Acquire OSINT data sets and information

Open source intelligence (OSINT) is intelligence gathered from publicly available sources. This can include both information gathered on-line, such as from search engines, as well as in the physical world. [1]

ID: T1247

Tactic: Technical Information Gathering

Version: 1.0

Similar Techniques by Tactic

People Information GatheringAcquire OSINT data sets and information
Organizational Information GatheringAcquire OSINT data sets and information


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This activity is indistinguishable from legitimate business uses and easy to obtain. Direct access to the selected target is not required for the adversary to conduct this technique. There is a limited ability to detect this by looking at referrer fields on local web site accesses (e.g., a person who has accessed your web servers from [ Shodan]).

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Possible to gather technical intelligence about Internet accessible systems/devices by obtaining various commercial data sets and supporting business intelligence tools for ease of analysis. Commercial data set examples include advertising content delivery networks, Internet mapping/traffic collections, system fingerprinting data sets, device fingerprinting data sets, etc.


  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.