What is OSINT ?
OSINT means Open-Source Intelligence. It is a set of tools that are available for everyone and everywhere.
OSINT is used in many different areas such as:
- Cyber Threat Intelligence
- Human Intelligence
- Political Intelligence
- Journalist Intelligence
- And others.
OSINT allows to collect any type of data available online and analyze it. The OSINT cycle is:
- Data collection
- Data Analysis
- Report (Documentation and Recommendations)
The OSINT Report depends on which area you are using OSINT. For example in Cyber Threat Intelligence (Why do we need a Cyber Threat Intelligence? – osintafrica), OSINT report can be writing following one of the models CYBER KILL CHAIN or The Diamond Model of Intrusion Analysis, more details about the models can be found here Three attacks frameworks that Cyber Security members should know osintafrica.
OSINT framework tools are available and easy to find online.
Some of them are:
Advantages of using OSINT:
OSINT has many advantages such as many applications are free and accessible online, data available anywhere but the most important for us, are the following:
- Detect Threats
- Vulnerabilities
- Information lookup
- Data breached identification
Anything that has advantages, has inconveniences as well.
OSINT does have some.
OSINT Inconveniences:
Data can be query by anyone online
PII data accessible online
Vulnerability and threats are identifiable online
Data breached data are accessible on different platform (Dark Web, Hacking forum , OSINT tools and others ..).
OSINT tools can be vectors of attack.
The privacy concerning OSINT , the privacy concerns is quite similar to GDPR regulation requirements, such as collecting only information related to your investigation, having authorization to collect the data (PII or IP) and others.
OSINT is very useful, like said before, the tools are available for anyone to use. You can start using it by looking up some information related to your self. Do not forget about Privacy related to OSINT.
Bangaly Koita is a SOC Analyst and Cyber Security researcher . As a passionate in cyber security, he spends most of the time writing articles and making videos online to share his knowledge and experience to the vast community of IT but in general Cyber Security. Feel free to contact me in case.
