Open-Source Intelligence gathering (OSINT) exercises harvest data from publicly available internet sources, such as social media accounts, internet forums, websites, and news outlets. Law enforcement agencies, cyber security experts and hackers all use OSINT to gather useful information to support a targeted attack.
Our methodology comprises:
- Gathering general information about the target organisation
- Performing network and attack surface reconnaissance through DNS and sub-domain enumeration
- Identifying the target organisation’s internet footprint, including leaks of highly classified information of sensitive information like trade secrets, IP and source code.
- Identifying obsolete or outdated software and application packages
Commissum provides clients with a threat assessment based on information that an attacker has access to, that lays the foundation for a successful targeted attack. Data gathered is carefully analysed and presented to the client in terms of business risks and actionable recommendations for remediation.
In an attack chain, such as in a red team engagement, these data can also be used in identifying assets of interest such as key systems in an organisation’s infrastructure and critical data. This can further be utilised to plan and deliver a targeted attack as part of our red team service.