OSINT Fundamentals Lecture Notes

Jul 22, 2024

Open Source Intelligence (OSINT) Fundamentals Lecture Notes

Instructor: Heath Adams

Quick Introduction

  • Name: Heath Adams
  • Roles: Husband, hacker, teacher, gamer, sports fan, business owner (CEO at TCM Security), and owner of various animals.
  • Business: TCM Security (Cybersecurity consulting firm and educational resource specializing in consulting, risk assessments, and ethical hacking).
  • Social Media: Available on LinkedIn, Twitter, Twitch, YouTube (full courses on ethical hacking, etc.). Websites: Business - tcm-sec.com, Academy, and Certifications.

Course Structure

  • Duration: First 4.5 hours of a 9-hour course on OSINT Fundamentals

Curriculum Overview

  1. What is Open Source Intelligence (OSINT)?
  2. Note Keeping
  3. Creation of Sock Puppets
  4. Types of Open Source Intelligence
    • Search Engine OSINT
    • Image OSINT
    • Email OSINT
    • Password OSINT
    • Username OSINT
    • People OSINT
    • Social Media OSINT
  5. Second Half of the Course (not covered in this session)
    • Website OSINT
    • Business OSINT
    • Wireless OSINT
    • Lab work using Linux, OSINT tools, and automation
    • OSINT frameworks, report writing, course challenge, and additional resources

Important Disclaimer

  • Ethical Use: Use the techniques learned only for ethical purposes.
  • Legal Considerations: Proceed only when legally authorized to do so.

Key Concepts of OSINT

Definition of OSINT

  • Open Source Intelligence (OSINT): Gathering information from publicly available sources.
  • Methodologies: Various techniques to gather information about individuals, organizations, etc.

Intelligence Life Cycle

  1. Planning and Direction: Who, what, when, where, why?
  2. Collection: Gathering information using methodologies.
  3. Processing and Exploitation: Interpreting gathered data.
  4. Analysis and Production: Analyzing data points and summarizing findings.
  5. Dissemination: Presenting findings to clients or stakeholders.

Note Keeping

  • Importance: Essential for organizing and retaining information.
  • Tools:
    • Visual Tools: KeepNote, Notion (examples given), CherryTree, OneNote, Joplin.
    • Screenshot Tools: GreenShot (Windows), FlameShot (Linux and Mac).

Sock Puppets

  • Definition: Fake accounts or alternate identities used for research without drawing attention.
  • Purpose: To research without being detected.
  • Best Practices:
    • Ensure the sock puppet has content/history to appear legitimate.
    • Do not tie sock puppets back to your real identity (different devices, separate IP addresses, etc.).
    • Create fake personas using tools like Fake Name Generator and 'This Person Does Not Exist'.

Creation Steps

  1. Generate fake identity using tools (e.g., Fake Name Generator, This Person Does Not Exist).
  2. Sign up for accounts using these identities (consider VPN, burner phones, etc.).
  3. Understand IP addresses and secure them using VPNs or mobile networks.
  4. Practice creating sock puppets, focusing on maintaining anonymity.

Search Engine OSINT

Search Engine Basics

  • Use search engines (Google, DuckDuckGo, Bing, Yandex, Baidu).
  • Use search operators like site:, filetype:, intitle:, inurl:, intext:.
  • Examples: Searching by specific keywords, using advanced search, filtering results by date/time.

Practical Examples

  • Finding Credentials: site:tesla.com filetype:pdf password
  • Subdomains: site:tesla.com -www
  • Finding Specific Data: intitle:password, inurl:password, intext:password

Search Logic

  • Combining Operators: Using AND, OR, NOT for refined searches.
  • Using Quotes: For specific phrases.
  • Date Ranges: To find historical data.
  • Search Images: Using Google, Yandex, Tineye for reverse image searching.
  • Advanced Search Tools: Google’s advanced search interface.

Image OSINT

Reverse Image Search

  • Use tools like Google Images, Yandex, Tineye.
  • Examples showing the practical use of reverse image search for identifying sources of images.

