This document discusses open source intelligence (OSINT) and a solution for integrating various open source OSINT tools into a single platform. It introduces the presenters and provides an agenda that will cover what OSINT is, why it is useful, examples of recent hacks, challenges organizations face, available solutions, and a demonstration of their integrated platform. The platform aims to make OSINT capabilities more accessible and help detect sensitive information exposed online that could pose security risks. The presentation concludes by thanking contributors to open source projects and welcoming questions.

1. Listen who whispers your name in the dark!!!
OSINT Black Magic:

2. A Man needs a Name
Nutan Kumar Panda (@TheOsintGuy)
InfoSec Engineer eBay.inc
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/nkpanda
Real World Existence:
Gamer, Rider, Keyboard Player

3. A Man needs a Name
Sudhanshu Chauhan(@Sudhanshu_c)
Director OctoGence Technologies
OSINT Enthusiast
Co-Author: Hacking Web Intelligence
https://github.com/SudhanshuC
Real World Existence:
Avid reader, Cook, traveler

4. • What is OSINT?
• Why OSINT?
• Why this weird title?
• What is the biggest problem an organization faces?
• Some recent hacks
• What are the solution available?
• Where our solution stands?
• Demo
• What else can be done with our solution?
• Q/A

5. Open Source Intelligence is the art of collecting information
which is scattered on publicly available sources. In contrast to
traditional intelligence methods, OSINT utilizes overt channels
for gathering information. The added benefit is that there is no
direct interaction with the target which substantially reduces
the chances of being caught or raising any red flags.

6. • Internet is not limited to Google Searches.
• Not even limited to search engines, social media and blogs
• Huge number of sensational hacks in recent times
Organizations getting hacked even after using so called
"sophisticated" defense mechanisms.
• Basic recon usually ignored during security assessments.
• If you SECRET is out there in the open, someone WILL find
it.
• It's just data until you leverage it to create intelligence.

7. • Tools/Techniques
which are seldom
used and are not
talked about much.
• Methods used are
not new but
effective to hear the
digital whispers
those are generally
missed or ignored
(but shouldn’t be).

8. Sensitive
Information
Hard coded
keys in
Github
Credential
leaks in
Pastebin
0-days
sold in
darknet
Hack info
in micro
blog
Corporate
email
credentials
Open
Bugs or
ports

10. • Commercial tools that are good but expensive for small
organizations.
• Open source tools but solving individual issues.
• A team of experts for internet monitoring.

11. • Integrating all open source solutions/freeware
solutions into one place.
• Categorized menu for all the essential steps of the
process.
• Adding futuristic solutions to make use of technology
not just to monitor real time but to make it as
sophisticated alarming system.
• Our own ideas and scripts which will help it enhancing
the already available solution or the new one to work
differently.

13. There are endless possibilities, even we are yet to
explore its limits. Any Suggestions?

14. • Raghav Bisht- Configuration and Setup
• Shubham Mittal- Twitter Monitor and suggestions
• Laura Rokita- Get Tweet
• Tim Tomes- Recon-ng
• Troy Hunt- HIBP
And to the whole open source community

15. • http://orig03.deviantart.net/919e/f/2012/252/a/7/black_magic_dive_by_firefrank-
d5e6pst.jpg
• http://www.lovesamrat.com/images/black1.jpg
• http://www.zdnet.com/article/stolen-us-government-passwords-leaked-across-web/
• http://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-
growing-cause-concern/analysis/2015/01/05
• http://thehackernews.com/2015/02/mongodb-database-hacking.html
• http://spellshelp.com/upload/medialibrary/e0b/e0b3bd034aaea1136c9de5f97a364d9d.jpg
• http://www.bestastrosolution.com/images/BlackMagic.jpg

17. Thank You
THE END