OSINT analyst competency areas

OSINT analyst technical and social competency areas are presented here based on a uOttawa PhD thesis on ethical hacking sociotechnology.

This post is part of a Digital Literacy course offered by DTI Technologies.

You may also be interested in Ethical Hacking Sociotechnology.

What is OSINT?

OSINT is the first phase of the penetration testing (ethical hacking) process, planning notwithstanding. OSINT is used to determine entry points into a computer/security system. For NIST (2008), the discovery phase of the penetration testing process spans OSINT or reconnaissance or footprinting, network enumeration, and port scanning. Penetration testing involves “launching real attacks on real systems and data using tools and techniques commonly used by hackers” (NIST SP 800-115, p. 5-2).

The Penetration Testing Execution Standard, developed by a group of cross-industry information security practitioners, defines OSINT as “a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”

Who uses OSINT technologies and tactics?

“OSINT” can be a verb (intelligence gathering) or a noun (actionable intelligence). Intelligence can be gathered passively (without interaction with intelligence sources), or actively. Intelligence gathering tactics span social engineering and automated analysis.

AI and algorithm based OSINT are used extensively by hackers and penetration testers to gather intelligence about a specific target. OSINT analysis is typically performed using open source tools, resources, and methodologies. For example, automated OSINT tools can be used to collect, aggregate, harvest, and analyze data from social networks, including names, online handles, jobs, friends, likes/dislikes, locations, pictures, etc. (McLaughlin, 2012). Recon-ng and Maltego are data management tools designed to facilitate the process of gathering, analyzing, and organizing OSINT.

Within the context of information security risk management, OSINT is the initial stage of an information security risk assessment that involves understanding what systemic vulnerabilities exist (technological, human, and policies) and what threats exist to prized information assets that can exploit the vulnerabilities, the likelihood of an attack, and what damage an attack can cause so as to establish risk levels and prioritize anti- or counter- threat measures.

OSINT can also be part of an information security audit to evaluate the performance or effectiveness of security controls, or conducted to ensure compliance with certain security testing requirements/standards.

OSINT analyst cybersecurity role

OSINT analyst cybersecurity role and body of knowledge (BoK) foundation framework is presented here 1) as a specialized knowledge/skill area of ethical hacking within information security risk assessment practices; and 2) as an interdisciplinary research area and a composite baseline skillset for an introductory course to cybersecurity and for security awareness training in higher education institutions and business organizations.

A foundational framework of teaching ethical hacking skills in computer science, computer engineering, and software engineering undergraduate programs in higher education was constructed based on insights derived from a social science approach to ethical hacking technology conceptualization (STEI-KW as a theoretical framework within the science and technology studies tradition), a systematic literature review, and in-depth interviews with ethical hacking university experts and industry practitioners, and policy experts. STEI-KW is a carefully defined academic idea that theorizes the nature (systemic properties) of Canadian society.

PhD Thesis Interview Participants by Area of Expertise

An OSINT investigation starts with answering an answerable question and follows a structured approach to problem solving. OSINT analysts collect, analyze, and interpret the findings and place them in social, economic, and political context.

OSINT analysts operate at the intersection of complex technical and social processes, and sometimes in a grey area. This warrants attention from society, as this role fulfills a societal need for self-reflexivity (it embodies the sociopolitical contradictions in values within a liberal society, especially the tension between regulation/intervention and liberty).

The competency areas of the following modular professional ethical hacking training framework are loosely divided into technical hacking skills and social hacking skills though they really intersect several competency areas (management, legal, etc.).

1. Technical competency areas

The key idea is to teach students when they’re designing networks, when they’re designing software, these are vulnerabilities to watch out for, these are vulnerabilities to test for, but they’re all the kinds of things that, if you are going to be a hacker, that you would need to know about, because you’d try to exploit those. And if you’re an ethical hacker, you’re going to try to exploit those just the same as if you’re a black-hat hacker.

PhD thesis interview participant #3 (Professor of Computer Science and Software Engineering at University of Ottawa)

1.1. Two Key Ethical Hacking Paradigms

1.2. Ethical Hacking High-Level Concepts (3 Levels of Abstraction)

1.3. High-Level Network Security Risk Management Concepts (table)

1.4. What Constitutes Hacking Skills?

Steps of the penetration testing process

Penetration testing methodologies and technologies (open source)

Information Security Assessment Methodologies OSSTMM 3.0, NIST 800-115, and TRA-1 (CSE/RCMP, 2007) (comparison table)

The penetration test report

1.5. Teaching Ethical Hacking Skillset Framework