Organization

When we talk about company information, we focus our interest on the points that can give us a detailed view of the entire business and its processes. This type of essential information is usually found on the target company's websites. We will not necessarily find all the necessary information to give us an insight into the company and its processes. This could tell us which companies will be most interested in working with our target company and which requirements must be met. Understanding our target company's business processes can give us an idea of how to structure our attacks. Therefore we can design our attacks to be executed during a specific step in the process.

We can also get an insight into the company's dependencies. From this, we will be able to conclude which technologies are needed to manage the company, which will indicate how the company may be structured from an infrastructure perspective.

![[osint-org.png]]

Generally, the company's home page, social networks, and search engines can be used to map out the company's organizational structure. There are no useful tools that can be used to map out the company's organizational structure efficiently. Instead, we must rely on the logical association between the information we will find during OSINT and the actual intelligence.

Furthermore, it is challenging to keep it dynamic because every company has unique staffing needs and employees, all of whom bring different strengths, weaknesses, and abilities. Therefore this field of OSINT is more a repeatable process than a static method.

Locations

If our engagement is a red team assessment, then such information is much more relevant than a regular penetration test procedure. Red-teaming can also include, among other things, the physical security of the company and is used to determine which methods and techniques can be used to obtain highly sensitive information that may not be accessible from the internet. The company's locations are of great importance for this. However, the scope and rules for which procedures may and may not be used must be strictly observed.

Companies already pay a lot of money to attract potential customers by presenting themselves to their customers in the best possible way and sell themselves better from a marketing point of view. Here we can always ask ourselves when the company would arouse our interest.

![[osint-locations.png]]

Staff

Every company's marketing department attaches great importance to the best possible representation of its staff so that potential customers can be sure they will be taken care of in a professional manner. The company's employees handle all the processes. We are interested in the information they use to interact with the company and its infrastructure. This may include but is not limited to email addresses, phone numbers, usernames, passwords, and the social networks on which they operate.

The employee's role in the company can also be used to assess their privileges in specific areas. Thus, a manager would likely have higher rights than customer support. However, even if a secretary does not have direct access to the systems, the individuals in these roles can be an attractive attack vector for us since they most likely have full access to calendars, plans, contact data, email addresses, and more.

![[osint-staff.png]]

Contact Information

Another critical point for all potential customers is the company's accessibility. For this reason, contact details are always disclosed. After all, customers may want to find out more about the company or even arrange a meeting. Contact information includes phone numbers and email addresses, and usernames from various communication portals such as Skype, Microsoft Teams, Slack, Discord, etc. These usernames can also be associated with the employees. This part of OSINT will be discussed in more detail at OSINT: Staff Investigation.

![[osint-contact.png]]

Business Records

Significant customers look at the company's website and the business records, to learn more about it. From an OSINT perspective, they can also tell us a lot about its progress. These include the company's locations, financial situation, references, and reputation. We are particularly interested in poor feedback about the company.

Poor feedback requires poor communication and the resulting failures in the business processes. If a customer's inquiry or request is not fulfilled, it may not always be a human mistake on the part of the employee but may indicate technical issues. Companies often try to "hide" this feedback not to create a wrong impression for potential customers.

Business records also include the degree of recognition in the market. For example, we can get this through reviews by (former) employees or on social networks. Customer satisfaction also plays a role. We can conclude how structured and coordinated the company works internally to complete its services and overcome customer problems for the services provided.

The company's financial situation tells us a lot about its commitment and productivity. If a company continually offers new products and services, it can positively affect its financial situation. Depending on the company's size, the downside of this is that it can lead to chaotic processes. This can mean a great deal of organizational effort and communication. Therefore, it leads to a higher risk of phishing attacks because the content of a detailed, customized phishing email is rarely actually checked.

![[osint-business-records.png]]

Services

Services are also explained in great detail on the website so that the number of external inquiries is kept to a minimum. For this reason, how each service is carried out is usually discussed in detail. All other questions that arise are generally specific.

![[osint-services.png]]

We can also ask where to find more information about the company during a phone call. We are usually directed to blog posts, videos, or documentation from a marketing perspective that would give us better insight into the company. We can find a variety of information about the target company through the different social media networks. We usually first direct our focus to the company's linked accounts via its home page. In turn, these may lead us to different sources of information not mentioned on the home page.

We can also search the different platforms themselves to see where the company is represented on social networks. Finally, we can use search engines or forums to find out if the company is mentioned there.

![[osint-social.png]]

PreviousOpen-Source Intelligence NextOSINT Methodology

Last updated 5 months ago