EXIF Data

  • Definition: Exchangeable Image File Format data embedded in images.
  • Tools: Jeffrey’s Image Metadata Viewer.
  • Data Includes: Device details, date/time, GPS coordinates, etc.

Physical Location OSINT

  • Using Maps: Google Maps/Earth for satellite images, identifying building entrances, and surroundings.
  • Street View: For more detailed reconnaissance.
  • Geographical Location: Identifying locations from images using tools like GeoGuessr and blogs for deeper analysis.

Email OSINT

Discovering Email Addresses

  • Tools: Hunter.io, Phonebook.cz, Clearbit, VoilaNorbert.
  • Verification: Email verification tools like Email Hippo, Email Checker.
  • Email Reset Techniques: Using forgot password functions for additional verification.

Password OSINT

Hunting Breach Credentials

  • Breach Data: Using sites like DeHashed, HaveIBeenPwned, Scylla.so for searching breach data.
  • Cross-referencing Data: Linking usernames, email addresses, and passwords from multiple breaches.
  • Verification: Checking hash values, searching hashed passwords.

Username OSINT

Hunting Usernames and Accounts

  • Tools: NameChk, Namecheckr, Namecheckup.
  • Verification: Checking same usernames across multiple platforms.
  • Partial Search: Using phone numbers, partial guard passwords.

People OSINT

People Search Engines

  • Sites: Whitepages, TruePeopleSearch, FastPeopleSearch, Webmii, PQ, 411, Spokeo.
  • Data: Names, addresses, phone numbers, relatives.

Voter Records

  • Public Records: Use states’ websites to find voter information.
  • Example Search: Searching for names, addresses in public voter records.

Hunting Phone Numbers

  • Google Search: Different formats (digits, hyphens, spelled out, etc.).
  • Verification Websites: Truecaller, Opencaller.
  • Forgot Password: Using password recovery steps for additional data points.

Discovering Birth Dates

  • Social Media: Use search engines with keywords like “birthday”.
  • Platforms: Facebook, LinkedIn for probable birth date mentions.

Hunting Resumes

  • Platforms: LinkedIn, Google searches using filetype operators.
  • Example Searches: Name and filetype:pdf, filetype:doc.

Social Media OSINT

Twitter

  • Search Operators: Using keywords, phrases, hashtags, and advanced search techniques.
  • Tools: Social Bearing, Twitonomy, Followerwonk, Tweepseeker, MentionMap.
  • Tracking: Real-time tracking using TweetDeck.

Facebook

  • Challenges: Graph search deprecation, limited search capabilities.
  • Tips: Use Photos of [name], public posts, third-party search engines for partial search recovery.

Instagram

  • Search Operators: Images: Extract full-size image URLs for reverse search.
  • Tools: Websites like WhatPicta for alternative data viewing.

Snapchat

  • Map Feature: Map.snapchat.com for location-based public posts.

Reddit

  • Site Search: Using Google for better search accuracy.
  • Post and Comment History: Valuable for user interactions and context.

LinkedIn

  • Profile Data: View professional history, education, connections.

TikTok

  • User Data: Public profile searches, use reverse image searches on profile pictures.

Tips and Best Practices

  1. Ethical Considerations: Always practice ethical usage of OSINT techniques.
  2. Use of Tools: Adapt and customize tools according to the investigation needs.
  3. Connect the Dots: Utilize red yarn methodology – interconnect different pieces of data to draw conclusions.
  4. Stay Updated: Tools and methodologies evolve; stay current with new tools and OSINT practices.

Conclusion

  • Halfway Mark: You’ve completed the first 4.5 hours—consider completing the full course for comprehensive knowledge.
  • Importance of Practice: Apply and validate the learned methodologies regularly to get proficient.
  • Further Learning: Explore TCM Security Academy for more courses and certification opportunities.

Resources

  • Tools and websites mentioned throughout the course will be provided in the course references section.