From here on out, these “weekly” blog posts will serve a similar function to the previous post. They are for those who may have missed the general meeting but still want to be informed about the topics we talked about.
With that said, our topic of discussion for the third meeting of the semester was open source intelligence, or OSINT. A short description of each subtopic of OSINT that we covered is below.
Google Dorking / Old Web Pages
Knowing how to use all the tools the Google search engine provides is an invaluable tool for OSINT work. One very important skill is something known as Google dorking. This involves using some of the more advanced options built into the search engine to search for specific things such as domains, file types, and specific strings, to name a few. Another useful skill that is not necessarily specific to Google is analyzing old versions of web pages. Two of the most popular ways to do this are looking at the cached versions of the sites in search engines or using the Wayback Machine (https://archive.org/web/).
Domain names are a simple way to resolve IP addresses to make them easier to remember, and there are many tools to map domain names to IP addresses. With some of these tools, one can gain more information about the site like who made the website or what servers they are running on. One can also find subdomains for specific websites, which are used to partition the functionality of the site such as testing or providing specific functionality to a group of users. They are sometimes hidden, but they can be very promising targets.
There are three main types of documents, ones that contain information about the target, ones created by the target, and ones with metadata that can give information to their origin. There are many ways to find documents, but one of the easiest is using Google dorking to search for specific document types. Document metadata can contain very valuable information such as the computer and username associated with the document, versions of software used to create it, and more.
Images / Videos
Images can assist in identifying locations, contacts, and more and there are many different ways to get information from them. First, most major search engines provide a form of reverse image search, which can be used to gain more information about it. Additionally, many images can come with metadata known as ‘exif data’, which can be used to determine where a picture was taken, among other useful information. Most cameras also leave a unique serial number in the exif data of an image, which can be used to locate the camera used to take the image. Videos can also be reverse searched by dissecting the video into multiple still frames and then reverse image searching those frames.
Social Networks are a gold mine of information for a threat actor, as usually people share large amounts of information on them and are not typically very careful who they allow to see that information. People searching is another useful skill, especially if one already knows a little bit of information about the person they are trying to search for. A related topic to this is using telephone numbers to look up people such as on a caller ID database.
Below are some good resources if you would like to learn more about OSINT:
The OSINT Framework: https://osintframework.com/
Michael Bazzell’s Open Source Intelligence Techniques: https://www.amazon.com/dp/169903530X/ref=cm_sw_em_r_mt_dp_aURxFbR23BSKC
Quiztime Riddles: https://twitter.com/quiztime?lang=en