YOU CAN RUN BUT CAN'T HIDE!

So often, you've heard of the phrase "You can run but can't hide!". But what does that mean in its truest sense? What if I locked myself somewhere faraway - curtains closed and lights out? or what if I decided to travel to an entirely different region; an island, somewhere on the outskirt of the world, someplace totally alien to my existence? Well, you're right! I already gave you an excuse for believing that. And that's probably because you didn't know, or maybe not yet! because that notion is just about to change. It is you that this article is specifically drafted for. In this blog, we're going to cover the fundamentals of open source intelligence (OSINT), and the tools and techniques that can be used to gather and analyze it.

WHAT IS OPEN SOURCE INTELLIGENCE (OSINT)?:

Open source intelligence (OSINT) refers to the collection and analyzation of publicly available information for actionable advantages. These informations could simply be discovered using publicly available data such as informations provided on news medias, industry journals, social media handles, and even receipts of payment disposed recklessly at local coffee shops.

OSINT operations are commonly performed by security professionals, malicious hackers, or state- sanctioned security operatives. Security professionals use osint to identify and remediate weaknesses in friendly networks before being exploited by threat actors who use them for malicious intents.

Osint is crucial in organizations today that security departments are increasingly getting tasked with performing osint operations on their own organizations in order to shore up operational security. These actions aren't limited to the tiresome human-navigations of accessing publicly available information alone, the use of some right osint tools have been made available for performing these operations. These tools can help an organization discover information about their company, employees, IT assets and other confidential data that could be exploited by an attacker in less time. These types of information when discovered by the organization can then be hidden or removed so as to reduce the chances of a bad actor leveraging these information to perform a phising or denial of service attack.

HOW VULNERABLE ARE YOU?

Humans will forever remain vulnerable to OSINT operations as long as they remain connected to the internet in one way or the other. You necessarily don't need to have a social media account for a successful osint operation to be performed against you. The simple fact that you have someone using one is enough vulnerability on your path. Simply put, people heavily connected to the internet risk a better chance of being easily discovered than those less connected. Osint operations makes it easier for intelliegnce agencies to trace everywhere you move. And I know what you may be thinking right now! that you could easily turn off your GPS and that makes you anonymous. The answer is "NO!". Turning off your GPS doesn't keep you from being tracked. You have to turn your phone off entirely shutting you out of the internet and the world at large, because your phone have to connect to a cell tower as long it remains powered on even when your GPS is turned off. And these cell towers are giving away your location.

A good OSINT operation performed will definitely lead the performer straigth to you. You can't possibly avoid OSINT scans entirely, you can only reduce your chances of getting discovered. The only way to avoid these OSINT operations is by living a recluse life in a cave with no friend nor family, totally disconnected from the internet(here, I mean also the use of cellphones generally.)

OSINT TOOLS

Following are some of the top tools used for OSINT operations and a brief information about what arears they specialize in:

1. Maltego: This tool specializes in uncovering relationships among people, companies, domains and publicly accessible information on the internet. It's also known for taking the sometimes enormous amount of discovered information and plotting it out in easy-to-read charts and graphs. The graphs do a good job of taking raw intelligence and making it actionable, and each graph can have up to 10,000 data points.

2. Spiderfoot: This is a free Osint reconnaissnace tool that integrates with multiple data sources to gather and analyze IP addresses, CIDR ranges, domains and subdomains, email addresses, phone numbers, names and usernames, BTC addresses, etc. Spiderfoot comes with both a command-line interface and an embedded web-server for providing an intuitive web-based graphical user interface. Spiderfoot is available on github.

3. Spyse: Spyse describes itself as the "most complete internet assets registry" geared toward cybersecurity professionals. Spyse collects publicly avalable data on websites, their owners, associated servers, and IOT devices. This data is then analyzed by Spyse engine to spot any security risks in, and connections between these difficult entities.

4. BuiltWith: As the name implies, Builtwith lets you find out what popular websites are built with. Different tech stacks and platforms power different sites. Builtwith can, for example, detect whether a website is using wordpress,Joomla or Drupal as its CMS and provide further details.

Builthwith also generates a neat list of known Javascript/CSS libraries that a website uses. Further, the services provides a list of plugins installed on the websites, frameworks, server information, analytics and tracking information, etc. Builtwith can be used for reconnaissance purposes.

5. Osint framework: The OSINT framework focuses on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost. Thanks for reading!