THE PLACE OF OSINT IN THE CYBER KILL CHAIN

Abstract

In recent years, there has been a trend towards an increase in the number of cyber attacks on organizations and individual users. In many cases, a key factor in the implementation of an information security incident is the attacker's effective preparation for a cyber attack: target selection, reconnaissance, i.e. obtaining any information that may be needed when planning an attack, weaponization based on discovered defense mechanisms, software and hardware, etc. and delivery, i.e. choosing how the malware will reach the victim and what steps will be required to activate it further. Having a significant amount of important and critical information for the organization from the point of view of ensuring security provides the attacker with the opportunity to choose the optimal attack scenario and significantly increases the chances of its success. The problem is that today's OSINT methods and tools allow you to find almost any information that is not protected in a real way, which significantly increases the risks, especially for organizations that find it difficult to control all the information that their employees post on social networks, disclose in interviews or accidentally enters the Internet. However, most intelligence tools are not only available to attackers, so ethical hackers and penetration testers can also use OSINT tools to examine an organization's vulnerabilities and improve its defenses before attackers exploit those vulnerabilities. The article examines the main methods of intelligence based on open sources, considers the most common and most often used OSINT tools, describes the life cycle of a cyber attack and defines the stages that require the use of OSINT tools when conducting an audit of the organization's information security and penetration tests.