Pentesting

avatar
Created by
Phillip Potgieter

Subdecks (1)

Cards (1595)

  • Open-source intelligence (OSINT)
    Analysis of publicly available information from a wide range of sources to produce actionable intelligence
    View source
  • Sources of OSINT
    • Internet
    • Social media platforms
    • News outlets
    • Public records
    • Academic publications
    View source
  • Social media open-source intelligence (SOCMINT)
    Techniques and tools that allow for the collection and analysis of information from social media platforms
    View source
  • Types of social media data
    • User-posted content
    • Metadata
    • Interactions
    View source
  • User-posted content
    Information or data that users share on social media, such as text, videos, images, and links
    View source
  • Metadata
    Data that provides information about other data, such as timestamps, location data, tags, hashtags, user profile information, and device information
    View source
  • Interactions
    The ways that users engage with each other and other pieces of content on social media, such as likes, reactions, shares, retweets, comments, replies, mentions, tags, follows, and unfollows
    View source
  • OSINT investigation
    1. Perform username search
    2. Conduct reverse image search
    3. Analyze Facebook posts
    4. Investigate Instagram and Twitter
    View source
  • With great power comes great responsibility when using OSINT tools
    View source
  • OSINT tools should be used ethically and responsibly to protect privacy and avoid misuse
    View source
  • Open Source Intelligence (OSINT)
    Intelligence produced from publicly available sources that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement
    View source
  • OSINT
    • Not exclusively used by the intelligence community, but by a number of other parties as well
    View source
  • Intelligence cycle
    1. Collection
    2. Processing
    3. Exploitation
    4. Dissemination
    View source
  • Data
    Raw information
    View source
  • Information
    Data that has been processed and organized
    View source
  • Intelligence
    Information that has been analyzed and interpreted to provide insights
    View source
  • Surface web
    • Content is easily accessible and indexed by search engines
    View source
  • Deep web
    • Content can only be accessed by direct connection using URL or IP address, not indexed by search engines
    View source
  • Darknet
    • Small peer-to-peer networks that require special software, configuration, and authorization to access
    View source
  • Dark web
    • Sites and hidden services only reachable by using the darknet
    View source
  • The rise of the Internet fundamentally changed the nature of public information
    View source
  • Today's behavior to voluntarily share personal information is in stark contrast to the reactions in the face of the 1983 German census where plans to survey some personal data were met with mass protest
    View source
  • OSINT use cases
    • Intelligence
    • Journalism
    • Recruiting
    • Law Enforcement Agencies
    • Penetration Testing
    • Social Engineering and Human Intelligence
    • Public Tracing
    • Missing Person And Rescue Search
    • Civil Protection
    • Cyber Risk Management
    • Preparation of a criminal act
    • To google
    View source
  • The common use of the verb 'to google' highlights that the exploitation of public sources does not rely on a certain skill set or background
    View source
  • To google
    A basic tool to access information available in surface web is the usage of a web search engine with Google being the most popular one
    View source
  • Conducting an online search has became so common that there is a verb to describe this action, to google
    View source
  • The verb 'to google' was included in the standard dictionary of the German language, the Duden, in 2004
    View source
  • An addition to the Duden is only done after a selection process where the candidate word has to prove that it is used regularly over a longer period of time in different contexts
    View source
  • The common use of the verb 'to google' highlights that the exploitation of public sources does not rely on a certain skill set
    View source
  • Experienced investigators may produce elaborated results beneficial to a broad number of different subjects, but also untrained people are able to derive certain information
    View source
  • The versatility of possible applications combined with its availability to (almost) everyone makes OSINT a powerful method
    View source
  • Open Source Intelligence Methodology
    1. Direction
    2. Collection
    3. Processing
    4. Analysis
    5. Dissemination
    6. Feedback
    View source
  • Direction
    Planning and preparation before the actual investigation initiates
    View source
  • Collection
    Focuses on the collection of data and is described as gathering data
    View source
  • Processing
    Serves different purposes depending on the underlying model, including transforming collected data into information
    View source
  • Analysis
    Converts information into intelligence, including the integration, evaluation, and analysis of the gained information to produce a result meeting the requirements
    View source
  • Dissemination
    Distributes the results of the investigation to the client
    View source
  • Feedback
    Concludes the investigation, including the evaluation of feedback to improve processes and archiving of results
    View source
  • Data
    The output achieved during the collection phase, considered as a set of facts without any explanation or analysis
    View source
  • Information
    Produced by processing the collected data, including translation, decryption, or format conversion, filtering, correlating, classifying, clustering, and interpreting the given data
    View source