Jump to content
OpenSecurity.global

Search the Community

Showing results for tags 'osint'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cybersecurity
    • General Discussion
    • Questions
    • TLP Rainbow
    • Vulnerabilities
  • Dataleaks
    • Publicly disclosed
    • In flight remediation process
  • OpenSecurity.global
  • Privacy's General Discussion
  • Weird malware samples's -- discussion
  • Video game nasties's games games games
  • The Authenticationverse's Topics
  • The Podcast Club's Podcast Discussion
  • Conferences's BlackHat/Defcon/BSidesLV 2019
  • Conferences's CCC
  • Conferences's BSides Conferences
  • Conferences's UK Conferences
  • Conferences's EU Conferences
  • Open Source Intelligence (OSINT)'s OSINT Tools
  • Open Source Intelligence (OSINT)'s Techniques
  • Open Source Intelligence (OSINT)'s War Stories
  • Memes and Shitposting's Meme Safari
  • Reverse Engineering's Discussion
  • Exploit Development's Exploit Dev Chat
  • Security Research's General Discussion
  • Security Research's Weekly Questions
  • Irish Infosec's MeetUps
  • Irish Infosec's Only_In_Ireland
  • Irish Infosec's General Irish Chat
  • Live In a Simulation?'s Arguments for simulation
  • Cyber pets's CYBER PETS FROM THE FUTURE
  • Pond Diplomacy's Topics
  • Blue Team Club's Topics
  • Red Team Club's Topics
  • Pop Culture's Discuss Amazon's The Boys
  • Pop Culture's Disney’s The Lyin King
  • Pop Culture's Free For All
  • Mentoring's Conference Speaking
  • Mentoring's Career Progression
  • Careers's We're Hiring!
  • Careers's I'm Looking!
  • Careers's I want to break in!
  • Careers's CV Help or Career Guidance
  • DFIR's Tools
  • DFIR's General DFIR
  • Incident Response's Incident Response playbooks
  • Login Abuse and ATO Fraud detection/Mitigation techniques.'s Login Abuse and ATO Fraud detection/Mitigation techniques.
  • Yorkshire (UK) InfoSec's Misc Topics
  • Yorkshire (UK) InfoSec's Leeds
  • Yorkshire (UK) InfoSec's Sheffield
  • Colorado InfoSec's Meetups
  • Social Engineering's General SE Fun
  • Social Engineering's Defense
  • Social Engineering's Attacker Techniques
  • GET OFF MY LAWN!'s General Chat
  • Memory Forensics's Tools of the trade
  • Memory Forensics's Techniques
  • Memory Forensics's War Stories
  • Memory Forensics's Research
  • Memory Forensics's Resources
  • Appsec's Topics
  • Washington InfoSec's Security Conferences in or near Washington
  • Intelligence Monitoring Operations's Tradecraft (Tactics + Techniques)
  • Intelligence Monitoring Operations's Monitoring Strategies
  • Intelligence Monitoring Operations's Personas & OPSEC
  • Intelligence Monitoring Operations's Data Breach Leaks

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 5 results

  1. OSINT Tools collections: Verification Toolset : https://start.me/p/ZGAzN7/verification-toolset Mapping & Monitoring : https://start.me/p/7k4BnY/mapping-monitoring Tools: https://start.me/p/Wrrzk0/tools Search Engines: https://start.me/p/b56G5Q/search-engines Social Media Dashboard : https://start.me/p/m6MbeM/social-media-intelligence-dashboard Threat Intel, OSINT and malware investigation resources : https://start.me/p/rxRbpo/ti AML Toolbox : https://start.me/p/rxeRqr/aml-toolbox Technisette collection : https://start.me/p/wMdQMQ/tools Ph055a collection : https://github.com/Ph055a/OSINT-Collection
  2. Hey folks, I'm sure that everyone in this club can agree that OSINT can be a very powerful force-multiplier in infosec, but how do ya'll manage the collection of OSINT? Specifically, is the collection effort indexed and evaluated in a way that infosec teams (whether SMB or major-enterprise level) can go back and look at the efficacy, integrity, and veracity of said collection effort? Do ya'll use frameworks such as the Admiralty System to evaluated OSINT data?
  3. Hello OSINT fam 💜 What’s the most valuable advice you’ve received regarding separation of investigations? Mine was: 1. Create a new virtual machine for every investigation (also shared within IntelTechniques’ How To videos) 2. Use VPNs 3. Don’t overuse the same alias, and in some situations use new ones per engagement Cheers
  4. Its a tool I created almost 2 years ago, but its still finding sensitive data being posted to pastebin and other sites, Either deliberately by bad guys or accidentally by people who do not know any better. It also comes with Slack, SMS and email alerting for detected rules Some links to some useful info: https://techanarchy.net/blog/hunting-pastebin-with-pastehunter https://techanarchy.net/blog/pastehunter-the-results https://github.com/kevthehermit/pastehunter https://pastehunter.readthedocs.io/en/latest/
  5. Actual Job Posting BTW in Dublin, Ireland so when it comes to fast intelligence gathering of a company its pretty straight forward, there Security team may have "AMAZING" OPSEC (operational security) but every company have one huge issue, and that is how they recruit new people whether by internal HR departments or by hired recruiting teams. These teams need to display the required skills which both unfortunately and fortunately mean a lot of details are put up regarding systems and infrastructure. Bellow is a posting for a IT Onsite Deskside Engineer for a prominent company who has a heavy hand in Information security (NO I WONT DROP THE NAME) But from this post we can clearly see some very important details, some of which I have marked in Yellow and list them with reasons bellow. 1 - Dublin = we now have the location to look for when attacking these systems 2 - Datacenter Equipment = so they are running a large network or possible a WAN based network 3 - Win 7 and Win 10 = Ok so we know what OS we will be looking at 4 - MS Office = so we know if we are sending a phishing campaign we know what document type that will be normal to them 5 - Desktops/Printers/Handhelds = Now we know they have multiple different devices belonging to the company in the location. 6 - Active directory = well we know they defiantly have a Target Goal on site 7 - SMS/WebEX/LiveMeeting = ok now we have services we can use to spear phish with 8 - Handheld = Blackberry, Andriod and IOS = now we know the attack surface for the mobile devices for making malicious apps 9 - A+, CCNA, MCTS = we now know the skill level required, windows based servers being used and with the CCNA required there is a high chance they are using Cisco based systems 10 - Experience / Degree = now we know the base level of education/experience the team maybe working with So I know there is a lot more here, but as I said above QUICK post above. So now we have some solid intelligence to hand over to our RedTeam or for us to build our own attack vectors. so I hope this quick write up will give you a few ideas, if you need advice or have any questions regarding the above post feel free to ask, im happy to answer them 🙂
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy