OSINT FUNDAMENTALS A WEAPON FOR HACKERS
https://t.me/pdcsadmin
OSINT Fundamentals
Created By: @pdcsadmin
Module 1: Introduction
Lesson 1.1 : Introduction
Skills Learned From This Lesson: OSINT Introduction
● Instructor: https://t.me/pdcsadmin
● Course Overview
○ What is it? Types? Who uses it?
○ OSINT Cycle, Tools, Techniques
○ Sock Puppet
○ Defence (OPSEC) and “answering the phone” example
● Prerequisites
○ Familiar with technical terms
○ Computer/Smartphone + Internet
○ Curiosity and Imagination
● Why should you take this course?
○ Knowledge
■ If you like to learn new and exciting things and you are already involved
with Cyber Security then you are on the right track. Expand your expertise
and advance your Cyber Security career with the usage of OSINT. While
using different OSINT techniques you are expanding your way of thinking
and your imagination.
○ Protection
■ Learn to protect yourself and your organisation because all the
information and data that you can find via OSINT tools, the bad guys
could also do it and use those findings against you.
○ Fun
■ I have to tell you the truth – OSINT is a real fun ride, but at the same time
it is quite scary. People write, share, record, send enormous amounts of
data and most of the times without even knowing that they are doing it
and all of that data is publicly available. Also one of the reasons is the
lack of awareness and the feeling of false security. Here is where you
come to play and enhance the overall cybersecurity posture of a person
or an organisation, and have fun along the way.
Lesson 1.2 : Disclaimer
Skills Learned From This Lesson: Disclaimer
● The usage of any information or materials of this course is entirely at your own risk. For
which, me/we, shall not be liable.
Module 2: OSINT Beginning
Lesson 2.1 : What is OSINT?
Skills Learned From This Lesson: OSINT definition
● What is OSINT?
○ Wikipedia: Open-source intelligence (OSINT) is data collected from publicly
available sources to be used in an intelligence context.
○ US DoD: “produced from publicly available information that is collected,
exploited, and disseminated in a timely manner to an appropriate audience for
the purpose of addressing a specific intelligence requirement.”
● Open does not mean free and it is not related to open-source software.
● Open references to overt - not covert
● Information is everywhere - where?
○ The internet (SurfaceWeb-DeepWeb-DarkWeb)
○ Traditional mass media (e.g. television, newspapers, radio)
○ Books, Journals, Conferences, Annual Reports, Publications, Profiles, Stickers
(Baby on Board example)
○ Photo/Video metadata
○ GeoInformation
click here to join our channel : https://t.me/joinchat/AAAAAFkAy8AlA1ugy6YwLg
Lesson 2.2 : Types of OSINT
Skills Learned From This Lesson: OSINT, Offensive, Defensive, Gray literature
● Types of OSINT
○ When we talk about types of OSINT, it could be divided into two things offensive
and defensive OSINT:
○ Offensive: the bad guys gather and learn about the target before the attack.
○ Defensive: this gives inside info and potential attacks it happens so you can
make informed decisions based on that info. Learning about attacks against the
company.
○ Both of these OSINT types gives opportunities to both the defender and the
attacker. Also for both sides, preparation is paramount.
○ For an example, you have a company and you can learn the basics of your
company and actually fix them but at the same time the weakness could be
exploited by the bad guys. Many companies might think they have only tutorial
documents that are shared online to be read okay. Sharing can be easily found
by internet searches or searches through the trash.
○ Gray literature includes, technical reports, working papers, white papers,
newsletters, business reports, request for proposal. These are some of the
reasome pentesting is very important for an organization or a company.
Lesson 2.3 : Who uses OSINT?
Skills Learned From This Lesson: OSINT
● The following uses OSINT
○ Government
○ Agencies
○ Military
○ Customers/Clients
○ Machines a.k.a. Algorithms (Notre Dame fire fake news via YouTube)
○ Employers/Recruiters
○ Journalists
○ Travelers
○ Marketing people
○ Dating partners
○ Corporation
○ Private investigators
○ Others
Lesson 3.1 : The OSINT Cycle
Skills Learned From This Lesson: OSINT Cycle
○ The OSINT Intelligence Cycle is the process of developing raw information into
finished intelligence for any decision or policymakers to use in their decision
making and to be able to take appropriate further actions based on those
findings.
○ Five steps of OSINT cycling consists of:
■ Planning
■ Gathering
■ Analysis
■ Dissemination
■ Feedback
● Planning:
○ Clearly defined what you are looking for
○ What kind of information do you wish to gather about your target
○ The purpose of your investigations
○ Types of tools or methods to use for the investigation. For example using internet
tools or going to the library.
○ Planning also consists of:
■ identifying,
■ prioritizing,
■ validating intelligent requirements,
■ translating those requirements to observables,
■ preparing collection plans,
■ issuing request for information collection,
■ production dissemination and continuously monitoring the availability of
collected data.
● Gathering
○ OSINT gathering is only limited by imagination. You can take any number of tools
out there. Some are free and others are paid version. The easiest way to start is
to search the internet or perform some google dorking.
● Analyzing
○ This involves validating the gathered information and making it usable is very
important.
● Dissemination
○ Includes convince of intelligent to consumer in a usable form. Basically for
reporting. Intelligent can be provided to the consumer in a wide range of format
including, variable reports, written report, etc. Dissemination can be
accomplished through physical exchanging of data and through inter connected
data and communications network. Dissemination reports should also be peered
reviewed from independent colleagues in the same field of research who have
not participated in the conduct of the study. The peer review process of the
completed report will ensure proximity and increase the likelihood of valid and
reliable report. Dissemination plan should be developed prior to the completion of
the study.
● Feedback
○ These involves getting feedback from the customers or clients. And is the data
you provide with accurate, readably, comprehensively, and to learn how to better
serve your goals and means of going forward. This is also the final confirmation
of your investigations.
Lesson 3.2 : Tools and Techniques
Skills Learned From This Lesson: OSINT tools and Techniques
● Tools and Techniques
○ Dedicated computer with a VPN
○ Search Engines: Google Dorking is basically an advanced search function that
makes a query on the search engine. Google Dorking queries are based on the
search operators used OSINT guys, IT professionals and hackers on a daily
basis to conduct their work.
○ Learn python
■ It's great to learn python because most of the tools are written in python.
○ osintframework.com
■ OSINT framework focused on gathering information from free tools or
resources.
○ Kali Linux (USB with Persistent option or virtual machine)
■ Kali is mostly used by penetration testers
○ Shodan.io
■ Is used for finding fingerprint of connected devices. It's a gold mine for
researchers
○ Maltego
■ Is an OSINT tool from Paterva which is included in the Kali Linux
operating system. It's a great tool used to virtualize your findings. It’s also
used to find correlational relationships between names, email addresses,
aliases, domain,groups, companies, organizations, websites, operating
systems, etc
○ Recon-ng
■ Is used to perform reconnaissance on the target. Its has a lot of modules
and its usage is similar to metasploit. Lot of it modules uses API.
○ The Harvester
■ Is used to perform reconnaissance. It uses several sources of information
to gather results and helps to determine the company's perimeter. It
gathers emails, subdomains, IPs and URLs.
○ Sublist3r
■ Is a python tool used to enumerate subdomains of websites using OSINT.
It enumerate subdomains using many search engines such as google,
bing, yahoo, and many more.
Share To Your Friends And Learn Together With Us
For Learning Hacking And Python Tutorials, Join Our Hacking And Python Tutorials Channel From Below Link