Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: OpSec and OSInt SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpSec and OSInt

Operations security (OpSec) is a military term that has evolved into the InfoSec realm.  In a military context OpSec describes a process that identifies critical information to determine if friendly actions can be learned or observed by enemy intelligence, and if the information obtained by the enemy could be useful to subvert operations.

In the InfoSec realm OPSec is the process of determining what publicly available information is available about an organization and to determine if the information, either individually or in aggregate, could be used by a nefarious individual to do damage to the organization.

A trivial example of where publicly available information could be used by the bad guys is Spear Phishing.  The list of company executives taken off of a company website combined with the format of the corporate email addresses can be used to craft and deliver a spear phishing email.

Open Source intelligence (OSInt) is the process of determining what information is publicly available.

There are many tools available to assist with OSInt, starting with Google, but finding the right tools to sift through the myriad types of information is difficult. An excellent resource for finding those tools is the OSInt Framework.  The OSInt Framework is a huge mindmap of available OSInt tools classified by the type(s) of data they are useful for.  

In the last couple of weeks I stumbled on a creative use for OSInt.  A non-profit organization called Trace Labs is using crowd sourced Open Source Intelligence to gather verified information for missing person cases.  After a few weeks of information gathering the information is turned over to the police. They have also gameified the OSInt process through virtual capture the flag (CTF) events as well as CTF events at B-sides and other conferences. Trace Labs next virtual CTF event is on Saturday July 13th. 
 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

294 Posts
ISC Handler
Thank You
Anonymous

Sign Up for Free or Log In to start participating in the conversation!