• Table Of Content

Introduction

Basics

• It's trying to find about the maximum amount of information about an organisation passively viz, our presence is not exposed to our target.
• Provides visibility and increases the attack surface
• From defenders' POV, Give insights into how the adversary is going to target us
• Organisations have a lot of data published online (both planned and unplanned). OSINT is the collective representation of this data in an offensive/ defensive manner.

>Data Visualisation And Animation

Flourish | Data Visualization & Storytelling

Animaker, Make Animated Videos on Cloud for free

Knight Lab

Datawrapper: Create charts, maps, and tables

Home

Charts | Google Developers

Powtoon | Create Awesome Videos Yourself

Create Infographics, Presentations & Reports | Piktochart

Tableau Public

Chart Studio

Create Stunning Social Media Graphics for Free

Online Chart Builder - ChartBlocks

Document Metadata Analysis

>Basics

• Metadata means data about the data.
• We can gain a lot of information by analysing the metadata if it's not been removed, giving us a lot of information for carrying out our engagement
• It varies from format to format, but most metadata-rich formats are:
  • pdf
  • doc, dot and docx
  • xls, xlt, xlsx
  • ppt, pot and pptx
  • jpg and jpeg
  • html and html (hidden information)

>Resources

• Fingerprinting Organisation With Collected Archives (FOCA) uses all the Google hacking techniques discussed above to try to identify files and stuff, downloading them, and extracting their metadata to get further information.

dafthack/PowerMeta

ElevenPaths/FOCA

gocaio/goca

• We can use Exiftool to read, write and change metadata (supports recursion and automation)

ExifTool by Phil Harvey

laramies/metagoofil

• We can use the strings command to display printable text from a file. It only looks for ASCII by default, but we can change that with -e switch (l for little endian, and b for big endian), and it looks for four consecutive characters, we can change that through -n

whois Information

>Introduction

• Before registering a domain, we must give certain information to the registrar for identity verification and also so that they can request Digital Certificates on our behalf from the CAs, and also registrars and other such authorities can contact us if need be.