The main aim of writing this blog is to making people various use cases of OSINT in various fields of cybersecurity
As we have already learned about OSINT, so let’s not repeat those terms again and directly discuss about the importance of OSINT in different fields of cybersecurity.
OSINT is a very growing and ever changing field, so maybe if i mention a name of a OSINT tool may stop working, so don’t just learn about the tools that we use, but instead try to learn how the tool works, how can we make it more effective, why are we using this instead of any other, asking yourself questions like this will help you in long run.
Use Cases in different fields of Cybersecurity
- Threat Intelligence —
Threat Intelligence is the evidence based information that is organized and analyzed for getting some useful conclusion. Here, we use OSINT for finding information about IoC(Indicator of Compromise). Let’s understand with a real world example.
An employee downloaded a unknown file which he received from a phishing email. Now, as usual the SOC analysts would be investigating this incident but how will they try to find out who’s behind this attack. Here comes the role of OSINT, for finding information about the attacker and the IoC(the unknown file) too.
- Social Engineering Mitigation -
Social Engineering is usually refers to all techniques aimed at manipulating the victim itself to reveal sensitive information while talking, chatting, or via any other medium as per our need. Here, we generally use OSINT to perform background checks about the individuals or organizations.
Imagine you receive a email from a unknown person of winning an IPhone and asking to claim your prize by clicking on a link and entering your details in the form. Here, if we just try to do some background check about the sender, in most of the cases, these are usually mass phishing campaigns, so by just doing google search of the email, you will see that already many people have reported that as fraud or scam.
Think of a another case scenario, where your friend created a new fake social media account and tries to do prank with you, but you just perform some background check and came to know the truth, other failed attempt.
- Vulnerability Assesment -
Vulnerability assesment refers to the process of identifying vulnerabilities and assigning them a severity level based on some factors in a company’s infrastructure.
Here, we use OSINT for Recon(gathering information about organization’s systems, networks, software applications), for asset discovery(identifying all publicly exposed assets), for CVE research and for customized scanning.
Imagine your friend is a bug hunter, he found out a subdomain of a website is vulnerable to CVE as it was identified by a automated scanner, but he don’t have knowledge about the CVE, so what will he do? He will do CVE research using OISNT.
Imagine another scenrio, your friend has been called for blackbox testing(a kind of penetration testing where no information is shared with pentester), so what will he do? He will be using OSINT for gathering information about company, their systems, networks, website, etc.
- Incident Response -
Incident Response is a process in which a organization handles a security incident maybe a data breach or a cyberattack.
Here, we use OSINT for finding out who’s the behind attack, where the data has been leaked, who leaked, basically we use OSINT for finding out answers of the basic questions so they can decide what steps they should take to mitigate and remediate the risks.
Imagine, you are working as a incident handler in a company, you received an email from your boss that a researcher reported that someone’s selling your company customer databases in some hacking groups. How will you will you be investigating this?
You will be using OSINT for first checking if the database has not been exposed yet, then you will try to find out the seller and other required data as per your company policies.
- Competitive Intelligence -
Competitive Intelligence refers to the ability collect, analyze and use informatoin collection about your competitors. Here, OSINT is used to discover cybersecurity practices followed by the competitors and loopholes and vulnerabilites found in their bussiniesss. These are later on fixed in own bussiness and generally used as a feature to show themeselves better than others,
Ever noticed how much companies uses security features in their ads by adopting to the newest security first in the market.
- Reputation Management -
Reputation Management refers to the practice of maintaining good reputation of themselves in the market. It also includes staying good in the eyes of stakeholders and other authorities. Here, OSINT is used to find negative reviews and feedbacks about the organizations, correcting them in their next releases. It also helps in maintaining their privacy and other regulatory requirements.
- Compliance and Regulatory Requirements -
I guess this point needs no introduction. Its pretty simple, here, OSINT is used to meet compliance and regulatory requirements of a organization.
That’s it for this blog. In upcoming blog, we will be learning about how to setup your environment for OSINT.
If i missed something, let me know, so we can cover that topic or point in upcoming blogs.