osint black magic: listen who whispers your name in the dark!!!
TRANSCRIPT
Listen who whispers your name in the dark!!!
OSINT Black Magic:
A Man needs a NameNutan Kumar Panda (@TheOsintGuy)
InfoSec Engineer eBay.inc
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/nkpanda
Real World Existence:
Gamer, Rider, Keyboard Player
A Man needs a NameSudhanshu Chauhan(@Sudhanshu_c)
Director OctoGence Technologies
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/SudhanshuC
Real World Existence:
Avid reader, Cook, traveler
Agenda• What is OSINT?
• Why OSINT?
• Why this weird title?
• What is the biggest problem an organization faces?
• Some recent hacks
• What are the solution available?
• Where our solution stands?
• Demo
• What else can be done with our solution?
• Q/A
What is OSINT?
Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. In contrast to traditional intelligence methods, OSINT utilizes overt channels for gathering information. The added benefit is that there is no direct interaction with the target which substantially reduces the chances of being caught or raising any red flags.
Why OSINT?
• Internet is not limited to Google Searches.• Not even limited to search engines, social media and blogs• Huge number of sensational hacks in recent times
Organizations getting hacked even after using so called "sophisticated" defense mechanisms.
• Basic recon usually ignored during security assessments.• If you SECRET is out there in the open, someone WILL find
it.• It's just data until you leverage it to create intelligence.
Why this weird title?• Tools/Techniques
which are seldom used and are not talked about much.
• Methods used are not new but effective to hear the digital whispers those are generally missed or ignored (but shouldn’t be).
MAJOR PROBLEMS
Sensitive Informatio
n
Hard coded keys in Github
Credential leaks
in Pastebin
0-days sold in darknet
Hack info in micro blog
Corporate email
credentials
Open Bugs or
ports
RECENT HACKS
AVAILABLE SOLUTIONS • Commercial tools that are good but expensive for small
organizations.
• Open source tools but solving individual issues.
• A team of experts for internet monitoring.
OUR SOLUTIONS • Integrating all open source solutions/freeware solutions
into one place.
• Categorized menu for all the essential steps of the process.
• Adding futuristic solutions to make use of technology not just to monitor real time but to make it as sophisticated alarming system.
• Our own ideas and scripts which will help it enhancing the already available solution or the new one to work differently.
ITS SHOW TIME
WHAT ELSE OUR SOLUTION CAN DO?
There are endless possibilities, even we are yet to explore its limits. Any Suggestions?
Greets #FreeHugs
• Raghav Bisht- Configuration and Setup
• Shubham Mittal- Twitter Monitor and suggestions
• Laura Rokita- Get Tweet
• Tim Tomes- Recon-ng
• Troy Hunt- HIBP
And to the whole open source community
References• http://orig03.deviantart.net/919e/f/2012/252/a/7/black_magic_dive_by_firefrank-
d5e6pst.jpg
• http://www.lovesamrat.com/images/black1.jpg
• http://www.zdnet.com/article/stolen-us-government-passwords-leaked-across-web/
• http://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05
• http://thehackernews.com/2015/02/mongodb-database-hacking.html
• http://spellshelp.com/upload/medialibrary/e0b/e0b3bd034aaea1136c9de5f97a364d9d.jpg
• http://www.bestastrosolution.com/images/BlackMagic.jpg
ANY QUERIES?
Thank You
THE END