In today’s world, where the volume of data in the digital space is growing exponentially, open sources are crucial for more than just information. They also represent potential backdoors for data leaks, the creation of compromising materials, and the acquisition of a comprehensive picture of individuals or companies. NaviRisk offers a complete overview of an organization’s digital footprint in the open online environment, covering the visible web, social media, and the realms of the Deep web and Dark web.

What is OSINT?

OSINT (Open Source Intelligence) involves techniques that gather publicly available information through various methods, including paid access, non-indexed web exploration, and specialized techniques for uncovering hidden data. OSINT is essential for police work, private detectives, vulnerability testing of information systems, vetting suppliers, and verifying the credibility of job applicants for sensitive positions. This often involves processing a large amount of personal data from third parties.

However, private actors are bound by legal requirements and must consider the risks to personal data. In contrast, inward-focused OSINT within an organization is a legal, legitimate, and crucial method to map available information assets exposed on the internet independently.

Key Findings of an OSINT Report

An independent OSINT report on a specific organization can reveal critical risks, such as:

Exposed User Accounts: Identification of user accounts from your domain used for third-party services.

Leaked Credentials: Detection of login credentials and passwords for your organization’s emails potentially available in leaked data packages.

Publicly accessible network Configuration: Identification of improperly configured network devices allowing unrestricted access.

Sensitive Content: Discovery of sensitive content such as exposed login gateways or corporate presentations available online.

Disinformation disseminated by sock puppet accounts throughout the internet.

Ongoing adversary online campaigns against your assets.

All of these findings can be used to develop cyberattack vectors, industrial espionage strategies, or reputation-damaging campaigns against your organization.

OSINT Passport Process and Sources

Digital Footprint Mapping: Utilizing Google hacking techniques to map and pinpoint information related to your organization.

Social Media and Forums Analysis: Investigating your organization’s presence and data in social media, forums, and web archives.

Network Infrastructure Analysis: Comprehensive mapping of publicly available data regarding your network infrastructure.

Asset Misuse Identification: Identifying unauthorized use of your assets or products, including potential copyright violations, across the surface web and Dark web.

Dark Web Analysis: Gathering available information on your organization detectable on the Dark web, focusing on compromised user accounts, passwords, and web domains exposed in data breaches.

Benefits of an OSINT Passport

An OSINT Passport is a tool that raises awareness of threats to your organization’s assets and allows management to proactively prepare for or timely detect these threats. It is a defensive activity, without gathering information about third parties. All activities are conducted under a contractual framework and NDA, with the final product delivered exclusively to your organization.

The OSINT Passport serves as a preliminary step before vulnerability scans and penetration testing. Unlike these, it does not further disrupt the information system, as all activities derive from publicly available data. It provides an independent perspective on information assets and potential threats without the risk of bias or stereotypes, significantly enhancing organizational security.

Why Choose Us?

We combine the realms of active information gathering in the digital and physical worlds with the art of minimizing digital footprints. We know how to obtain information and identify common user mistakes that expose data to unnecessary risks.

We educate clients and the public on OSINT and operational security (practices to minimize one’s digital footprint). We have significantly contributed to the design and creation of a unique online OSINT course in the Czech Republic.

What You Receive

The resulting OSINT Passport is a confidential, comprehensive document delivered in an agreed format with the prescribed content. The work on the document does not end with its delivery. The product is designed as a living document, with regular updates provided to the client in the agreed format.

Contact person: Ondřej Šlechta

Ondrej.Slechta@wearenavirisk.com