Blackmagic Open Source Intelligence OSINT

Listen who whispers your name in the dark!!!

OSINT Black Magic:

A Man needs a NameNutan Kumar Panda (@TheOsintGuy)

InfoSec Engineer eBay.inc

OSINT Enthusiast

Co-Author: Hacking Web Intelligence

https://github.com/nkpanda

Real World Existence:

Gamer, Rider, Keyboard Player

A Man needs a NameSudhanshu Chauhan(@Sudhanshu_c)

Director OctoGence Technologies

OSINT Enthusiast

Co-Author: Hacking Web Intelligence

https://github.com/SudhanshuC

Real World Existence:

Avid reader, Cook, traveler

Agenda• What is OSINT?

• Why OSINT?

• Why this weird title?

• What is the biggest problem an organization faces?

• Some recent hacks

• What are the solution available?

• Where our solution stands?

• Demo

• What else can be done with our solution?

• Q/A

What is OSINT?

Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.

Why OSINT?

• Internet is not limited to Google Searches.• Not even limited to search engines, social media and blogs• Huge number of sensational hacks in recent times

Organizations getting hacked even after using so called "sophisticated" defense mechanisms.

• Basic recon usually ignored during security assessments.• If you SECRET is out there in the open, someone WILL find

it.• It's just data until you leverage it to create intelligence.

Why this weird title?• Tools/Techniques

which are seldom used and are not talked about much.

• Methods used are not new but effective to hear the digital whispers those are generally missed or ignored (but shouldn’t be).

MAJOR PROBLEMS

Sensitive Informatio

n

Hard coded keys in Github

Credential leaks

in Pastebin

0-days sold in darknet

Hack info in micro blog

Corporate email

credentials

Open Bugs or

ports

RECENT HACKS

AVAILABLE SOLUTIONS • Commercial tools that are good but expensive for small

organizations.

• Open source tools but solving individual issues.

• A team of experts for internet monitoring.

OUR SOLUTIONS • Integrating all open source solutions/freeware solutions

into one place.

• Categorized menu for all the essential steps of the process.

• Adding futuristic solutions to make use of technology not just to monitor real time but to make it as sophisticated alarming system.

• Our own ideas and scripts which will help it enhancing the already available solution or the new one to work differently.

ITS SHOW TIME

WHAT ELSE OUR SOLUTION CAN DO?

There are endless possibilities, even we are yet to explore its limits. Any Suggestions?

Greets #FreeHugs

• Raghav Bisht- Configuration and Setup

• Shubham Mittal- Twitter Monitor and suggestions

• Laura Rokita- Get Tweet

• Tim Tomes- Recon-ng

• Troy Hunt- HIBP

And to the whole open source community

References• http://orig03.deviantart.net/919e/f/2012/252/a/7/black_magic_dive_by_firefrank-

d5e6pst.jpg

• http://www.lovesamrat.com/images/black1.jpg

• http://www.zdnet.com/article/stolen-us-government-passwords-leaked-across-web/

• http://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05

• http://thehackernews.com/2015/02/mongodb-database-hacking.html

• http://spellshelp.com/upload/medialibrary/e0b/e0b3bd034aaea1136c9de5f97a364d9d.jpg

• http://www.bestastrosolution.com/images/BlackMagic.jpg

ANY QUERIES?

Thank You

THE END