men with headsets working
Penetration Testing Teal Icon

Open Source Intelligence (OSINT)

Identify and reduce the risk posed by sensitive data and information accessible through publicly available sources.  

Service Summary

Bridewell’s OSINT service uses a complete range of information gathering techniques to identify potential risks, vulnerabilities and weaknesses that could be exploited by attackers. Once identified, our consultants can work with you to prioritise them and either isolate or remove the sensitive data before an attacker can utilise it.  

This service is a valuable component of wider penetration testing activities, such as Red Team exercises, and helps simulate a real-life cybersecurity attack on an organisation’s infrastructure, wireless networks, applications or mobile devices.

  • An End-to-End Service - Bridewell needs minimal involvement from your organisation to complete the assessment, reducing the burden on in-house teams.
  • Tailored Engagements for Any Goal - None of our assessments are ‘out-of-the-box’; Bridewell collaborates with organisations to develop a framework that assesses specific areas of concern in line with business objectives.
  • Deep Sector Experience - Bridewell has worked with organisations in some of the most highly regulated and critical industries and understands the unique business challenges and risks faced by these sectors.
  • Highly Accredited for Penetration Testing - Bridewell is accredited by CREST, the OSCP, Zeropoint Security CRTOs, are Tiger-certified, and possesses Certified Cyber Security Consultancy status with the National Cyber Security Centre (NCSC). 
  • A Realistic Simulation of Real-Life Attacks - Bridewell’s assessments are goal-oriented and accurately recreate the tools, tactics and procedures that would be used by a real-world attacker

Key Challenges Addressed

Many information sources detail valuable data via OSINT such as usernames, job titles, contact details, and recruitment information that can be used to build a detailed picture of an organisation and their people.

This can be used by malicious actors to target their attack and improve their likelihood of success. To address this, organisations need to understand where information is leaking and how it could be used against them. 

However, searching for OSINT can return overwhelming amounts of data, much of which might not prove useful. Instead, organisations need a clear strategy in place for acquiring accurate information that will help them focus their efforts. Given that this requires experience searching for OSINT and a strong understanding of how it can be used, it is uncommon to find these capabilities within most organisations. 

Open Source Intelligence

 

 

Our data privacy specialists will work with you to review your data processing activities to ensure that all personal data is being handled in accordance with regulations.

While using the UK & EU GDPR as a benchmark, the assessment will also note all applicable nuances of global data privacy legislation applicable to your organisation. This includes other legislation and standards such as the Data Protection Act and PECR. A GDPR Gap Analysis from Bridewell can also be used as an external audit of their compliance status and act as a complement to an internal audit, if one has already been performed. 

Key Benefits

Here are just some of the benefits of trusting Bridewell to assist with Open Source Intelligence Service:

An Understanding of Your Organisation's Footprint

Gain a comprehensive view of your people and processes, and how attackers may look to exploit them.

A Prioritised List of Potential Risks

Understand which risks and attacks pose the greatest risk to your applications and APIs, and how to address them.

Guidance on Securing Information

Bridewell will provide guidance on how OSINT can be removed from public forums or, where this isn’t possible, otherwise secured. 

Targeted Awareness Training

Enhance your employees’ understanding of how to prevent sensitive information from leaking to public sources.

How it Works

Bridewell uses a combination of active, passive and semi-passive gathering to collect as much information as possible about your organisation from publicly available sources. In particular, our team searches for:

  • Physical security measures for the location
  • Infrastructure and networking detail
  • Full DNS listings of all associated assets
  • Netblock owners (whois data) and email records (MX + mail address structure).
  • Any other information relating to organisations and employees which could potentially be used in future exploits
  • Information from previous breaches and any passwords associated with your organisation’s accounts

The information gathered during this stage is often used to inform wider penetrating assessments from our team, which can vary depending on the specific requirements of your organisation. Our consultants also use these insights to guide your organisation on how they can remove this information or take actions to mitigate the risk posed by it. 

NSCS Certified Services

Why Bridewell?

As one of the UK's largest independent cyber security service providers, we're trusted by some of the most highly regulated organisations to protect their data, reputation and business. With our industry-leading certifications and our customer-centric approach, we're optimally positioned to provide end-to-end cyber security services tailored to your business' individual needs.

Security Specialists

Clients

Security Certifications

  • Award-Winning
  • Agile and Responsive Delivery
  • Strategic Insight and Technical Expertise
  • An Extension of Your Team
  • Flexible Commercial Models
  • Trusted by Microsoft
  • 24x7 MDR & Security Operations Centre
  • Dedicated to Cyber Security
  • Cyber Security for the Wider Good
  • Committed to Sustainability
  • Developing Cyber Skills for the Future

FAQs

The term ‘open source’ refers to publicly available information. Open Source Intelligence, OSINT for short, refers to data and information that’s been collected from numerous sources to be used for intelligence purposes. 

OSINT is primarily used in law enforcement and business intelligence, but is also valuable and widely-used by security professionals to help them carry out their services, assessments and security testing procedures.

While Open Source Intelligence does derive a great deal of information from publicly available sources, ranging from social media data to online publications, there are concerns for its legitimacy and accuracy. 

Penetration Testing Insights

Ready to Take the Next Step?

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Related Penetration Testing Services

Social Engineering Testing

Social Engineering Testing

Social Engineering Testing

Evaluate how effective your policies, procedures and people would be in response to a social engineering or phishing attack. 
More Info
Wireless Penetration Testing

Wireless Penetration Testing

Wireless Penetration Testing

Identify weaknesses, vulnerabilities and architectural flaws that would allow attackers to obtain sensitive information via a wireless solution.  
More Info
Web application and API Testing

Web Application and API Testing

Web Application and API Testing

Gain complete insight into the potential impact of a breach into your organisation’s web applications and application programming interfaces (APIs).
More Info
Infrastructure Penetration Testing

Infrastructure Penetration Testing

Infrastructure Penetration Testing

Test the core systems that underpin your organisation with a comprehensive assessment of your infrastructure.
More Info