Business Investigation
Business Investigation
During the investigation of a company, we collect all possible data about it. In the process, we work our way from the rough to the detailed. Business Investigation is divided into three categories of information that we can obtain:
Company Information
Infrastructure
Leaks
We should note down or at least keep in mind some questions that will help us get a clear and efficient overview during our research. These questions will also help us establish links between the individual pieces of information that the actual intelligence piece of the phrase OSINT stands for.
Company Information
Company information includes the company's general overview. This means we will try to understand the company's structure:
How many employees does the company have?
What is its objective?
How is the company positioned in society and the market?
How profitable is the company?
How does the company function?
How do they manage their tasks?
What services does the company provide?
How is the company positioned financially?
Which target group does the company pursue?
Where is the company located?
What are the physical security measures?
How do interaction and advertising with (potential) customers take place?
How strong is the company's reputation?
This information provides us with an excellent overview of the company, enabling us to identify different companies' interests. We can then assess very precisely the level of damage a breach of the company's infrastructure would cause.
The process of staff investigation, such as employees, supervisors, and team leaders, can provide us with valuable information that allows us to assess their knowledge and experience. It is a very time-consuming stage to search for these people, as we first have to find all the people employed by the target company and then try to find everything relevant about them if the signed contract allows it.
In this search, we try to determine:
What position do the employees hold?
Which departments exist within the company?
Their day-to-day tasks.
What are they responsible for?
What dependencies do the employee have?
Here we will only deal roughly with the individual employees. We will deal with them more directly in another Module called OSINT: Staff Investigation. It requires a slightly different approach to work with the information in an efficient and structured way. Once we have gathered this information, we will move on to profiling, which we will deal with more extensively in the OSINT: Staff Profiling Module.
Social networks are used for personal profiles and the sharing of information from one's own private life. They are also used to publish products and news that provide new information about the company and its technologies. Therefore, in this phase, we try to determine:
Which products are being developed?
Which technologies are utilized?
Who are the developers?
Which conferences do the employees attend?
Where are these products used?
Who uses these products and services?
For example, when new software is released and sold to thousands of companies, it is interesting to get a demo of that software and analyze it for vulnerabilities. If we can identify a vulnerability, all companies that use this specific software version will also be affected by the vulnerability.
Infrastructure
For the infrastructure domain, we move into more technical details. Here we try to find out:
How is the company set up in terms of information technology?
Who are the administrators?
Does it meet the best possible security standards?
Which technologies are used?
What entries are there about the domain?
Which certificates can be obtained?
How many domains are registered to the company?
What is the ASN?
Which netblocks has the company reserved?
Which third-party providers are used, and for what?
How many and which servers are publicly accessible?
How many and which email addresses are available?
This gives us a much better understanding of the technologies and the technical environment we have to deal with. Understanding how the entire company is positioned from an infrastructure standpoint is essential for identifying potential attack vectors. For example, specific configurations in the DNS servers can give us a rough idea of how experienced our target company's respective administrator is.
Leaks
Most of the data put on the internet is stored there for decades and can be found easily. We can find different versions of the web servers and the website's design, for example, or documents removed years ago that contained up-to-date information about employees, technologies, or processes.
Internal leaks can be found on various forums. When a developer on StackOverflow asks a question to solve a problem in their code, the code is often shared with the others to give better insight into their issue. If the developer is under a lot of pressure or distracted, they may accidentally post code containing passwords or other sensitive data. The functions that the developers are working on can be much more interesting. These may contain vulnerabilities if inexperienced developers are employed to write specific sections of code.
Last updated