OSINT

Question 1

What does OSINT stand for?

Answer 1

Open-Source Intelligence

Question 2

What is OPSEC?

Answer 2

operational security – the practice of hiding yourself online by disassociating your online persona with your real self

Question 3

What is a public exposure assessment?

Question 4

How is OSINT useful to attackes?

Answer 4

aids in potentially effective social-engineering attacks, and spear-phishing email campaigns to be conducted, tailored to their intended targets to make them more believable

Question 5

What is the process of collecting publically available information for malicious purposes commonly referred to?

Answer 5

target information gathering, or passive information gathering (because the attacker is not directly engaging with the target’s systems, such as port or vulnerability scanning)

Question 6

Which roles utilize OSINT?

Answer 6

• Tactical Threat Analyst
• Strategic Threat Analyst
• Security Analyst
• Vulnerability Analyst
• Penetration Tester/Red Teamer

Question 7

How does a Tactical Threat Analyst utilize OSINT?

Answer 7

• conduct intelligence operations, gathering information on adversaries that may target their organization
• stay up to date with the latest trends and techniques used by these groups, in order to implement defenses
• collect IOCs

Question 8

How does a Strategic Threat Analyst utilize OSINT?

Answer 8

• conduct threat exposure assessments
• identify any information that the organization is “leaking” out on the internet

Question 9

How does a Security Analyst utilize OSINT?

Answer 9

• checking the reputation of IOCs such as IP addresses (VirusTotal, IPVoid), or email addresses and file hashes (VirusTotal, IBM X-Force Exchange)
• investigating fake social-media accounts that are being used to launch social engineering attacks against employees

Question 10

How does a Vulnerability Analyst utilize OSINT?

Answer 10

• crucial for this role to as they need to keep up to date with the latest publicly-announced vulnerabilities
• great OSINT source is the National Vulnerability Database and using TweetDeck to monitor Twitter for vulnerability-related news and disclosures

Question 11

How does a Penetration Tester/Red Teamer utilize OSINT?

Answer 11

gain information about their target company, such as internal systems and employee information

Question 12

What does the The Intelligence Cycle term describe?

Answer 12

a series of stages and procedures that a researcher has to perform to convert the collected data and information into intelligence products capable of bringing solutions to the organization

Question 13

What are the 5 steps in the The Intelligence Cycle?

Answer 13

1. Planning and Direction
2. Collection (gathering of data and information)
3. Processing of data and information
4. Analysis to produce meaningful intelligence
5. Dissemination of intelligence to the clients

Question 14

What is determined in the Planning and Direction phase?

Answer 14

the purpose of research and what kind of information you are looking for

Question 15

What is the objective of the Collection phase?

Answer 15

identification of which kind of processes you will use to carry out the collection of such information, and then, using all the techniques you know, obtain the data that will help you carry out your intelligence operation

Question 16

What are the objectives in the Processing of data and information phase?

Answer 16

• visualization of the information
• application of decoding, decryption, validation, and evaluation techniques to filter the huge amount of information obtained
• identify useful data for the research

Question 17

What is done in the Analysis to produce meaningful intelligence phase?

Answer 17

• compile all the information you filtered in the previous step to obtain the solutions to your initial problem
• creation of a coherent intelligence product (report, conference, etc.) that allows you to clearly explain the process you recently carried out

Question 18

What is done in the Dissemination of intelligence to the clients phase?

Answer 18

deliver the product you developed throughout the process to the stakeholders (individuals or groups) that requested it

Question 19

Why are the OSINT operations called a “passive operation”?

Answer 19

they are completely invisible and at no time will the individual or organization you are investigating realize who you are

Question 20

What are the 3 techniques used for online fingerprinting?

Answer 20

1. IP address
2. cookies
3. browser fingerprinting

Question 21

What is Sock Puppetry?

Answer 21

a deceptive practice in which a single individual creates and controls multiple accounts or personas to manipulate or deceive others

Question 22

What is the The Harvester tool used for?

Answer 22

command-line information-gathering tool that utilizes OSINT sources to gather information about the target domain and retrieves information such as hostnames, IP addresses, employees (and their positions), email addresses, and much more

Question 23

How to use theharvester to do a simple reconnaissance on the domain google.com, using Google as the data source?

Answer 23

theharvester -d google.com -l 100 -b google

Question 24

How to use theharvester to do a simple reconnaissance on the domain google.com, using LinkedIn as the data source?

Answer 24

theharvester -d google.com -l 100 -b linkedin

Question 25

What is Maltego?

Answer 25

data mining and information gathering tool, capable of obtaining real-time data on different types of entities (companies, people, websites, etc.), and representing them graphically through nodes, showing all the connections that the program was able to obtain over the Internet, about the subject under investigation

Question 26

What is the name of the website that is a hub for hundreds of OSINT sources and tools, and is easily sorted so you can find the tool that you need quickly?

Answer 26

https://osintframework.com

Question 27

What is the the https://tineye.com/ web app used for?

Answer 27

conduct reverse image searches

Question 28

Why is tineye useful?

Answer 28

with the alert service, we can be notified every time one of our images is identified on the internet - useful for monitoring the use of logos, especially trademarked ones

Question 29

What is the Google’s alternative of ‘tineye’?

Answer 29

https://images.google.com - search by image