To put it simply, Open Source Intelligence (OSINT) is a collection of information that is publicly available on the web. This includes social media, reverse DNS lookup and WHOIS information, and much more. Anything that you can find on the internet probably falls under OSINT's domain.
OSINT can be used for many things. You can use it to find information about someone on the internet, look up information about a company, or find vulnerabilities in your infrastructure. Like any tool, OSINT has its positives and negatives. While it can be beneficial for identifying breaches or intrusions in your network, it can also be utilized by attackers to get personal information that you don't want to be disclosed.
One malicious use for OSINT is doxxing. Doxxing is gathering sensitive information about someone and disclosing it to the public. This information can include where someone lives, how much they make, etc. How can someone use OSINT to gain this information? Well, if you put your location on your social media profile, then that makes it easy for an attacker to get that information. Otherwise, they can look out your posts to see if you make any mention of local surroundings, such as high schools or tourist attractions. By using sites such as Glass Door and LinkedIn and attacker can find out where you work, where you sit in the company, and how much you make. Spooky right?
It gets even worse. By using this profile an attacker has made about you, they can launch social engineering attacks on you. They can craft specific phishing emails to try to get you to install malware on your system or to get your credentials. For example, an attacker could find out through a tweet you made or some other social media post that your preferred bank is Wells Fargo. They can then find out your email address by either you listing it on your profile or by bruteforcing common combinations of your first and last name. After they get this info, they can send you an email stating that something is wrong with your account and that you have to log in to their phishing page for the problem to be resolved. Once you log in, they now have your credentials and can access your bank account.
An attacker can also use OSINT in conjunction with social engineering to gain a foothold in your system. They can trick you into installing malware, or see that you're running a vulnerable web server by scanning the services that are running on it. They can even find hidden servers if your company is large enough to have its own Autonomous System Number. Through that number, they can list every IP address your company owns and just scan each one until they get a hit. This is all public information that is easy to find and exploit.
While there are a lot of malicious uses for OSINT, there are a lot of ways we can use it defensively as well. We could use it to find out where attackers are coming from. If we had a piece of malware that was dropped on our system by a hacker that points to a specific domain, then we could do a reverse lookup on that domain to find the email address our hacker used to register.
Some services, like Halogen, also use OSINT to find vulnerabilities in your infrastructure before attackers do. Other services, like haveibeenpwned, allow you to check and see if your emails have been in a third party breach. OSINT can also be used to find usernames and passwords that are already compromised. We can use these stolen credentials to strengthen our passwords and accounts.
Overall, OSINT is a very versatile tool that can be used for many things. You may not realize it, but you interact with OSINT every day by just going on the web. Mundane tasks like updating your social media profile are actually adding to Open Source Intelligence. While the tool can be used for good, it can also be used in malicious ways, so it's always best to watch out what you post on the internet. Anything that can be considered personal information can be used against you.