How to use open source intelligence for attack surface analysis?

Open source intelligence (OSINT) is the practice of gathering data from published or otherwise publicly available sources. Whether it is an IT security expert, a malicious attacker, or a state-sanctioned intelligence officer, open source intelligence is the use of advanced technology to search large amounts of visible data to find information that achieves a goal.

Open source intelligence has many practical applications, such as: attackers use open source intelligence as a tool for reconnaissance, and social engineering uses open source intelligence to research targets prior to an attack. Public records are the primary source of open source intelligence. In addition, data mined from the dark web is valuable and easily available.

Using open source intelligence for attack surface analysis

As part of attack surface analysis prior to penetration testing, it is critical to know your open source intelligence trails. The attack surface consists of more than just open ports, hostnames and IP addresses; email addresses, employee names, SaaS platforms, cloud-based tools and storage, public records, data breaches, social media accounts, and more are now potential areas of risk.

The intelligence phase is a key element needed to define the tactics, techniques and procedures (TTPs) that may be used to reach targets and accomplish mission objectives. The number of entry points into an enterprise network determines the number of attack vectors available to a malicious person.

Potential attack paths include:

a. Information systems that have access to the Internet (e.g., administrative control panels for servers, workstations, and special devices).

b. Employees' mobile devices.

c. Accounts of cloud platforms and services used by employees.

Because the attack surface extends far beyond an organization's physical network, traditional scanning and reconnaissance methods are no longer sufficient. Determining what open source intelligence information an organization has is critical to the ability to adequately address potential risks.