An Understanding of Your Organisation's Footprint
Gain a comprehensive view of your people and processes, and how attackers may look to exploit them.
A Prioritised List of Potential Risks
Understand which risks and attacks pose the greatest risk to your applications and APIs, and how to address them.
Guidance on Securing Information
Bridewell will provide guidance on how OSINT can be removed from public forums or, where this isn’t possible, otherwise secured.
Targeted Awareness Training
Enhance your employees’ understanding of how to prevent sensitive information from leaking to public sources.
Why Open Source Intelligence Testing with Bridewell?
Bridewell’s OSINT service uses a complete range of information gathering techniques to identify potential risks, vulnerabilities and weaknesses that could be exploited by attackers. Once identified, our consultants can work with you to prioritise them and either isolate or remove the sensitive data before an attacker can utilise it.
This service is a valuable component of wider penetration testing activities, such as Red Team exercises, and helps simulate a real-life cybersecurity attack on an organisation’s infrastructure, wireless networks, applications or mobile devices.
Key Challenges Addressed
Many information sources detail valuable data via OSINT such as usernames, job titles, contact details, and recruitment information that can be used to build a detailed picture of an organisation and their people.
This can be used by malicious actors to target their attack and improve their likelihood of success. To address this, organisations need to understand where information is leaking and how it could be used against them.
However, searching for OSINT can return overwhelming amounts of data, much of which might not prove useful. Instead, organisations need a clear strategy in place for acquiring accurate information that will help them focus their efforts. Given that this requires experience searching for OSINT and a strong understanding of how it can be used, it is uncommon to find these capabilities within most organisations.
How it Works
Bridewell uses a combination of active, passive and semi-passive gathering to collect as much information as possible about your organisation from publicly available sources. In particular, our team searches for:
- Physical security measures for the location
- Infrastructure and networking detail
- Full DNS listings of all associated assets
- Netblock owners (whois data) and email records (MX + mail address structure).
- Any other information relating to organisations and employees which could potentially be used in future exploits
- Information from previous breaches and any passwords associated with your organisation’s accounts
The information gathered during this stage is often used to inform wider penetrating assessments from our team, which can vary depending on the specific requirements of your organisation. Our consultants also use these insights to guide your organisation on how they can remove this information or take actions to mitigate the risk posed by it.
FAQs
The term ‘open source’ refers to publicly available information. Open Source Intelligence, OSINT for short, refers to data and information that’s been collected from numerous sources to be used for intelligence purposes.
OSINT is primarily used in law enforcement and business intelligence, but is also valuable and widely-used by security professionals to help them carry out their services, assessments and security testing procedures.
While Open Source Intelligence does derive a great deal of information from publicly available sources, ranging from social media data to online publications, there are concerns for its legitimacy and accuracy.
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.