- Home
- Techniques
- PRE-ATT&CK
- Acquire OSINT data sets and information
Acquire OSINT data sets and information
Data sets can be anything from Security Exchange Commission (SEC) filings to public phone numbers. Many datasets are now either publicly available for free or can be purchased from a variety of data vendors. Open source intelligence (OSINT) is intelligence gathered from publicly available sources. This can include both information gathered on-line as well as in the physical world. [1] [2] [3]
Similar Techniques by Tactic
Tactic | Technique |
---|---|
People Information Gathering | Acquire OSINT data sets and information |
Technical Information Gathering | Acquire OSINT data sets and information |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: This activity is indistinguishable from legitimate business uses and easy to obtain.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Large quantities of data exists on people, organizations and technologies whether divulged wittingly or collected as part of doing business on the Internet (unbeknownst to the user/company). Search engine and database indexing companies continuously mine this information and make it available to anyone who queries for it.
References
- Stephen Irwin. (2014, September 8). Creating a Threat Profile for Your Organization. Retrieved March 5, 2017.
- InfoSec Institute. (2013, September 11). OSINT (Open-Source Intelligence). Retrieved May 9, 2017.
- Dawn Lomer. (2017). 101+ OSINT Resources for Investigators. Retrieved May 9, 2017.