Leveraging Publicly Available Data

OSINT (Open Source Intelligence) is the practice of collecting and analyzing information that is publicly available. Nearly all Phase 1 reconnaissance is OSINT.

Key OSINT Sources

1. Company Website: Reveals technology stack (via careers page), employee names, corporate structure.
2. Social Media (LinkedIn, Twitter): Employees often post organizational details, software used, or even photos that reveal monitor screens or physical layouts.
3. Archived Websites (Wayback Machine): Shows historical versions of a website, revealing previously exposed information or old vulnerabilities that might still exist on subdomains.
4. Geolocation/Satellite Imagery: Can reveal physical security weaknesses (fences, access points, surveillance camera locations).

Tool Note: Maltego (a complex visualization tool often used in forensics and investigations) helps map out relationships between domains, names, emails, and phone numbers discovered through OSINT.