Open-Source Intelligence (OSINT) Overview

These flashcards cover essential vocabulary related to Open-Source Intelligence (OSINT) and its applications in Cyber Threat Intelligence (CTI).

Open Source Intelligence (OSINT)

Intelligence collected from publicly available sources, excluding classified information.

Common OSINT Categories

Includes media, internet, public government data, and professional/academic publications.

Cyber Threat Intelligence (CTI)

The process of collecting and analyzing data to understand and mitigate cyber threats.

backdoor

allows an attack to control the system

botnet

infects computers to receive instructions from same command-and-control server

downloader

malicious code that exists only to download other malicious code

information-stealing malware

sniffers, keyloggers, password has grabbers

launcher

malicious program used to launch other malicious programs

rootkit

malware that provides persistent privileged access to a computer while conceal the existence of malicious code, usually paired with a backdoor

scareware

frightens a user into buying something

spam-sending malware

attacker rents machine to spammers

worms or viruses

malicious code that can copy itself and infect additional computers

hash

an algorithm that takes an arbitrary input of bits of any size and produces a unique, fixed-size output

• not reversible

• output is unique and of fixed length → reduces og data

• also called checksum or digital fingerprint

malware hash

hash calculated for a malware file

• used to identify, share, and group malware

  • ex) anti-virus software

malware signature

refers to a unique sequence of bytes indicative of malicious behavior

malware signature: YARA

creates descriptions of malware families based on textual/binary patterns

• each rule (description) consists of a set of strings and a boolean expression which determine it logic

National Vulnerability Database (NVD)

A U.S. government repository that provides access to vulnerability management data.

Common Vulnerabilities and Exposures (CVE)

Publicly disclosed computer security flaws identified in the NVD.

Common Vulnerability Scoring System (CVSS)

A method used to supply a qualitative measure of severity for vulnerabilities.

Common Platform Enumeration (CPE)

structured naming scheme for information technology systems, software, and packages

Shodan

A search engine for the Internet of Things (IoT), allowing identification of devices accessible on the open internet.

Hacker Forums

Online discussion sites where hackers share tools, ideas, and knowledge regarding exploitation.

Darknet Marketplaces

Commercial websites on the dark web that primarily act as black markets for various illegal products, including malware.

IRC (Internet Relay Chat) Channels

An application facilitating plaintext communication, often used by hacker groups for real-time discussion.

Carding Shops

Online platforms for distributing stolen credit/debit card information and related data.

OSINT Value in CTI

OSINT provides external insights into potential breaches, discussions around organizations, and available exploit tools.

OSINT Challenges

Issues include universal access to data, difficulty in identifying important sources, and complications in data collection.