How OSINT can be used to supplement your organizational collection plan
Describe how OSINT can be used to supplement your organizational collection plan, identify 10 sites that can be used to research sites/domains for:
legitimacy
sender verification
list of domains (country codes/domains/extensions, organization domains, other IOC (indicators of compromise) that might need to be researched)
Sample Solution
- Identifying potential threats: OSINT can be used to identify potential threats to your organization, such as malicious websites or phishing emails.
- Gathering intelligence on your adversaries: OSINT can be used to gather intelligence on your adversaries, such as their capabilities, resources, and motivations.
Full Answer Section
- Understanding your environment: OSINT can be used to understand your environment, such as the people, organizations, and technologies that interact with your organization.
- Attributing attacks: OSINT can be used to attribute attacks to specific actors, which can help you to hold them accountable.
- Building a threat intelligence library: OSINT can be used to build a threat intelligence library, which can be used to inform your security posture and incident response plans.
Here are 10 sites that can be used to research sites/domains for legitimacy, sender verification, list of domains (country codes/domains/extensions, organization domains, other IOC (indicators of compromise) that might need to be researched):
- Google Search: Google Search is a good starting point for any OSINT investigation. You can use it to search for information on a specific domain, website, or email address.
- Whois: Whois is a database that contains information about domain names. You can use it to find out the registrant information for a domain, such as the name, address, and phone number of the owner.
- Threat Intel Platforms: There are a number of threat intel platforms that can be used to research domains and websites. These platforms typically aggregate data from a variety of sources, such as social media, dark web forums, and threat intelligence feeds.
- Malware Analysis Tools: There are a number of malware analysis tools that can be used to scan websites and domains for malicious content. These tools can help you to identify phishing websites, malware-infected websites, and other malicious domains.
- Social Media: Social media can be a valuable source of information for OSINT investigations. You can use social media to find out about the people and organizations associated with a domain or website.
- Dark Web Forums: The dark web is a hidden part of the internet that is not indexed by search engines. Dark web forums can be a valuable source of information for OSINT investigations, as they often contain information about malicious actors and their activities.
- Pastebins: Pastebins are websites where users can post text anonymously. Pastebins can be a valuable source of information for OSINT investigations, as they often contain information about malicious code, hacking tools, and other sensitive information.
- Registrar Websites: The registrar website is the website where a domain name is registered. You can use the registrar website to find out the registrant information for a domain, such as the name, address, and phone number of the owner.
- Threat Intelligence Feeds: Threat intelligence feeds are a way to receive regular updates on malicious domains and websites. These feeds can be a valuable source of information for OSINT investigations, as they can help you to stay up-to-date on the latest threats.
- OSINT Tools: There are a number of OSINT tools that can be used to automate the process of gathering and analyzing information. These tools can be a valuable resource for OSINT investigations, as they can help you to save time and effort.
It is important to note that OSINT is not a silver bullet. It is a tool that can be used to gather information, but it is important to use it in conjunction with other methods, such as technical analysis and human intelligence.