OSInt; Operational Security Intelligence refers to limiting the amount of information that a company makes known on the internet. You likely arn’t aware of the amount of info anyone tech savvy can gather about your organization. whois gives domain registrar and name servers. SOA gives their start of authority and responsible email address.<\/p>\n\n\n\n
A lot of info can be found using mxtoolbox.com<\/a> MX records lists their mail server and possibly their spam filter. SPF record gives clues as to spam filtering and public IP addresses. <\/p>\n\n\n\n Google search to find the company website and the domain name (the part after www). we will use this later. Record their Facebook and LinkedIn profile names, Street Address, any email addresses, News report with a CEO name.<\/p>\n\n\n\n Visit their website, record “Contact Us” info, employee names<\/p>\n\n\n\n pentest-tools.com <\/p>\n\n\n\n shodan.io Social Media: <\/p>\n\n\n\n External IP of office;
use “Discover Attack Surface” to find endpoints
use “website scanner” on their public website, and their firewall if you know the ip already.<\/p>\n\n\n\n
enter each unique IP Addresses from “Discover Attack Surface” (above) and record the results<\/p>\n\n\n\n
visit Facebook.com and LinkedIn.com and record names of C level management and any email addresses.<\/p>\n\n\n\n
This is a little intrusive so make sure you have a written agreement from management. use CanaryTools<\/a> to generate a Canary Web token. Generate an email to someone that is in the office with the canary token link. Make up a juicy reason to click the link. It may be possible to embed an image in an email with a webbug image, but I havent’ found a site that will do this for free. <\/p>\n\n\n\n