Acquire OSINT data sets and information
Open source intelligence (OSINT) is intelligence gathered from publicly available sources. This can include both information gathered on-line, such as from search engines, as well as in the physical world. 
Similar Techniques by Tactic
|Organizational Information Gathering||Acquire OSINT data sets and information|
|People Information Gathering||Acquire OSINT data sets and information|
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: This activity is indistinguishable from legitimate business uses and easy to obtain. Direct access to the selected target is not required for the adversary to conduct this technique. There is a limited ability to detect this by looking at referrer fields on local web site accesses (e.g., a person who has accessed your web servers from [https://www.shodan.io Shodan]).
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Possible to gather technical intelligence about Internet accessible systems/devices by obtaining various commercial data sets and supporting business intelligence tools for ease of analysis. Commercial data set examples include advertising content delivery networks, Internet mapping/traffic collections, system fingerprinting data sets, device fingerprinting data sets, etc.
- Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.