Acquire OSINT data sets and information

From pre-attack
Jump to: navigation, search


Acquire OSINT data sets and information
Technique
ID PRE-T1024
Tactic Technical Information Gathering

Definition

Open source intelligence (OSINT) is intelligence gathered from publicly available sources. This can include both information gathered on-line, such as from search engines, as well as in the physical world.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Possible to gather technical intelligence about Internet accessible systems/devices by obtaining various commercial data sets and supporting business intelligence tools for ease of analysis. Commercial data set examples include advertising content delivery networks, Internet mapping/traffic collections, system fingerprinting data sets, device fingerprinting data sets, etc.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This activity is indistinguishable from legitimate business uses and easy to obtain. Direct access to the selected target is not required for the adversary to conduct this technique. There is a limited ability to detect this by looking at referrer fields on local web site accesses (e.g., a person who has accessed your web servers from Shodan).

Similar Techniques for Other Tactics

TacticArticle
Organizational Information GatheringAcquire OSINT data sets and information
People Information GatheringAcquire OSINT data sets and information
Technical Information GatheringAcquire OSINT data sets and information