Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing. Show
The minutest bit of data can create tiny security holes, which could potentially become a gateway for malicious actors into an organization's larger network. Effective pen testers must master finding this data -- and the vulnerabilities it may create -- and then plug the holes before hackers can infiltrate them. The first step of a penetration test involves passive information gathering: collecting data from publicly available sources, such as search engines, social media platforms, DNS servers and the target's network. There is no interaction with targets, nor do pen testers identify themselves to them. Active information gathering, step two of a pen test, involves direct engagement with targets by interacting with them or using social engineering techniques, network scanners and pen testing tools to acquire data. Information gathering is a fundamental concept for any pen tester to master and is covered in pen testing certifications. If you are on a penetration testing career path, the CompTIA PenTest+ certification might be in your future. Are you confident you have what it takes to pass the test? Current penetration tester and author Jonathan Ammerman's CompTIA PenTest+ Certification Practice Exams, a supplement to CompTIA PenTest+ Certification All-in-One Exam Guide, offers insight into penetration testing basics and tools pen testers use to get the job done. Click the image to learn moreabout this title. The following CompTIA PenTest+ practice test questions, excerpted from Chapter 2, "Getting to know your targets," will quiz your knowledge of passive and active information gathering. For additional information and more sample test questions, download a PDF of Chapter 2. CompTIA PenTest+ practice test questionsThis was last published in October 2019 Dig Deeper on Risk management
Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines.[1] OSINT sources can be divided up into six different categories of information flow:[2]
OSINT is distinguished from research in that it applies the process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.[3] Definition[edit]OSINT is defined in the United States of America by Public Law 109-163 as cited by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as intelligence "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement."[4] As defined by NATO, OSINT is intelligence "derived from publicly available information, as well as other unclassified information that has limited public distribution or access."[5] According to political scientist Jeffrey T. Richelson, “open source acquisition involves procuring verbal, written, or electronically transmitted material that can be obtained legally. In addition to documents and videos available via the Internet or provided by a human source, others are obtained after U.S. or allied forces have taken control of a facility or site formerly operated by a foreign government or terrorist group.”[6] Former Assistant Director of Central Intelligence for Analysis Mark M. Lowenthal defines OSINT as “any and all information that can be derived from overt collection: all types of media, government reports and other documents, scientific research and reports, commercial vendors of information, the Internet, and so on. The main qualifiers to open-source information are that it does not require any type of clandestine collection techniques to obtain it and that it must be obtained through means that entirely meet the copyright and commercial requirements of the vendors where applicable."[7] History[edit]OSINT in the United States traces its origins to the creation of the Foreign Broadcast Monitoring Service (FBMS), an agency responsible for the monitoring of foreign broadcasts. An example of their work is reflected in the application of the correlation of changes in the price of oranges in Paris with that of railway bridges being bombed successfully.[8] The Aspin-Brown Commission stated in 1996 that US access to open sources was "severely deficient" and that this should be a "top priority" for both funding and DCI attention.[9] In July 2004, following the September 11 attacks, the 9/11 Commission recommended the creation of an open-source intelligence agency.[10] In March 2005, the Iraq Intelligence Commission recommended[11] the creation of an open-source directorate at the CIA. Following these recommendations, in November 2005 the Director of National Intelligence announced the creation of the DNI Open Source Center. The Center was established to collect information available from "the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery."[12] In addition to collecting openly available information, it would train analysts to make better use of this information. The center absorbed the CIA's previously existing Foreign Broadcast Information Service (FBIS), originally established in 1941, with FBIS head Douglas Naquin named as director of the center.[13] Then, following the events of 9/11 the Intelligence Reform and Terrorism Prevention Act merged FBIS and other research elements into the Office of the Director of National Intelligence creating the Open Source Enterprise. Furthermore, the private sector has invested in tools which aid in OSINT collection and analysis. Specifically, In-Q-Tel, a Central Intelligence Agency supported venture capital firm in Arlington, VA assisted companies develop web-monitoring and predictive analysis tools. In December 2005, the Director of National Intelligence appointed Eliot A. Jardines as the Assistant Deputy Director of National Intelligence for Open Source to serve as the Intelligence Community's senior intelligence officer for open source and to provide strategy, guidance and oversight for the National Open Source Enterprise.[14] Mr. Jardines has established the National Open Source Enterprise[15] and authored intelligence community directive 301. In 2008, Mr. Jardines returned to the private sector and was succeeded by Dan Butler who is ADDNI/OS[16] and previously Mr. Jardines' Senior Advisor for Policy.[17] Tools[edit]The web browser is a powerful OSINT tool that provides access to numerous websites and both open source and proprietary software tools that are either purpose-built for open source information collection or which can be exploited for the purposes of either gathering of open source information or to facilitate analysis and validation to provide intelligence. A cottage industry of both for-profit and not-for-profit investigative and educational groups such as Bellingcat, IntelTechniques SANS and others offer indices, books, podcasts and video training materials on OSINT tools and techniques. Books such as Michael Bazzell's Open Source Intelligence Techniques serve as indices to resources across multiple domains but according the author, due to the rapidly changing information landscape, some tools and techniques change or become obsolete frequently, hence it is imperative for OSINT researchers to study, train and survey the landscape of source material regularly.[18] A guide by Ryan Fedasiuk, an analyst at the Center for Security and Emerging Technology, lists six tools open-source analysts can use to stay safe and utlize operational security (OPSEC) when conducting online investigations. These include VPNs, cached webpages, digital archive services, URL and file scanners, browser sandbox applications, and antivirus software.[19] Numerous lists of aggregated OSINT content are available on the web. The OSINT Framework contains over 30 primary categories of tools and is maintained as an open source project on GitHub.[20] Risks for practitioners[edit]A main hindrance to practical OSINT is the volume of information it has to deal with ("information explosion"). The amount of data being distributed increases at a rate that it becomes difficult to evaluate sources in intelligence analysis. To a small degree the work has sometimes been done by amateur crowd-sourcing.[21] Accredited journalists have some protection in asking questions, and researching for recognized media outlets. Even so, they can be imprisoned, even executed, for seeking out OSINT. Private individuals illegally collecting data for a foreign military or intelligence agency is considered espionage in most countries. Of course, espionage that is not treason (i.e. betraying one's country of citizenship) has been a tool of statecraft since ancient times.[22] Professional Association[edit]The OSINT Foundation is a professional association for OSINT practitioners in the United States Intelligence Community.[23] It is open to U.S. Citizens and seeks to raise the prominence of the open-source intelligence discipline.[24] See also[edit]
References[edit]
Literature[edit]Scientific Publications
External links[edit]
Which one of the following information sources would not be considered an Osint source?Which one of the following information sources would not be considered an OSINT source? Port scans are an active reconnaissance technique that probe target systems and would not be considered open source intelligence (OSINT).
Which of the following is the best example of a hacktivist group?Anonymous. Anonymous is quite possibly the most iconic and well-known hacktivist group, widely recognized for its cyber-attacks against governments and government institutions, large corporations, and even the Church of Scientology.
What organizations did the US government help create to help share knowledge between organizations in specific verticals?The U.S. government created the information sharing and analysis centers (ISACs). ISACs help infrastructure owners and operators share threat information, as well as provide tools and assistance to their members.
What is it called when a threat actor takes information for the purpose of impersonating someone quizlet?Advanced persistent threat (APT) A weakest link vulnerability can be caused by mismanagement of which of the following? Vendor management. What is it called when a threat actor takes information for the purpose of impersonating someone? Identity theft.
|