OSINT mindset to protect your organization
Information on the public internet is increasing exponentially. The public information about your organization includes employees, email addresses, public facing digital assets (domains, subdomains & IP addresses), documents, policies and much more. Anyone having access to internet could gather more information about your organization than you think.
Open Source Intelligence, also known as OSINT in short, is an art of gathering publicly available data to derive useful information. The usage of the information is upto the OSINT investigator, it could be used for or against your organization. In this talk we would dive into an OSINT investigator’s perspective of information. We would have a detailed look at different ways one could gather information about your organization and how the information could be used in weakening or compromising your security.
We would end the session with the available ways to reduce harmful effect of your public information. The attendees would leave the talk with a deep understanding of how information could harm against you, along with ways to prevent it.
- What is OSINT ?
- The OSINT Mindset
- What do you know about the organization ?
- Supply Chain
- What do you technically know about the organization ?
- Domains & Subdomains
- Digital assets, IP addresses & their open ports
- Technology stacks used
- Did you check out the employees ?
- Email addresses
- Online coding
- Online content sharing
- Username and password reuse
- OpSec as a defensive measure
Chandrapal Badshah is a security researcher and open source enthusiast. He is the founder and maintainer of “Hack with GitHub” – an initiative to showcase open source security tools on GitHub. He has contributed to multiple projects revolving around mobile app security, automation and open source intelligence (OSINT). He has given multiple talks including those at Null community monthly meets. He is an active member at Null Bangalore and contributes to the community as a chapter lead.