Open-Source Intelligence (OSINT)

Identify your resources on the internet.

Discover the true extent of your organisation’s digital footprint and gain valuable insight into what malicious actors can see with our comprehensive OSINT assessment.

OSINT (Open-Source Intelligence) investigation involves gathering and analysing information from publicly available sources to obtain relevant and actionable intelligence. OSINT investigations can be used for various purposes, including threat intelligence gathering, competitive intelligence, due diligence investigations, and online reputation management.

Scoping: The first step is to define the scope of the investigation, including the goals, objectives, and specific areas of interest. Scoping for OSINT engagement is essential as objectives for OSINT operations can vary greatly, such as whether the investigation will include company employees or organisation suppliers.

Data Gathering: The next step is to identify relevant sources of information, which may include social media platforms, news articles, blogs, forums, data breaches and public records. The investigator then collects and organises the information obtained from various sources using tools such as web scrapers, search engines, and data mining software.

Analysis: The information collected is then analysed to identify patterns, trends, and relationships relevant to the investigation. Additionally, the audit will include identifying security-sensitive infrastructure that could be mapped through OSINT methods.

Reporting: A comprehensive report will be provided detailing the investigation findings and any recommendations or actions that should be taken based on the information obtained.

NO RISK OF DOWNTIME

OSINT is unique from other security assessment engagements in that the investigation relies almost entirely on publicly available information. As such, there is no risk to the organisation of assets being taken down or disturbed during the engagement.

IDENTIFY YOUR PUBLICLY AVAILABLE ASSETS

Conducting an OSINT investigation can provide an external perspective on the organisation’s digital footprint.

FORGOTTEN ASSETS

For established organisations that have deployed infrastructure throughout the years, it is relatively easy to lose track of assets. This could be dangerous as these abandoned assets could become vulnerable if not kept up to date. An OSINT investigation could identify such lost assets that belong to or are related to your organisation.

MANAGING SUPPLY CHAINS

It is difficult for organisations with a significant supply chain to conduct due diligence on the trade partners or service providers. An OSINT engagement could provide insight into your supply chain based solely on publicly available information.

More Cyber Adversary Simulation

How we work

Customer Journey

Identify
First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.
Understand
We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.
Test
We deliver what we promised.
Simple.
Inform
Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.
Remediate
We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.
Feedback
Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Scenario & Red Teaming