IN THIS CHAPTER

Gleaning information about your organization using open-source intelligence (OSINT)

Using web resources

Seeking information that you (and others) can benefit from

One of the most important aspects in determining how your organization is at risk is finding out what information about your business and your systems is publicly available. Gathering this information is such an important part of your overall methodology that I think the subject deserves a dedicated chapter.

In this chapter, I outline some free, easy ways to see what the world sees about you and your organization. You may be tempted to bypass these Open Source Intelligence (OSINT) exercises in favor of the cooler, sexier technical security flaws, but don’t skip this step! Gathering this type of information is critical and is often where many security breaches begin.

Gathering Public Information

The amount of online information you can gather about an organization’s business, people, and network is staggering. To see for yourself, use the techniques outlined in the following sections to gather information about your own organization.