OSINT: The What, The Why and The How


The What

OSINT or Open Source Intelligence is the collection and analysis of public or overtly available data of a Person, Group, or Organization. It was first introduced during World War II and was actively used by many agencies. At present, OSINT is the combination of overt digital data as well as physical data. OSINT is actively used by Governmental Departments, Law Enforcement, Business Corporations. Another term that is more commonly known in the Cyber Security field is Reconnaissance.


The Why

The need for OSINT has increased significantly over the years. People’s Activities have increased 10 times and more data is being poured into the Internet everyday. National and International Law Agencies use OSINT to gather Intel on Criminals and their Activities, monitoring Terrorist activities and passive mapping of the Intelligence. Companies do OSINT to understand their “Attack Surface” and will work towards minimizing it and also used to determine the posture of other Organisations. Attackers and Penetration Testers do OSINT to understand the Organization and if they have any exploitable weaknesses.
There are also Organizations like Tracelabs or NCPTF (National Child Protection Task Force) that actively use OSINT to help Law Enforcement collect Intelligence on Missing Persons.


The How

OSINT does not follow a linear methodology, but it depends on a multitude of factors like, your purpose of research, your target, your goal, and what exactly are you trying to find. Information Gathering can be categorized as


Our initial priority would be to collect overt data of our Target and convert it into Information. It should include all the basic details such as:


This collected data is the Information of the Target.

This information can actively be used to narrow down to intelligence by pivoting to a new source of information, to build a deeper intelligence profile while connecting the dots. Any assumptions made should be validated for Intelligence.

All collected information should be made into a report with screenshots if you’re doing it as a part of a Penetration Test and should include the Five W’s: Who conducted the analysis/ Who was it about. What was found? Why was it Conducted? Where was the object found? And When? Date and Time.


The General Process:


Final Thoughts

OSINT is a great start when getting into Cyber Security as it allows for that Analytical thinking that is needed for Penetration Testing. It is also a much-needed part of the Intelligence Cycle. One of the key benefits of OSINT is that it involves minimal to no financial investments, so anyone can OSINT.


Blog by: Argonyte [@argonyte]