OSINT Analysis

Open-Source Intelligence (OSINT) gathers information from published or otherwise publicly available sources. Identifying unintentional leakage of sensitive data through social media networks and other platforms can help you plug the leaks and make it as difficult as possible for potential attackers.

The OSINT Analysis service demonstrates how much information a threat actor can find about an organisation quickly and easily online, without ever touching your system or running any scans.

Information discovered may include the exposure of data, breached work email credentials, personal staff data and other useful identity information.

Your public data footprint is probably much bigger than you think, you can access electoral registers and telephone numbers through a regular web browser.

Companies House stores company data, including officers’ data. Company websites often display hierarchical team structures. Platforms such as Facebook, Instagram, LinkedIn, TikTok and X hold personal data on individuals, including friends, interests, hobbies, activities, pictures and events.

Using our OSINT Framework, the scope can be tailored to each organisation according to specific requirements. Searches utilise specialist tools to uncover the maximum results. Analysis typically includes:

• Search of the dark web for personal and company data.
• Search of social platforms including imagery.
• Assess common TLS/SSL issues.
• Search of the organisation’s digital footprint for information and metadata.
• Web search for names, emails, addresses and phone numbers of staff.
• Search of DNS records and ensure they are configured correctly.
• Attempt to discover technologies used, e.g., on the website or infrastructure, which would provide a threat actor with useful information.
• Check for suspicious behaviour of the domain, website, and IP.

Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises: an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

As ‘Bring Your Own Device’ or BYOD rises in popularity, with more than two-thirds of us using a personal device at work, it’s important for businesses to understand the security risk that this can pose.

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.