The main aim of writing this blog is to making people familiar with active and passive OSINT.
Before we start learning about real life use cases of OSINT in cybersecurity. It’s important to first learn about Active and Passive OSINT.
The OSINT Approaches
Generally we consider two types of approaches, that are Active and Passive OSINT. This classification has been on the basis of how we collect the data in both the approaches.
- Passive OSINT —
Here, we collective the information from passive sources i.e without doing any interaction with your target. The main motive of using this approach is that your victim should be having any idea that you are gathering information about them. Here, we even don’t even use sock puppet accounts for interaction.
A passive approach mainly incudes the following -
- Searching the target’s username using username check which don’t notify the victim
- Using tools which use sources where the user doesn’t receives any notification or update
- Searching target’s data in data leaks
- Exploring the victim profile but without interaction
Note — These are the common techniques but passive approach is not limited to just these techniques.
2. Active OSINT -
Here we collect information from all sources, and using our sock accounts we are able to interact with the targets social media accounts. In case of a mistake, the target will only be notified of our sock puppet account and not our actual, real, social media accounts. Before starting an OSINT investigation you should consider your ethical and legal boundaries that may prohibit you from utilizing certain tools and techniques.
A active approach mainly includes the following -
- Connecting to your target on social media websites
- using any tool which have chances of notifying the target
- Using automation tools for scrapping
Note — Again, these are just commonly used techniques and Active OSINT is not just limited to these techniques.
When to Use What?
Now, many of you may be having this doubt, that how do we came to know if we shall use Active OSINT Or Passive OSINT?
The answer is pretty simple, if its ok for your or your client if the target came to know that someone is doing investigation about them, then you should follow Active OSINT. But, if it’s not ok for you or your client to notify the target, then you shall follow Passive OSINT. Now, Let’s understand this with a real life example.
If I would have been investigation about a scammer, cybercriminals, i would be using Passive OSINT as i never want that he should came to know that i am investigating about him/her.
Similarly, if i would have been investigating about a company on behalf of their higher officials as a part of Pentesting or any cybersecurity activity, i would be using Active OSINT as my client wouldn’t be having any issues in this in most of the cases.
Now, many of you may be having a doubt in mind, why do we need this approaches ?
The answer to this is, sometime what happens is if we are doing investigation about someone, and if he would get any alert that someone is investigating about him, he would surely be trying to delete, hide or manipulate the information and in order to avoid this situation, we should always pay attention to what approach we shall use in the process.
That’s it for this blog. In upcoming blog, we will be learning about use cases of OSINT in real life along with examples.
If i missed something, let me know, so we can cover that topic or point in upcoming blogs.