When learning anything new, knowing where to start can prove a challenge. Do you pay for a course, buy a book, or maybe look online?
With OSINT I recommend starting with yourself. Imagine you are an in-house digital private detective hired by yourself to investigate, well, yourself. Maybe you are about to apply for a high-profile job or are about to be security vetted for some reason. Either way, the client, you, wants to know what information is out there in the wide world about you.
OSINT stands for Open Source INTelligence and relates to the accessing of freely available information sources in order to process the data retrieved in order to obtain some form of intelligence, in this case learning what information is available about your subject online. The subject being you.
It’s a great way to learn OSINT techniques and it can be both fun and illuminating. Good or bad, whatever you find will be useful. If you find good things that you are happy to be out there then great. If you find bad things then at least you now know about them and can do something about them.
Start with search engines like Google. Search for all variations of your name. If you find images of yourself, paste them into reverse image search engines to see where else they may appear. Log and record everything you find. URLs, images, text, everything. Map out your findings and follow every lead. Leave no stone unturned. Your job as an OSINT investigator is to find everything about your client that is publicly available.
Carry out web searches for OSINT tools and techniques. Have a play with the tools as part of your endeavour. Note what is useful and what is not. Start creating your own playbook and make lots of notes. The deeper you dive the more you learn.
Take your time, don’t rush things. Learn how to look up company information, property details, employment history, social network accounts, and so on.
Search for report templates and create something that suits you. Write up your findings with recommendations.
Congratulations! You just got started in OSINT and you had fun doing it. You learned new tools and techniques and you also learned what information about you is freely available. Now action any recommendations and run a periodic check. Plus sign up to OSINT groups, newsletters, and websites and keep learning!
Tag: learning
Hack your home network
A great way to learn ethical hacking in the comfort of your own home, is to hack your own home.
When asked how I got started and which courses I recommended, I always suggest to start at home.
Most people have internet access served by a home router, with at least one computer, maybe some tablets, mobile phones, smart TVs, set-top boxes, and possibly some IoT devices connected in order to receive updates and serve content.
Why not learn the tools and techniques of hacking by running a security test on your own home network? Start by using a tool like nmap to scan your network and see what devices you can find. Map out the connected devices by IP address and try to fingerprint each. Look at open ports. Is the device located at a particular IP address a printer or mobile phone? How can you tell? Probe the device further. Is the operating system and software being reported out dated? Are there known vulnerabilities and exploits for your device? Google the versions being reported by nmap.
Once you have mapped out your network, run periodic scans to see if new devices connect. Walk around your house and turn things on that you know will connect to the home network or wait for other occupants of your household to enable their devices. Let them know what you are doing. Remember, you are scanning not exploiting!
Next use a packet sniffer like Wireshark to inspect the traffic between your devices and the router and the internet. Are there any security holes you can see? Use an application programming interface (API) tool to try to communicate with your devices. Understand how they work. Probe for weaknesses.
Once you are done write a report for yourself on your findings along with recommendations. Look online for vulnerability analysis or penentration test report templates. What could you do to improve the security of your home network and home devices? Maybe change some settings on the router? Remove permissions granted to devices that you no longer own. Maybe you added a port-forwarding rule for a games console that is long gone. Delete the rule if still present.
Congratulations. You have learned how to scan a network, probe for weaknesses, and compose a report on your findings with recommendations, and all from the comfort of your own home with no cost to you other than your time. Next, fix the problems that you found and action any recommendations.
ChatGPT hacking buddy
I’ve given many talks on cyber security and ethical hacking over the past few years and one of the things I tend to say a lot is: “There is no such thing as cheating in hacking”.
What I mean by this is that as long as you are learning you are not cheating. It’s only when you take shortcuts and learn nothing in the process that you are cheating yourself.
So when attempting a CTF or Hack the Box or Try Hack Me machine and you get stuck and you have exhausted every technique and trick that you know and nothing is working, sure, go search for a writeup or forum posts on how to progress. Read just enough to get yourself unstuck and then keep going. Learn the technique, tool, or whatever you needed to know to progress. Add it to your knowledge-base.
