Module 2: OSINT Beginning
Module 3: OSINT Basics
Module 4: Sock Puppets
Module 6: Conclusion
If you are into Cybersecurity, especially Social Engineering, you have probably come across OSINT, which stands for Open Source Intelligence. In this course, we will try to lay a good foundation on going forward with the subject. Firstly, we will go through what OSINT is and who actually uses it. Then we will go through the ethics and moral/immoral side of it and in the end how people use OSINT since it is a thing that people use on the everyday basis without even knowing what they (we) are doing. Maybe you are a business that just wants to find out more about your competition or you met someone on an online dating site and you are interested in finding out more about them. There is also the “other” side of OSINT that is used as a process-stage of a cyber attack.
If you read the newspapers or you use the Internet, then you already have all the prerequisites for this course but basic technical terminology knowledge would be a great plus. Also, a computer/smartphone and an Internet connection would be mandatory.
Upon completion of the course, you are expected to go outside the box by looking for other resources because you have made a great foundation to move forward. By the end of this course, students should be able to:
- Understand the OSINT cycle
- Interpret the possible vectors of an investigation
- Understand how different tools work
- Conduct a basic OSINT investigation
- Prepare for the next steps in studying OSINT
What is Open Source Intelligence?
Open source intelligence is the most widely used subtype of threat intelligence. It’s a kind of intelligence that has some ethical implications, and because of that, there are laws that govern how it’s gathered. According to U.S. public law, OSINT is defined by the following characteristics:
- It’s produced from information that is publicly available
- It’s gathered, analyzed, and disseminated to the appropriate audience in a timely manner
- It addresses specific intelligence requirements
The key phrase that students must remember is “publicly available.” That means that the intelligence that is collected must be done legally.
Open source means that the information that is gathered is available for public consumption. It isn’t considered to be open source if is requires specialist techniques, tools, or skills to access the information.
Open source information is more than what can be found using online search engines, although resources and websites that can be located using Google search do make up a large portion of the open source that is gathered.
Information is also considered to be open source if it is:
- Broadcast or published for a public audience (e.g. news media)
- Available to the public by request (e.g. census information)
- Publicly available by purchase or subscription (e.g. industry journals)
- Able to be heard or seen by casual observers
- Made available at public meetings
- Obtained by attending an event or place that is open to the public
What Does the Open Source Intelligence Training Entail?
In this training course, students will have the opportunity to learn the basics of open source intelligence. The topics that will be covered include defining what exactly OSINT is, who uses it, and what the ethical and moral aspects of the practice are.
The course objectives for the OSINT class are:
- To understand the OSINT cycle
- To interpret possible routes of investigations
- To understand how various tools work
- To conduct a simple OSINT investigation
- To prepare for further study of OSINT
This course has a total clock time of 51 minutes. Students who complete the course will earn 1 CEU/CPE and receive a Certificate of Completion.
How is Open Source Intelligence Used?
Typically, in cybersecurity, open source intelligence is used in two common cases, ethical hacking and penetration testing and to identify external threats.
Ethical Hacking and Penetration Testing
Cybersecurity professionals use open source intelligence to determine where there are weaknesses or vulnerabilities in friendly networks so they can mitigate them before they are exploited by real threats. Some of the most commonly found weaknesses that are found using open source intelligence include the following:
- Open ports or unsecured internet connected devices
- Unpatched software
- Exposed or leaked proprietary assets
- Accidental leaks of sensitive information (like through social media)
Identifying External Threats
Using OSINT, cybersecurity professionals are often able to gain insights into an organization’s most critical threats. This may include identifying new vulnerabilities that are actively being exploited to intercepting threat chatter about an impending cyberattack. Open source intelligence allows cybersecurity personnel to prioritize time and resources to deal with the most crucial threats promptly.
Why is Open Source Intelligence Important?
Open source intelligence can be very useful to organizations because of its inherently public nature and its ability to save resources. The latter being its most significant benefit overall. Because the information gathered is publicly available, the expense required to gather it is far less than comparable classified information gathering. Additionally, OSINT is important for the following reasons:
- Performing investigations – There are many crimes (selling illegal products, scams, phishing, etc.) being committed all the time online and through social media. OSINT can help identify the evidence of criminal activity, geolocation, the account holder, and other relevant information.
- Due Diligence – Organizations’ HR departments benefit from using OSINT to gather information about prospective and existing employees – especially using social media.
- Protecting cyber footprints – Not only does OSINT allow people to gather information about other individuals or entities, but it helps them know how to limit the exposure of their own cyber footprints.
Nearly every industry, organization, and individual can benefit from having OSINT knowledge. Whether it is for identifying threats or learning how to minimize their own exposure, it’s important knowledge to have.
If you are interested in learning about open source intelligence in cybersecurity, our OSINT Fundamentals training course will be an ideal course for you. Enrolling in the course is simple, just click on the Register button in the top right corner of this screen to begin.