OSINT a penetration tester's perspective

Penetration Testing

Open Source Intelligence - a Pentester's Point of View

This article is designed to help you understand the risks associated with OSINT and how to mitigate them.

Table of Contents

Pentesters Point of View: OSINT

In the ever-evolving landscape of cybersecurity, one aspect often overlooked by organizations is the power and risk of Open-Source Intelligence (OSINT). As a Senior Penetration Tester, I’ve witnessed firsthand how OSINT can be the linchpin in the security posture of an organization. OSINT, by definition, involves gathering information from publicly available sources to support intelligence needs. While it’s a boon for researchers and cybersecurity professionals, it’s also a treasure trove for malicious actors.

Recent network and data breach reports, such as those by IBM and Verizon, have highlighted a startling trend: many breaches are not the result of sophisticated exploits but are instead due to malicious actors leveraging OSINT to uncover confidential and sensitive information that is publicly available online. For instance, the 2021 IBM Cost of a Data Breach Report highlighted that human error and misconfigurations, often exploited through OSINT techniques, were significant contributors to data breaches, emphasizing the need for organizations to address these non-technical vulnerabilities.

To put this into perspective for both executives and technical IT employees, let’s delve into key OSINT tools utilized by Redbot Security: Shodan, Censys, Security Trails, DNSdumpster, DeHashed, and ImportYeti, exploring what they find, the risks they pose, and how organizations can mitigate these vulnerabilities.

Shodan and Censys: The Internet's Search Engines for Everything

OSINT - Penetration Testing Tools

Shodan and Censys are like Google for internet-connected devices and services. They can find everything from unsecured cameras to databases exposed to the internet. For a malicious actor, these tools can uncover the digital equivalent of an unlocked door.

Impact: An exposed database found via Shodan was implicated in the Exactis data breach, leading to the exposure of nearly 340 million records. This breach wasn’t due to a sophisticated hack but rather the availability of sensitive information through misconfigurations.

Mitigation: Organizations must regularly audit their internet-facing assets using these same tools to identify and secure exposed services before malicious actors exploit them.

Security Trails and DNSdumpster: Mapping the Digital Footprint

OSINT - Pentesting tools

Security Trails and DNSdumpster allow users to explore historical and current DNS records, effectively mapping an organization’s internet-facing infrastructure. This information can reveal subdomains, associated IP addresses, and even past security misconfigurations.

Impact: By analyzing DNS data, attackers can identify potential entry points into a network, such as development servers or unpatched systems, that are not intended to be public. The Capital One breach in 2019 is a prime example, where a vulnerable web application firewall was exploited to access over 100 million customer records.

Mitigation: Organizations should regularly monitor their DNS records and digital footprint to ensure only necessary information is exposed and promptly remove or secure any outdated or unnecessary records.

DeHashed: The End of Anonymity

Open Source Hacking Tools

DeHashed is a search engine for leaked credentials, allowing users to find personal information, passwords, and emails associated with a particular domain. This can facilitate targeted phishing attacks or direct unauthorized access attempts.

Impact: The LinkedIn breach, where millions of user credentials were compromised, showed how attackers could use leaked information for further attacks, including password reuse attacks across different services.

Mitigation: Companies must enforce strict password policies, encourage the use of multi-factor authentication, and educate employees about the dangers of password reuse across professional and personal accounts.

ImportYeti: Navigating the Supply Chain

ImportYeti leverages shipping data to reveal an organization’s suppliers and vendors. While it’s designed for market research, it can also highlight dependencies in a company’s supply chain that could be exploited to gain access to their network.

Impact: The SolarWinds breach is a stark reminder of how supply chain vulnerabilities can be exploited to execute widespread espionage campaigns, affecting thousands of organizations.

Mitigation: Organizations need to conduct thorough security assessments of their vendors and incorporate supply chain risk into their overall security strategy. Ensuring vendors adhere to strict security standards can mitigate these risks.

Conclusion

The examples above illustrate that the key to understanding and mitigating the risks associated with OSINT is not solely in the hands of technical exploits but also in the awareness and proactive management of information publicly available online. By utilizing the same OSINT tools that malicious actors might use, organizations can stay one step ahead, identifying and securing vulnerabilities before they can be exploited. It’s a call to action for both executives and IT professionals to foster a culture of security that encompasses not just technical defenses but also information management and operational practices. As the digital landscape continues to evolve, so must our strategies for protecting it.

Picture of Jordan DeWall, Sr. Penetration Tester at Redbot Security

Jordan DeWall, Sr. Penetration Tester at Redbot Security

Jordan is a highly skilled consultant with over ten years of experience in the IT industry, with a focus on manual penetration testing, red teaming, vulnerability assessments, and forensic analysis. His current consulting role has allowed him to become proficient in
identifying and exploiting vulnerabilities in a wide range of complex systems, networks, and embedded devices.

Jordan enjoys connecting with clients in various industries to provide effective remediation strategies that include actionable recommendations to senior leadership. He strives to be an excellent communicator and critical thinker with a passion for continuous learning and innovation.

Citations

About Redbot Security

Contact Redbot Security

Redbot Security is a boutique penetration testing house that helps business identify and eliminate security threats. The Redbot team is a passionate group of cybersecurity experts, some with over 25 years of experience. The senior security engineers employed by Redbot Security are active community members, public speakers, and advocates of developing best-practice security controls. 

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security

Related Articles

IDOR Fix

Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) vulnerabilities pose a significant risk to the security of web applications, allowing attackers unauthorized access to sensitive data and functionalities. By understanding the implications of IDOR and adopting secure coding practices, web developers can protect their applications and users from potential exploitation.

Read More »
Common Attacks

Microsoft Windows Laptop Security

Malicious actors prey on weak configurations like locusts. Microsoft, despite knowing that their operating systems, have inherent weaknesses have done little to enhance their initial security outside of remediation for publicly known vulnerabilities.

Read More »

Additional Articles
that you may find helpful

Security Management Platform

Cymbiotic is a revolutionary, scalable platform providing unparalleled security management: on-demand testing, secure reporting, and remediation tracking, while also acting as an advanced attack surface management platform ... for every network.

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security
Show Buttons
Hide Buttons