What is Open Source Intelligence (OSINT) and active vulnerability management, how do attackers use this information against you?
Private Equity (PE) today faces new challenges in the form of cyber risks to not only the PE firm but the portfolio as well. It is this large attack surface that can make it very difficult to accurately quantify risk. During a Halogen assessment, Vulsec learned valuable methods of detecting and quantifying risk. With the use of Halogen, we analyzed over 140 of this client's portfolio companies. Within 15 minutes of Open Source Intelligence, we learned everything that an attacker would be able to use against these companies by utilizing public information.
To put it simply, Open Source Intelligence (OSINT) is a collection of information that is publicly available on the web. This includes social media, reverse DNS lookup and WHOIS information, and much more. Anything that you can find on the internet probably falls under OSINT's domain.
Ever have to scroll through multiple pages on Google to get the information you want, or have to gather information from multiple websites? The process of manually going through each and every page of a website, picking out information you feel is relevant to your needs can be long, tedious, and boring. There has to be a better way! In comes the wonderful art of web scraping.