惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Blog — PlanetScale
Blog — PlanetScale
SecWiki News
SecWiki News
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes
Jina AI
Jina AI
N
Netflix TechBlog - Medium
GbyAI
GbyAI
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
C
Cybersecurity and Infrastructure Security Agency CISA
I
Intezer
T
Tor Project blog
P
Palo Alto Networks Blog
P
Privacy & Cybersecurity Law Blog
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
Cloudbric
Cloudbric
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
Forbes - Security
Forbes - Security
Last Week in AI
Last Week in AI
S
Security Affairs
博客园 - Franky
F
Fortinet All Blogs
量子位
M
MIT News - Artificial intelligence
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
V
Visual Studio Blog
AI
AI
美团技术团队
B
Blog RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 三生石上(FineUI控件)
阮一峰的网络日志
阮一峰的网络日志
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
Microsoft Security Blog
Microsoft Security Blog
T
Threatpost
Cyberwarzone
Cyberwarzone

Intel 471 Blog

TeamPCP Supply Chain Attacks Turning Geopolitical Tension into Actionable Intelligence CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild Handala Threat Group OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery Israeli, US strikes against Iran triggers a surge in hacktivist activity CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research Born to bypass MFA: Taking down Tycoon 2FA The UK Cyber Security Resilience Bill How AI and the human advantage beat tomorrow’s threats Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage How Threat Hunting and “Good” Metrics Help The Business Likely fake ransomware operator 0APT causes panic — Our analysis Hunting APTs: from state policy to TTPs CrazyHunter Ransomware DevMan Ransomware Introducing HUNTER Tuning: a New Tool for Driving Behavioral Threat Hunt Detections Battling check fraud in the U.S. Gootloader Malware Update Shai-Hulud Worm 2.0 New FvncBot Android banking trojan targets Poland White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Season Threat hunting case study: Detecting IAB activity Using deception to extract cyber threat intelligence Lynx Ransomware Qilin Ransomware Group ClickFix: Tricking users into installing infostealers Cybercrime Takedowns: Trust, Partnerships and Focus How card fraud is powered by underground card checkers Tracking down The Com Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solution The FBI’s Group 78: Covertly fighting ransomware? How threat actors bypass multifactor authentication Crimson Collective In a digital age, US paper check fraud flourishes How you can defend against AI-driven fraud and phishing Detecting cybercriminal activity on Telegram NPM - Shai-Hulud Worm Threat hunting case study: ToolShell AMOS Stealer How AI can (and can’t) help in threat hunting The Phrack leak: Examining an APT’s workstation How initial access offers power intrusions and ransomware Drawing value from cyber threat intelligence “Pig-Butchering” Scams: The Dark Side of Social Engineering and Why Terminology Matters After disruption, XSS cybercrime forum faces loss of trust Update: Salt Typhoon Bridging the CTI Gap: New Exposure Modules on Verity471 Deliver Market-Disrupting Views of Threats Introducing Verity471: Cyber Threat Intelligence Ready to Operationalize FileFix Social Engineering Technique Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level Defending against doxing CVE-2025-53770 - Microsoft Sharepoint Mass Exploitation (ToolShell) Threat hunting case study: Lumma infostealer Pro-Russian hacktivism: Shifting alliances, new groups and risks mommy Access Broker NATO summit commences in tandem with tense cyber, kinetic conflict A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator Threat hunting case study: DragonForce Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey Android malware trends: Stealthier, easier-to-use Fingerprinting threat actors by their anonymity techniques DanaBot malware disrupted, threat actors named Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations SANS 2025 CTI Survey: It’s Business Time for Cyber Risk How an alleged Russian hacker slipped away Threat hunting case study: Medusa ransomware CVE-2025-31324 - SAP NetWeaver Vulnerability DragonForce Ransomware Managing a cyber crisis LabHost: A defunct but potent phishing service Understanding and threat hunting for RMM software misuse Threat-hunting case study: Windows Management Instrumentation abuse VanHelsing Ransomware An in-depth look at Black Basta's TTPs Six Key Takeaways From the SANS 2025 Threat Hunting Survey Update: Medusa Ransomware Writing high-quality IDS detection rules Threat hunting case study: RMM software Update: LockBit Ransomware Zservers: Bulletproof hosting for online crime Update: Black Basta Ransomware and Threat Group Black Basta exposed: A look at a cybercrime data leak BadPilot Campaign The evolution of Russian cybercrime Android trojan TgToxic updates its capabilities Threat hunting case study: SocGholish DeepSeek AI poses cybersecurity risks Law enforcement hammered cybercrime in 2024. Is it working? Remote Monitoring and Management (RMM) Abuse How threat actors are using artificial intelligence Threat hunting case study: PsExec How ransomware may trend in 2025 What 2025 May Hold for Cybersecurity Bring Your Own Hunts to HUNTER ‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful Holiday Tactics Collecting Useful CTI from Underground Markets Expanding source coverage: adding Signal chats to threat intelligence
OSINT for Security Assessments
Intel 471 · 2020-08-27 · via Intel 471 Blog

