OpSec and OSInt

Published: 2019-07-07. Last Updated: 2019-07-07 03:06:02 UTC
by Rick Wanner (Version: 1)
1 comment(s)

Operations security (OpSec) is a military term that has evolved into the InfoSec realm.  In a military context OpSec describes a process that identifies critical information to determine if friendly actions can be learned or observed by enemy intelligence, and if the information obtained by the enemy could be useful to subvert operations.

In the InfoSec realm OPSec is the process of determining what publicly available information is available about an organization and to determine if the information, either individually or in aggregate, could be used by a nefarious individual to do damage to the organization.

A trivial example of where publicly available information could be used by the bad guys is Spear Phishing.  The list of company executives taken off of a company website combined with the format of the corporate email addresses can be used to craft and deliver a spear phishing email.

Open Source intelligence (OSInt) is the process of determining what information is publicly available.

There are many tools available to assist with OSInt, starting with Google, but finding the right tools to sift through the myriad types of information is difficult. An excellent resource for finding those tools is the OSInt Framework.  The OSInt Framework is a huge mindmap of available OSInt tools classified by the type(s) of data they are useful for.  

In the last couple of weeks I stumbled on a creative use for OSInt.  A non-profit organization called Trace Labs is using crowd sourced Open Source Intelligence to gather verified information for missing person cases.  After a few weeks of information gathering the information is turned over to the police. They have also gameified the OSInt process through virtual capture the flag (CTF) events as well as CTF events at B-sides and other conferences. Trace Labs next virtual CTF event is on Saturday July 13th. 
 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: OpSec OSInt
1 comment(s)

Comments


Diary Archives