The OSINT Episode

Transcript

Introduction to the Guest and Topic:
Host Ally Krings welcomes Duncan Wooley, a penetration tester at Kirkpatrick Price. The discussion focuses on OSINT (Open Source Intelligence) and its role in penetration testing and audits. Duncan explains his role as an ethical hacker and how pentesting helps organizations identify vulnerabilities before attackers exploit them.

What is a Pentester?:
A pentester, or ethical hacker, simulates attacks on networks to uncover security weaknesses. Unlike malicious hackers, ethical hackers operate under strict contracts and professional certifications, ensuring their work is legal and controlled.

What is OSINT and Why is it Important?:
OSINT stands for Open Source Intelligence—information gathered from publicly available sources without direct interaction with the target systems. Unlike active reconnaissance, OSINT uses data from the internet, social media, and other open platforms to identify vulnerabilities. Incorporating OSINT into audits and pentests provides a broader view of potential risks.

The Role of Social Media in OSINT:
Social media is a major source of sensitive information. Duncan shares examples where employees posted office photos revealing confidential details. Attackers can use such data for social engineering, impersonation, and phishing campaigns. LinkedIn, Facebook, Instagram, and Twitter are common platforms for gathering employee names, email formats, and organizational details.

Common OSINT-Based Attack Scenarios:

• Phishing Campaigns: Using social media insights (e.g., company retreats) to craft convincing phishing emails.
• Spear Phishing: Targeting executives with personalized emails based on awards or affiliations. Duncan recounts an incident where an executive clicked a malicious file disguised as an alumni interview request, enabling code execution.
• Physical Security Breaches: OSINT can reveal vendor relationships, allowing attackers to impersonate service providers and gain physical access to facilities.

Physical Penetration Testing:
Duncan explains how OSINT aids physical security tests. By mimicking vendors or delivery personnel, testers can bypass access controls and plant devices inside offices. Even without network access, sensitive documents left in open areas can be photographed and exploited.

Misconceptions About OSINT:
Many confuse OSINT with reconnaissance. Recon is active and limited to scanning hosts, while OSINT encompasses a broader range of publicly available data, including social media posts, blogs, and leaked resources.

Risks of Location Tagging and RFID Cloning:
Tagging locations on social media can expose employees to badge cloning attacks. Attackers can use RFID cloning devices near frequent hangouts (e.g., coffee shops) to duplicate access cards and infiltrate buildings.

Challenges and Evolving Landscape:
OSINT tools and techniques change rapidly. Duncan emphasizes the need for constant learning and monitoring of new platforms, breaches, and data leaks. Breach data, for example, can reveal corporate emails and passwords, which attackers may exploit if passwords are reused.

Final Thoughts:
Duncan underscores the importance of strong social media policies, regular audits, and employee awareness to mitigate OSINT-related risks. He invites listeners to submit questions and explore more resources at kirkpatrickprice.com/podcast.