• CSNP

Using OSINT Reconnaissance to Protect Your Organization

Author Britton White


keyboard keys jumbled in a pile

Open Source Intelligence (OSINT) reconnaissance involves using publicly available resources to passively gather information on a target (a person or organization).


To best protect your organization, take the mindset of a threat actor. Ask yourself these questions and perform some OSINT reconnaissance to get the answers.

  • What information is available on the web which can be used to target your organization?

  • How can they break in, or otherwise gather enough information for a Phishing/Vishing (Social Engineering) attack?

Think about how your current policies and procedures may help protect against these types of attacks, or if your policies and procedures are weak and need revising. From there, ask yourself, do employees know/understand what our security policies and procedures are? Understanding is the key word here.


Don’t forget about your third-party vendors, business associates, etc. You can perform this same reconnaissance on them. Just don’t try to log in anywhere unless you’re authorized to do so.


OSINT Reconnaissance Tools


I use the following sites extensively for OSINT reconnaissance. There are automated tools that many use for a quick snapshot of information that I choose to look for manually.


VirusTotal - Analyzes suspicious files, URLs and hashes. Reports on possible malicious reputation.



Sub Domain Finder - Locates subdomains tied to a domain.


Censys.io - Reports on devices that are accessible from the Internet.