In this series of posts, Victoria Willis explores how OSINT (Open Source Intelligence) can be applied in the areas of Cyber Threat Intelligence, IT Asset Discovery, Security Assessments and Attack Surface Monitoring. In this third post of the series, the focus is on the relevance of OSINT when performing security assessments and penetration tests. Check out the previous posts on using OSINT for Cyber Threat Intelligence and OSINT for IT Asset Discovery.

Identifying a target’s digital footprint should be a critical step in all security assessments. Whether you’re preparing for a vulnerability scan or pen test, Open Source Intelligence (OSINT) is a valuable resource that provides organizations with a full picture of what their assets (and possible exposures) look like through open data sources that are available to defenders and attackers alike. By collecting OSINT, shadow IT elements can also be pinpointed ahead of time and added to scope for a more complete assessment.

Lost or long-forgotten shadow IT assets may be so outdated that they can be immediately recognized as unpatched and vulnerable. Beyond forgotten servers, poorly configured S3 buckets and unintended exposures can be identified through OSINT collection, as well.

Determining a target’s full digital footprint provides security operations with actionable intelligence on low-hanging fruit, allowing them to rectify these issues ahead of a vulnerability scan or pen test — in addition to providing teams with necessary information on what should be included in scope.

Assessing Security With OSINT

Employing OSINT collection as an initial step in security assessments is crucial to identifying potential areas of exposure which may not otherwise be included in a vulnerability scan. For example, the information gathered through OSINT may reveal exposed S3 buckets, previously breached accounts, leaked credentials, sensitive information that’s been indexed by search engines and systems that aren’t being properly maintained or unintentionally exposed to the outside world.

Poorly configured S3 buckets in particular are a common problem and may leave sensitive information vulnerable. Through the first few months of 2020 there have been multiple instances of customer data getting exposed through misconfigured S3 buckets; in June, 20 million files were exposed via open S3 buckets across a number of different dating apps. And in July, it was reported that a fitness brand accidentally exposed one million files — including personally identifying information on nearly 100,000 people. Leaked credentials are another major concern; recent estimates suggest that there are over 15 billion credentials from over 100,000 data breaches available on the dark web.

After identifying new or exposed assets and leaked credentials through OSINT, security operations can expand the scope of their vulnerability management program to incorporate newly identified assets, and take action to mitigate malicious activity where necessary. This is where automation becomes pivotal.

Asset Discovery and Vulnerability Identification

Asset discovery is a critical early phase in any comprehensive security assessment. Through OSINT collection, organizations can get a more complete picture of what their public-facing assets look like and what shadow IT may exist; this allows for more complete vulnerability scanning, and gives organizations insights as to what newly identified assets may need protection or taken offline.

Since we are dealing with entities like hostnames, e-mail addresses and others and obtaining much of the data in structured form, using an automated OSINT collection tool can be extremely helpful in this arena. Hundreds of different sources of OSINT exist and manually compiling and sorting data from each source can be an overly complicated and time-consuming process. SpiderFoot provides users with the ability to automate much of the labor involved with OSINT collection, allowing security operations to focus more on analysis and remediation.

Once collected, the data can be used to generate threat intelligence and fed into SIEM tooling, vulnerability scanning efforts, incident response processes and much more. Automation provides organizations with the ability to seamlessly translate OSINT into actionable intelligence that can improve overall cybersecurity posture.