Targeted Personnel and Organisational Intelligence Gathering
What is Targeted Personnel and Organisational Intelligence Gathering?
We utilise public sources of information to identify data about individuals and/or an organisation that could be abused (such as blackmail, phishing pretexts and or external identification of network assets) by threat-actors.
Using Open-Source Intelligence techniques (OSINT), forensic examination methodologies and curated toolsets, Sekuro will assess your organisation’s threat surface in relation to its digital footprint.
Data will be mined and retrieved from multiple sources, including deep and dark web domains, and assessed by our consultants for its relevance regarding malicious scenarios where information will be assessed on both a company presence and an individual presence.
At the conclusion of the assessment, a formal report will contain a description of the work undertaken, related findings, a complete inclusion of all relevant data we came across, and recommendations to either amend, reduce or prevent these digital presence issues from surfacing again.
How do we run a Targeted Personnel And Organisational Intelligence Gathering program?
We search for a large amount of data relating to the subject(s) in the public domain.
This information is collected both manually and by automated methods using public and in-house tools. This criterion is not limited to the below, but could include:
- Aliases, usernames, names
- Groups, memberships, affiliations, clubs & organisations
- Contact Information (phone, email, apps)
- Work Contact Information (phone, email, apps)
- Education Information (Schools, tertiary)
- Travel Information (Transport, Vehicles)
- Public Persona (Conferences, talks, meetups, workshops, interviews)
- Location Information (Residence, properties, popular visitations)
- Personal Information (DOB, secret questions, family, pets, relationships)
- Personality Information (Hobbies, traits, weaknesses, compensations, favourites)
- Business & Legal Information (ABN, holdings, shares, court orders)
- Digital Presence (Social Media, Search Engines, revealing Images, forums, known accounts)
- Technical Information (Device types, PINs, passcodes, 2FA/MFA, leaked/passwords, makes/models, home tech)
- Sensitive – Sensitive information relating to relationships and hidden agendas (Dating, Adult sites, strip clubs)
How do I get started?
Get in touch with us and one of our lead Offensive Security consultants can take you through the process to develop an assessment that meets your requirements.