OSINT

🔍 What Is OSINT?

OSINT stands for Open Source Intelligence — the practice of collecting and analyzing information from publicly available sources to build a picture of a target, whether that is a person, organization, or system. “Open source” here does not mean open-source software; it means information that is openly accessible to anyone: social media profiles, public company records, domain registration data, job postings, news articles, government databases, and more. OSINT is used by both attackers and defenders. Security teams use it to understand what information about their organization is publicly exposed. Attackers use it to research targets before launching an attack — a process called reconnaissance.

🧪 Real-World Example

Before launching a phishing attack against a company, an attacker searches LinkedIn to find employee names and job titles. They look up the company’s domain registration to find IT contact names, check job postings to learn what software the company uses, and browse social media to find personal details that make a fake email more convincing. All of this information was publicly available — no hacking required. Security teams use the same techniques to identify what an attacker could learn about them and reduce that exposure.

✅ Key Takeaways

• OSINT uses only publicly available information — no hacking or unauthorized access involved.
• Sources include social media, WHOIS records, search engines, public databases, and job listings.
• Attackers use OSINT for reconnaissance; defenders use it to find and reduce their own exposure.
• Common OSINT tools include Shodan (for internet-connected devices), Maltego, and theHarvester.
• Oversharing on social media and company websites can significantly increase an organization’s OSINT footprint.
• Regularly auditing your own public presence is a key part of attack surface management.