OSINT

Description

Open-source Intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce actionable intelligence. Adversaries can perform OSINT as part of their reconnaissance activities, including searching public websites and databases. Their goal is to find publicly available information that can be used to support an attack. An organization should perform similar activities to identify any publicly available information that could be used to support an attack. In this exercise, you will perform an OSINT analysis on the public website of SNRI and that of its partners.

Instructions

As part of an audit of SNRI’s public-facing online presence, you are to perform an OSINT analysis of the SNRI website, identifying findings that can be submitted to the SNRI Chief Information Security Officer (CISO) for review. Please use the form below to record your findings, including an assessment of the risk they introduce and a rationale the identified risk level.

The following information should be provided for each finding:

  • Reference: A reference to the location of the finding (e.g. the SNRI home page)
  • Description: A short description of the finding
  • Risk Level: Assign a risk level to the finding, in terms of the potential consequence of an adversary using it
  • Risk Rationale: Provide a reason for the risk level that has been assigned to the finding

After completing the details for a finding, additional findings can be created using the add row button. When you have completed your analysis, please click on the submit button.

OSINT Findings

Exercise Control

OSINT Findings

  • Form submitted
  • Exercise completed