Jump to content
OpenSecurity.global

  • Recently Browsing   0 members

    No registered users viewing this page.

Sherman Chu

OSINT Collection Management

By Sherman Chu, in Techniques

Recommended Posts

Sherman Chu    8

Sherman Chu
Posted

Hey folks, 

I'm sure that everyone in this club can agree that OSINT can be a very powerful force-multiplier in infosec, but how do ya'll manage the collection of OSINT?

Specifically, is the collection effort indexed and evaluated in a way that infosec teams (whether SMB or major-enterprise level) can go back and look at the efficacy, integrity, and veracity of said collection effort?

Do ya'll use frameworks such as the Admiralty System to evaluated OSINT data?

Share this post

Link to post

Daniel Cuthbert    16

Daniel Cuthbert
Posted

The Admiralty System is one I use a lot, but it can be subjective and also a lot of work to get right. Over the years of doing this, I looked for inspiration from those who really pioneered this space and actually shared stuff, such as the CIA and other agencies. The CIA is actually phenomenal in this regard, this document, titled 'A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis' has been hugely influential in helping develop my own approach and methodologies. 

 

2064828430_ScreenShot2019-09-10at08_32_31.png.fd7a566415e63da819dcca09e8bc0faa.png

Using this approach, with the Admiralty System to score each source and piece of intel, I find I ended up with a smaller subset of sources but ones that produced far higher value intel as a result. Page 17 really hammered home the use of contrarian techniques to determine if a source is good or not based upon what it was showing you. As I said earlier, the CIA release many informative articles and papers on the subject, and if you haven't read them yet, I urge you to. For example, Sailing the Sea of OSINT in the Information Age by Stephen C. Mercado which is a great read.

I'm keen to hear how others approach this too

 

  • Like 1

Share this post

Link to post

james mckinlay    116

james mckinlay
Posted
11 minutes ago, Michael D said:

What exactly are you all using OSINT for in infosec?

I use it to keep the infosec propaganda marketing away 

Share this post

Link to post

Daniel Cuthbert    16

Daniel Cuthbert
Posted
2 hours ago, Michael D said:

What exactly are you all using OSINT for in infosec?

A wide variety of tasks, from adversarial hunting to footprinting and more recently, vendor deep dives. For example:

- Vendor says they use a unique custom container approach to stop all malware from being an issue

- Me spends 24 minutes to find out actually they use React, Python, Ruby and ESXi and some bubble gum, an old loo roll and hope and prayers.

  • Like 1

Share this post

Link to post

james mckinlay    116

james mckinlay
Posted (edited)

vendor-myth-busting , should be an after school club for CS students or a scout badge

Edited by james mckinlay
  • Like 1

Share this post

Link to post
Go To Topic Listing

  • Members online now

    No members to show

  • Similar Content

    • Dean O'Neill
      .
      By Dean O'Neill
      .
    • Salaheldin A.
      OSINT Tools collections
      By Salaheldin A.
      OSINT Tools collections:
      Verification Toolset : https://start.me/p/ZGAzN7/verification-toolset
      Mapping & Monitoring : https://start.me/p/7k4BnY/mapping-monitoring
      Tools: https://start.me/p/Wrrzk0/tools
      Search Engines:  https://start.me/p/b56G5Q/search-engines
      Social Media Dashboard : https://start.me/p/m6MbeM/social-media-intelligence-dashboard
      Threat Intel, OSINT and malware investigation resources : https://start.me/p/rxRbpo/ti
      AML Toolbox : https://start.me/p/rxeRqr/aml-toolbox
      Technisette collection  : https://start.me/p/wMdQMQ/tools
      Ph055a collection  : https://github.com/Ph055a/OSINT-Collection
    • Zoë Rose
      Keep investigations from being compromised
      By Zoë Rose
      Hello OSINT fam 💜
      What’s the most valuable advice you’ve received regarding separation of investigations? 
      Mine was: 
      1. Create a new virtual machine for every investigation (also shared within IntelTechniques’ How To videos)
      2. Use VPNs
      3. Don’t overuse the same alias, and in some situations use new ones per engagement 
      Cheers 
    • Kev Breen
      Pastehunter
      By Kev Breen
      Its a tool I created almost 2 years ago, but its still finding sensitive data being posted to pastebin and other sites, Either deliberately by bad guys or accidentally by people who do not know any better. 

       
      It also comes with Slack, SMS and email alerting for detected rules
       
      Some links to some useful info:
      https://techanarchy.net/blog/hunting-pastebin-with-pastehunter https://techanarchy.net/blog/pastehunter-the-results https://github.com/kevthehermit/pastehunter https://pastehunter.readthedocs.io/en/latest/
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy

  I accept