Tools and Resources

• Social Media Search


• Simple is sometimes better

18
Image: https://mn2s.com/news/social-media-management/five-ways-social-media-can-help-your-start-up-2/
OSINT: Common Tools and How to use them Safely

Staying Safe

• Why its important!


• Protect yourself
• Isolate the target protect the investigation

19
OSINT: Common Tools and How to use them Safely

Staying Safe

• Passive recon or “no touch”:


• No interaction with target
• Not invasive
• No illegal hacking
• Active recon:
• Logging into targets accounts
• Contacting target/friends/family

20
OSINT: Common Tools and How to use them Safely

Staying Safe

• Use a VM (virtual machine)


• Burn it when you are done
• VPN (virtual private network)
• Proton
• Brave
• Nord
• PrivateInternetAccess (PIA)

https://www.privacytools.io/ 21
OSINT: Common Tools and How to use them Safely

Staying Safe

• Sock Puppet Accounts


• Fake account used for recon
• Never use your personal social media accounts for OSINT investigations
• Insulate your personal information

22
OSINT: Common Tools and How to use them Safely

Staying Safe
https://www.thispersondoesnotexist.com/
• Sock Puppet Accounts
• Burner Phone
https://www.fakenamegenerator.com/
• Smart Proxy
• Wifi
• Fake Identity Generators

23
OSINT: Common Tools and How to use them Safely

Using Your Skills for Good

• TraceLabs
• CTF- prizes, and glory!
• Monthly collaborative cases

24
Image: https://www.tracelabs.org/resources/trace-labs-wallpapers/
OSINT: Common Tools and How to use them Safely

Summary

• If you can google you can do this


• Getting started:
• VM
• VPN
• Google
• Notebook
• Desire to help
• Keep organized

25
Thank You
Siobhan Kelleher
[email protected]

You might also like