OSINT Analysis

Personal data is the perfect starting point for cyber criminals

Open-Source Intelligence (OSINT) gathers information from published or otherwise publicly available sources. Identifying unintentional leakage of sensitive data through social media networks and other platforms can help you plug the leaks and make it as difficult as possible for potential attackers.

The OSINT Analysis service demonstrates how much information a threat actor can find about an organisation quickly and easily online, without ever touching your system or running any scans

Not hacking, just looking

It is not uncommon for threat actors to use open-source intelligence tools and techniques to discover potential targets and exploit weaknesses in networks. As soon as a vulnerability or a weakness is identified, it can be used to accomplish a breach.

OSINT is often initial reconnaissance for sophisticated social engineering campaigns using smishing, spear-phishing, whaling and vishing against a target. Social engineering campaigns use seemingly innocuous information shared in social networks or blogs to develop compelling campaigns and trick people into compromising their organisation.

The importance of OSINT Analysis becomes apparent when it uncovers weaknesses in your organisation’s user network and helps you to remove sensitive information before it’s used for exploitation.

Methodology

Using our OSINT Framework, the scope can be tailored to each organisation according to specific requirements. Searches utilise specialist tools to uncover the maximum results. Analysis typically includes:

  • Search of the dark web for personal and company data.
  • Search of social platforms including imagery.
  • Assess common TLS/SSL issues.
  • Search of the organisation’s digital footprint for information and metadata.
  • Web search for names, emails, addresses and phone numbers of staff.
  • Search of DNS records and ensure they are configured correctly.
  • Attempt to discover technologies used, e.g., on the website or infrastructure, which would provide a threat actor with useful information.
  • Check for suspicious behaviour of the domain, website, and IP.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
London office

131 Finsbury Pavement
London
EC2A 1NT

CONTACT OUR TEAM

Discover how we’ve helped leading organisations

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Overview of Pulsar Group's platform

CASE STUDY

Friendly people, unfriendly projects: Pulsar Group’s pen testing journey

Learn how Cognisys’ penetration testing services and SmartView portal helped Pulsar Group manage their security assessments more efficiently.

EarthID team celebrating with an award for their cyber security achievements

CASE STUDY

Enabling EarthID to achieve highest standard of cyber security

Learn how EarthID’s identity platform became secure with our penetration testing services.