What was your OSINT highlight of 2020?
Personally, taking first place in the DefCon/Trace Labs SearchParty CTF was amazing. The Password Inspection Agency ( PIA) had taken second the month before so tackling the Balck Badge was rewarding.
Professionally, adding two new amazing OSINT specialists to the Intelligence team was substantial. Our team engaged in a number of OSINT assessments for 2020. Flexing the OSINT muscles professionally was a lot of work but extremely enjoyable.
What emerging (good or bad) trends did you notice over the past year?
Ransomware was a huge trend for 2020 unfortunately. 2020 was not the first time we saw this trend but the community around discoverability and information sharing was improved in 2020 (a good thing).
Proactive hunting for external indicators of vulnerable systems was critical this year as well. We also took it a step further and researched personnel and vendor relationships concerning data breach details. Layering in your threat landscape with day-to-day activities was a huge trend for a lot of our assessments and benefited our team and clients greatly.
A big move for the entire community was understanding and analyzing more of the technical data and automation tactics for Open Source intelligence. It’s a great trend that will continue. It shows the level of maturity in the community. The last couple of years have been focused around web browser interaction and Graphical User Interface methods. This is not a bad thing but it can be very manual.
Any favorite tool or technique that you tried in 2020?
Spiderfoot HX, Hunch.ly, EchoSec, IntelX, ViewDns, DeGoogle, Maigret, Osmedeus…really too many to list. I really like playing in the DEV Console. I’m not great at navigating it but it’s helpful.
How do you see the OSINT landscape changing in 2021?
I think the area will grow a lot in the next 5 years. More people understand that you don’t need to be a developer or programmer to use the code to assist OSINT investigations. More data is also coming out at faster rates than ever before. This will help researchers in the long term. I do see a lot of people that are not validating information and this needs to be corrected.
Anything else you’d like to add about The State of OSINT?
I’m am very excited to see what other areas the OSINT community can reveal data from. I think we are still very early in adoption for Open Source INtelligence. Opportunities for researchers will increase.
I also understand that the data breach and leaks industry will continue to develop as well as the increasing number of people who become proficient with TOR and DeepWeb markets or sites will start to become more mainstream, pushing other actors into lesser-known networks. Keep learning!! It’s the only way to stay ahead of the constantly changing curve.