This is learning not cheating. Finding the answer but not learning how and why it worked is just cheating yourself.
Recently I found myself stuck on a CTF that I was taking part in for fun. It was brand new so there were no writeups or forum articles to peek at. And I was stuck. In theory I could just move on to the next challenge and come back to this one later, time allowing, but I was having fun and I wanted to figure out why my solution wasn’t working. I wanted to learn, now.
I decided to see if AI could help. I’ve been playing around with the free version of ChatGPT recently and wondered if I could make use of it in this situation. I gave it a copy of the code from a program I had disassembled as part of the CTF and asked it to tell me what the code was doing. It did, in great detail. I then asked it how I could extract certain data that the program was storing in memory. It gave me detailed instructions using a tool that I was unfamiliar with. I asked if if I could do the same with another tool I was familiar with. It kindly said no and offered to teach me how to use the tool it recommended. I agreed and learned how to use the tool and managed to make progress.
I then continued hacking at the CTF asking ChatGPT for assistance when required. Although technically cheating, I was constantly learning throughout, and allthough I managed to get some virtual points on a virtual scoreboard, they were worthless in the real world, but the knowledge I gained from hacking with ChatGPT was priceless.
So now when I get really stuck and I’ve exhausted everything I know, I turn to ChatGPT as my AI hacking buddy. Only after I’ve finished the challenge, or both ChatGPT and I have failed to come up with a solution do I go looking for a writeup.
HTB peer snooping
HTB (Hack The Box) offers a free and premium (VIP) tier for its members. It’s a great platform for learning ethical hacking (along with Try Hack Me). I promised myself that after I’d gotten through the free content that I would treat myself to VIP membership, but have yet to do so. You see, I discovered that there are unintended benefits of free membership. In addition to lots of free content including the seasons machines, there is a little known way of learning on HTB: Peer snooping.
You see, when you access a machine via a non-VIP account you are essentially sharing the (virtual) machine with other users. And when you have a foothold on a box and you are stuck on privilege escalation you can snoop on other players. You can look at who else is logged on and you can monitor what they are doing. You can see what tools, commands, CVEs, etc they are trying and can learn from them.
So next time you are trying a HTB machine and you have a foothold (a login with shell) try snooping on others that are also trying to pwn the machine. You may learn something.
Never stop learning
One time I was asked to take a junior tester under my wing and show him the ropes. One day he says to me “It must be hard for you to learn new things at your age”. He wasn’t being funny or anything. He genuinely believed that the older you get the harder it is for you to learn new things. I corrected him on that.
This thinking is supported in our culture. We’ve all heard people say you can’t teach an old dog new tricks, or that it’s better to learn a new language at a young age. I’ve thought about this a lot and my thinking is this: that you can learn something new at any age, but as you get older you become more stubborn and resistant to learning something unless you absolutely need to know it or you find it interesting.
As I write this and look over at my bookshelf I see books on finance and investing that I’ve been reading recently as I’ve been fascinated by how the world of money works. And because I’m interested in this subject I’ve been devouring books and other media on the subject and I now know a lot more on the subject than I did a few months earlier.
You will also find that on occasion a client will ask you to learn or master a new tool or technique in order to be able to complete the work for them. Not learning in this scenario can cost you both money and reputation. I’ve met people who will say things like “I’m a tester I don’t write code”. What they really mean is that they are afraid to try. Don’t be afraid to leave your comfort zone but do manage the risks!
Never stop learning. Whether it’s new tools and techniques being developed for your profession or subjects you are interested in like finance, business, the economy, coaching or consulting. We should all never stop learning.
A good tip I’ve learned is to never be the smartest person in a room or on a team. It might boost your ego but that’s the only thing that will grow. Everyone else will have you to learn from but you won’t have anyone. I like to work with smart people so I learn something from them.
So remember:
You can teach an old dog new tricks!
Don’t be the smartest person in the room, understand your client’s business, and learn from other people’s mistakes (it’s cheaper).