OSINT: Discovery and Profiling for Pentesters

May 26, 2021

OSINT can encompass the investigation of an individual, groups of people and/or organizations, all which require the application of different toolsets and strategies. Rather than focus on personal background searches or forensic data on individuals, the average pentester often needs to focus on the external footprint of an organization, which can include anything from exposed public IP and DNS information to metadata within documents on corporate web servers. These unique pieces of the puzzle often help the tester enhance the picture of what the perimeter surface looks like to an attacker that is positioned on the Internet, a practice that is emulated in many security assessments performed today.