Hi! I’m the blue teamer of the group. I like boot cut jeans, application security, and incident response. I also like to phish.
Open Source Intelligence (or OSINT) is not something I use on a daily basis. Well, at least not in how you would expect it to be used. I was introduced to OSINT back in the early 2000s. I was an Electronics Technician in the Navy and part of my job was to troubleshoot computer issues. During one such session, I was told to checkout Google. An awesome new search engine that was better than Yahoo, Lycos (remember that one!), AltaVista. And thus my power of search was born. That’s it. No special story about getting into OSINT.
Oh you’re still here. Well alright then.
I used Google and OSINT (don’t @ me) all the time to find solutions to technical problems. Drivers were a lot harder to find back in those days. Eventually, it morphed into a gateway into research on people and companies. I could check out people before going on dates. I could research companies I wanted to join. That’s now morphed into research on the latest phishing and malware attacks. I also use it to figure out if an email is a phishing email in the first place. A sales person typically has a LinkedIn account. Sometimes they also have a pretty interesting Instagram account.
Internal and external employees are another area I’ve found OSINT useful. I think everyone knows by now that employers are using OSINT to look at potential hires. Internal people are investigated for doing shady things or not so shady things (sometimes there’s nothing there). OSINT is used on potential acquisitions. It’s also used on third-party applications and services the company may want to use. It’s interesting how much you can determine about a companies security practices just by doing some basic searches.
Finally, I’ve used it in training. I do monthly lunch and learns and quarterly developer training. I’ve shown people how to craft spear phishing emails using OSINT. I’ve freaked my co-workers out by figuring out their middle name, as well as the name of their three sisters. It’s a very broad and useful tool that fits into multiple areas and roles. If you’ve listened to Tazz’s talks on build a threat intelligence program, one of the things she points out is that it’s not a security program. It’s a company program. Finance, human resources, executives, fraud departments can all use it.
That’s what I love about it! The broadness. The depth. The usefulness to everyone.