How OSINT can be used to supplement your organizational collection plan

Full Answer Section

• Understanding your environment: OSINT can be used to understand your environment, such as the people, organizations, and technologies that interact with your organization.
• Attributing attacks: OSINT can be used to attribute attacks to specific actors, which can help you to hold them accountable.
• Building a threat intelligence library: OSINT can be used to build a threat intelligence library, which can be used to inform your security posture and incident response plans.

Here are 10 sites that can be used to research sites/domains for legitimacy, sender verification, list of domains (country codes/domains/extensions, organization domains, other IOC (indicators of compromise) that might need to be researched):

1. Google Search: Google Search is a good starting point for any OSINT investigation. You can use it to search for information on a specific domain, website, or email address.
   Opens in a new windowwww.lifewire.com

   Google Search website
2. Whois: Whois is a database that contains information about domain names. You can use it to find out the registrant information for a domain, such as the name, address, and phone number of the owner.
   Opens in a new windowwww.whois.com

   Whois website
3. Threat Intel Platforms: There are a number of threat intel platforms that can be used to research domains and websites. These platforms typically aggregate data from a variety of sources, such as social media, dark web forums, and threat intelligence feeds.
   Opens in a new windowthreatintelligenceplatform.com

   Threat Intel Platforms website
4. Malware Analysis Tools: There are a number of malware analysis tools that can be used to scan websites and domains for malicious content. These tools can help you to identify phishing websites, malware-infected websites, and other malicious domains.
   Opens in a new windowwww.varonis.com

   Malware Analysis Tools website
5. Social Media: Social media can be a valuable source of information for OSINT investigations. You can use social media to find out about the people and organizations associated with a domain or website.
   Opens in a new windowwww.campaign180.com

   Social Media website
6. Dark Web Forums: The dark web is a hidden part of the internet that is not indexed by search engines. Dark web forums can be a valuable source of information for OSINT investigations, as they often contain information about malicious actors and their activities.
   Opens in a new windowsocradar.io

   Dark Web Forums website
7. Pastebins: Pastebins are websites where users can post text anonymously. Pastebins can be a valuable source of information for OSINT investigations, as they often contain information about malicious code, hacking tools, and other sensitive information.
   Opens in a new windowwww.bbc.com

   Pastebins website
8. Registrar Websites: The registrar website is the website where a domain name is registered. You can use the registrar website to find out the registrant information for a domain, such as the name, address, and phone number of the owner.
   Opens in a new windowneilpatel.com

   Registrar Websites website
9. Threat Intelligence Feeds: Threat intelligence feeds are a way to receive regular updates on malicious domains and websites. These feeds can be a valuable source of information for OSINT investigations, as they can help you to stay up-to-date on the latest threats.
   Opens in a new windowwww.comparitech.com

   Threat Intelligence Feeds website
10. OSINT Tools: There are a number of OSINT tools that can be used to automate the process of gathering and analyzing information. These tools can be a valuable resource for OSINT investigations, as they can help you to save time and effort.
    Opens in a new windowtraversals.com

    OSINT Tools website

It is important to note that OSINT is not a silver bullet. It is a tool that can be used to gather information, but it is important to use it in conjunction with other methods, such as technical analysis and human intelligence.

Sample Solution

• Identifying potential threats: OSINT can be used to identify potential threats to your organization, such as malicious websites or phishing emails.
• Gathering intelligence on your adversaries: OSINT can be used to gather intelligence on your adversaries, such as their capabilities, resources, and motivations.