2.9 Leveraging OSINT Part 1

00:00

Hello and welcome to the last video from the first module data collections. And this video is fully dedicated for leveraging ascent in Cyber threat intelligence context. Another interesting data source that can be used for threat intelligence

00:19

is awesome or open source intelligence.

00:22

Let's see together its advantages. These advantages, the purpose behind using awesome in threat intelligence and some examples and real cases are fused. In essence, open source intelligence is derived from data and information that is available for general public. It's not limited

00:42

to ah, what can be found using Google Search engine

00:47

off all the threat Intelligence subtypes,

00:50

open source intelligence or ascent is perhaps the most widely used, which makes sense because it is mostly free.

00:59

There is a great deal off critical information available about your adversaries and startling amount about you, your organization, your assets and infrastructure. And all of them are easily available by anyone

01:15

before did diving into us. And let's start with a quick definition. Open source intelligence, mostly called Ascend, is defined by both the U. S. Director off national intelligence and the U. S. Department of Defense, as produced from publicly available information that is collected,

01:36

exploited

01:37

and disseminated in a timely manner to an appropriate audience for the purpose off addressing specific intelligence requirement. So here, the important phrase to focus on is publicly available

01:51

when it comes to advantages and disadvantages. Off ascent. The main advantages are awesome. Offer unlimited potential in any topic. They are relatively with low cost and generally up to date and can be shared with anyone. However, the main difficulty

02:09

in

02:10

ascent that is, that it could be this information or simply inaccurate. In other words, the chief difficulty is identifying relevant, reliable sources that are from the vast amount off publicly available information.

02:27

Ossan is used for multiple purposes, and one of these that I will start with is called the dark side Off Open Source Intelligence.

02:37

So basically, ah, the dark side off ascent is anything that can be found by security professor. Professionals

02:45

can also be found by threat actors

02:47

threat Actors use open source intelligence tools and techniques, toe, identify potential targets and exploit weaknesses in target networks. So once the vulnerability is identified, it is often an extremely quick and simple process to exploit it and achieve

03:06

very tee off malicious objectives.

03:09

This process is the main reason why so many small and medium sized companies get Hackett each year. It's because vulnerabilities in their networks or website architectures are found using simple Ossan tools. In short, they are easy targets.

03:31

Open source intelligence Doesn't Onley enable technical attacks on I t systems? Because threat actors also seek out information about individuals and organizations that can be used for sophisticate. Sophisticated social engineering companies

03:50

wasn't can not only leverage by threat actors and hear what concern as the most is using using ascent from a threat, intelligence sight or by threat intelligence team.

04:04

So, for instance, Threat intelligence teams use Ascend for Jewell main reasons. First, they can identify the organization's exposed attack surface and even see this aspect in more detail in our the next slights. Also, the second this case is to collect

04:24

any information that might be available about your adversaries briefly

04:29

from identifying which new flows are being actually exploded. Tool monitoring threat actor communications about upcoming attacks wasn't enable security professionals to prioritize their time and resources to address most significant trending threats.

04:46

The main purpose off using innocent toe identify your attack surface is to be one step ahead off Attackers. There are plenty off information that you can collect through ascent. For instance, you can collect Ah, public appearances associated with your organization, and they're open ports.

05:08

You can identify company domains and septum sub domains and their associate ID certificates.

05:15

You can identify technologies that are being used in your Web sites. You can also find our e mails off your employees and their phone numbers. You can find also exposed servers or databases, and these are not the only things that you can find using. It wasn't because you can also find

05:35

public documents that are not supposed to be

05:38

public and public source code that can expose passwords, credentials, tokens, et cetera. And, of course, another big source off information is social media.

05:51

Another purpose off? Using awesome, particularly as Cyber Threat Intelligence Team is that adversaries leave their evidence that you can enrich to create context and help decision making. For instance, if we take the example off fishing campaign targeting your company,

06:12

adversaries will start with delivering the email or send you the malicious email containing a malicious link. Are directing to a credential theft page

06:23

here by applying ascend all the malicious you, Earl, you can find their who is records that will help you identify whether the website belongs to the adversaries infrastructure or is it probably compromised? Website

06:40

Here you will ask What's the difference here? So your course of actions may change according to these facts.

06:48

Also, monitoring social media like Facebook, instagram, Twitter, etcetera, Reddit forums can also help you to get a new overview off threat actors activities. Now let's move to some examples off since one of the most known Ossan sources

07:08

is gold Awesome framework.

07:10

Awesome Framework is a cyber security framework. Ah, collection off arson tools that are created to make intelligence collection easier For analysts,

07:20

it provides simple were based interface that allows youto bro's different horse and tools filtered by categories. When you click all the categories, such as username email address, domain name, a lot off useful resource is will appear on the screen. Inform off secretaries

07:41

I really recommend visiting and discover in the different tools offered by us and framework

07:46

through their official website

07:50

wasn't also offer

07:53

Ah specifics, Search and giant

07:55

like show Dan senses and binary Etch a probably showdown is the most known that lets users are fine specific types off computers like Webcams, routers, servers, et cetera, connected to the Internet using a verity off

08:11

filters. The same thing is offered by

08:15

senses and binary edge, so these websites Kroll the Internet for publicly available devices. Multiple threat actors use showdown toe, identify publicly available devices or service is with different configuration.

08:30

Senses can be also used to find Web sites associated with a certain certificate i, p's related Toe A organizations, et cetera.

08:41

I believe it's worth adding aerial case example. And here I chose, showed, and I tried to find the number off exposed elect Sixers Instances and Docker instances that are publicly exposed through their open ports and product

09:01

elastic for a Sixers Instances