Penetration Testing
Open Source Intelligence - a Pentester's Point of View
This article is designed to help you understand the risks associated with OSINT and how to mitigate them.
Pentesters Point of View: OSINT
In the ever-evolving landscape of cybersecurity, one aspect often overlooked by organizations is the power and risk of Open-Source Intelligence (OSINT). As a Senior Penetration Tester, I’ve witnessed firsthand how OSINT can be the linchpin in the security posture of an organization. OSINT, by definition, involves gathering information from publicly available sources to support intelligence needs. While it’s a boon for researchers and cybersecurity professionals, it’s also a treasure trove for malicious actors.
Recent network and data breach reports, such as those by IBM and Verizon, have highlighted a startling trend: many breaches are not the result of sophisticated exploits but are instead due to malicious actors leveraging OSINT to uncover confidential and sensitive information that is publicly available online. For instance, the 2021 IBM Cost of a Data Breach Report highlighted that human error and misconfigurations, often exploited through OSINT techniques, were significant contributors to data breaches, emphasizing the need for organizations to address these non-technical vulnerabilities.
To put this into perspective for both executives and technical IT employees, let’s delve into key OSINT tools utilized by Redbot Security: Shodan, Censys, Security Trails, DNSdumpster, DeHashed, and ImportYeti, exploring what they find, the risks they pose, and how organizations can mitigate these vulnerabilities.
Shodan and Censys: The Internet's Search Engines for Everything
Shodan and Censys are like Google for internet-connected devices and services. They can find everything from unsecured cameras to databases exposed to the internet. For a malicious actor, these tools can uncover the digital equivalent of an unlocked door.
Impact: An exposed database found via Shodan was implicated in the Exactis data breach, leading to the exposure of nearly 340 million records. This breach wasn’t due to a sophisticated hack but rather the availability of sensitive information through misconfigurations.
Mitigation: Organizations must regularly audit their internet-facing assets using these same tools to identify and secure exposed services before malicious actors exploit them.
Security Trails and DNSdumpster: Mapping the Digital Footprint
Security Trails and DNSdumpster allow users to explore historical and current DNS records, effectively mapping an organization’s internet-facing infrastructure. This information can reveal subdomains, associated IP addresses, and even past security misconfigurations.
Impact: By analyzing DNS data, attackers can identify potential entry points into a network, such as development servers or unpatched systems, that are not intended to be public. The Capital One breach in 2019 is a prime example, where a vulnerable web application firewall was exploited to access over 100 million customer records.
Mitigation: Organizations should regularly monitor their DNS records and digital footprint to ensure only necessary information is exposed and promptly remove or secure any outdated or unnecessary records.
DeHashed: The End of Anonymity
DeHashed is a search engine for leaked credentials, allowing users to find personal information, passwords, and emails associated with a particular domain. This can facilitate targeted phishing attacks or direct unauthorized access attempts.
Impact: The LinkedIn breach, where millions of user credentials were compromised, showed how attackers could use leaked information for further attacks, including password reuse attacks across different services.
Mitigation: Companies must enforce strict password policies, encourage the use of multi-factor authentication, and educate employees about the dangers of password reuse across professional and personal accounts.
ImportYeti: Navigating the Supply Chain
ImportYeti leverages shipping data to reveal an organization’s suppliers and vendors. While it’s designed for market research, it can also highlight dependencies in a company’s supply chain that could be exploited to gain access to their network.
Impact: The SolarWinds breach is a stark reminder of how supply chain vulnerabilities can be exploited to execute widespread espionage campaigns, affecting thousands of organizations.
Mitigation: Organizations need to conduct thorough security assessments of their vendors and incorporate supply chain risk into their overall security strategy. Ensuring vendors adhere to strict security standards can mitigate these risks.
Conclusion
The examples above illustrate that the key to understanding and mitigating the risks associated with OSINT is not solely in the hands of technical exploits but also in the awareness and proactive management of information publicly available online. By utilizing the same OSINT tools that malicious actors might use, organizations can stay one step ahead, identifying and securing vulnerabilities before they can be exploited. It’s a call to action for both executives and IT professionals to foster a culture of security that encompasses not just technical defenses but also information management and operational practices. As the digital landscape continues to evolve, so must our strategies for protecting it.
Citations
About Redbot Security
Contact Redbot Security
Redbot Security is a boutique penetration testing house that helps business identify and eliminate security threats. The Redbot team is a passionate group of cybersecurity experts, some with over 25 years of experience. The senior security engineers employed by Redbot Security are active community members, public speakers, and advocates of developing best-practice security controls.
Related Articles
-
Offensive Security
What is Offensive Security? Discover Offensive Security and learn how... -
What is Social Hacking?
Social hacking is an attack on the human operating system,... -
What You Need to Know About PCI Penetration Testing
A pen test, on the other hand, is a manual... -
What is Penetration Testing (pen-testing)?
Penetration testing (pen-testing) is the art and science of... -
Our Nation Under Attack
The basic necessities of life; water, power and transportation are... -
Manual Penetration Testing – Manual Testing vs Automated Testing
Manual Penetration Testing is essential for critical infrastructure. Scanning... -
What is Penetration Testing & Its Different Types
Manual Penetration Testing is essential for critical infrastructure. Scanning... -
Common cybersecurity issues that are easy to fix
Most companies know that critical vulnerabilities can be resolved simply...
Redbot Social