June 20

Workshop takeaways: OSINT for Cyber Defenders


My key takeaways

  • Always do OSINT with the assumption in mind, that the software you are using is compromised
  • Sock puppet accounts
    • do not use real images like from Google Image Search as this might be considered identity theft in some countries
    • make the email account information match you sock puppet
    • use lastpass to store information about sites or accounts for you sock puppet
  • proxychains uses spaces instead of :
    • on Kali conf is at /etc/proxychains4.conf
    • activate random chain
    • the IPs you get from rsock are the same, but different ports. The IP will be changed on rsocks side by port
  • dig <domain> +short will return only the IP. Usefull if piped into other commands
    • works with other dig parameters as well
    • dig <domain> -t all +short | tee <domain>_info.txt seems a usefull command for basic information
  • arin.net can provide interesting information about US companies
  • Domaintools.com may sometimes give hidden whois information
    • historical information might be interesting as well
  • free information sources are often good, but most time it will not be on par with paid information sources
  • dnsrecon -d <domain> -t brt will try to brute force for DNS information
    • dnsrecon -d <domain> -b = using bing
    • dnsrecon -d <domain> -y = using yandex
    • can be combined in one request
  • Recon-ng comes with no module pre installed
    • use marketplace search to list available modules
    • use marketplace install <module path> or marketplace install all to install
    • keys list will list your API keys
      • keys add <apiname> <key> to add a key
  • DNSTwist is usefull to find typosquatting domains
    • typosquatting domains might not only used to phish your coworkers but also your customers
  • You can pipe keywords in Google dorks like keyw1|keyw2|keyw3
  • if a bad actor knows what he is searching for, often he doesn’t need expensive or special tools
  • Maltego creates great visual represantation of information and creates also great reports out of the box.
    • Also a lot what is possible with separate tools, can be done with Maltego in one GUI
    • Some tools in the Maltego Marketplace are free, some bring-your-own-key, some paid
    • Also access to tools like Crowdstrike that might be not available as often in other tools


additional links


BSides, OSINT, red teaming, workshop

You may also like

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – A Master Class on Offensive MSBuild

Webinar takeaway – A Master Class on Offensive MSBuild
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}