OSINT is an activity that focuses on the discovery of publicly available information exposed by your organization.

OSINT stands for Open Source INTelligence and is defined by the CIA as “intelligence drawn from publicly available material”. It refers to any information that can legally be gathered from free, public sources about an individual or organization. Usually, OSINT is the first step in any targeted attack, since it allows gathering information on the objective’s attack surface. This often includes:

  • Discovering all the internet-facing domains of an organization
  • Finding publicly available information about the organization’s staff
  • Searching for business email addresses within past data breaches
  • Analyzing publicly available documents and sources to find sensitive information about the organization
  • Looking for information about the organization disclosed on employees’ social media accounts

The more information an attacker is able to find, the higher are the chances that he will be able to compromise your organization. This means that the publicly available details on your business should be minimized, and the only way to do that is to first find them and then remove them. This is exactly what we do for you.


Employee details

Employees’ personal data can be used by attackers to discover information about the business disclosed on their social media accounts. Those information can also be used to make the compromise of their account easier. If one of their account got compromised, then the attacker could start a phishing campaign against the other members of the organization, or look for emails, files and conversations that contain sensitive information about your business.


The publicly available websites of an organization can contain useful information that can be used by the attackers to carry on targeted attacks. Indeed, they may disclose information about the organization’s assets, security posture and possible services to exploit. Moreover, attackers may be able to find information on the location of the organization’s offices and use it to physically try to obtain further information.


Information can also be gathered by reading technical reports, working papers, government documents, white papers, evaluations, patents, business documents, newsletters and every other type of document that is related to your business. Moreover, attackers may be able to find confidential documents that were not meant to be publicly accessible and obtain sensitive information that can put your organization at risk.


An attacker can obtain lots of information by simply reading the news about your organization. For example, there may be articles that talk about corporate mergers, acquisitions, scandals, bankruptcies or past hacking attacks. These are all indicators of the health state of a company that can make the job of the attacker simpler.

Scroll to top