Brand Intelligence: How to use OSINT in an organization

Hello cybersecurity folks, I know you are skilled at defending your network and other infrastructures from cyber attacks. Yeah, I know you perform vulnerability assessment, penetration testing, and security audit almost every quarter, yes I heard you also do bug bounty once in a while just to be sure you are doing just fine. Bravo! I applaud you for the good work done, but have you ever imagined or thought about how much of your organization’s data are out there? have you ever thought of using open source tools to gather intelligence on your organization? don’t you think some information about your organization may be out there and may pose danger to your security posture? don’t you think so?

What is brand intelligence?

Brand intelligence is majorly used in the sales world where individual brands collect information on how their users/clients feel about them. It is the collection and analysis of clients'/users views in other to understand user behavior and expectation.

In the business world, your brand is one of the critical assets of your organization, as it is capable of driving in/out clients, partners, and stakeholders. When your brand is in mess, you have a critical high risk and that is why brand intelligence is very important.

Therefore, brand intelligence is the collection and analysis of an organization’s data in order to understand its external security posture.

Why brand intelligence?

1. To protect executives against whaling attack
2. To respond to crises and attacks on competitors, so you can be proactive
3. To detect data leak
4. To detect security events such as phishing, domain abuse, etc.
5. To monitor dark web activities against your organization

Tools for brand intelligence

1. Google dorking

a. All information about your organization: site: *“Org_URL”

b. Domain discovery : site:www.example.com -www site:*example.com

c. Infrastructure discovery (some organizations post all their technologies on career sites): “ORG_NAME” intext: career | intext: jobs | intext: job posting

d. Harvest digital files: allinurl: PDF site:example.com (can replace with txt, Docx, xlsx, etc)

i. Metadata: Information from the digital file seen contains metadata of who created it when it was created etc.

ii. People: find out more about the author of the files through:

1. Spokeo (https://www.spokeo.com)
2. Truepeoplesearch (https://www.truepeoplesearch.com)
3. Truthfinder (https://www.truthfinder.com)
4. 411 (https://www.411.com)

e. Dumpsite: use site:pastebin.com ORG_Domain

2. Public Stack: use stackshare.io to check if the org. stack is publicly available

3. Email Format: https://www.email-format.com to find the organization’s email format

4. OSINT Tools

a. All round information: Rengine, Spiderfoot, Wappalyzer, Builtwith

b. Email Harvesting: theHarvester, sublist3r, dnsdumpster, hunter.io, infoga, phonebook.cz

c. Sub domain: viewdns.info

d. Search engine: dorksearch.io

c. Others: wayback machine, intelTechniques

Conclusion

This is just a little but a great way to start and do brand intelligence on your organization. I know you will like to know how to do brand intelligence on the darknet, which will come in later. Please note; that it is not all about gathering data, but what you make (intelligence) out of it.