OSINT Analysis

Personal data is the perfect starting point for cyber criminals

Open-Source Intelligence (OSINT) gathers information from published or otherwise publicly available sources. Identifying unintentional leakage of sensitive data through social media networks and other platforms can help you plug the leaks and make it as difficult as possible for potential attackers.

The OSINT Analysis service demonstrates how much information a threat actor can find about an organisation quickly and easily online, without ever touching your system or running any scans

Not hacking, just looking

It is not uncommon for threat actors to use open-source intelligence tools and techniques to discover potential targets and exploit weaknesses in networks. As soon as a vulnerability or a weakness is identified, it can be used to accomplish a breach.

OSINT is often initial reconnaissance for sophisticated social engineering campaigns using smishing, spear-phishing, whaling and vishing against a target. Social engineering campaigns use seemingly innocuous information shared in social networks or blogs to develop compelling campaigns and trick people into compromising their organisation.

The importance of OSINT Analysis becomes apparent when it uncovers weaknesses in your organisation’s user network and helps you to remove sensitive information before it’s used for exploitation.

Methodology

Using our OSINT Framework, the scope can be tailored to each organisation according to specific requirements. Searches utilise specialist tools to uncover the maximum results. Analysis typically includes:

  • Search of the dark web for personal and company data.
  • Search of social platforms including imagery.
  • Assess common TLS/SSL issues.
  • Search of the organisation’s digital footprint for information and metadata.
  • Web search for names, emails, addresses and phone numbers of staff.
  • Search of DNS records and ensure they are configured correctly.
  • Attempt to discover technologies used, e.g., on the website or infrastructure, which would provide a threat actor with useful information.
  • Check for suspicious behaviour of the domain, website, and IP.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
London office

131 Finsbury Pavement
London
EC2A 1NT

CONTACT OUR TEAM

Discover how we’ve helped leading organisations

READ OUR CASE STUDIES