Preview: Open Source Intelligence Gathering

Dear Readers,

We would like to present to you our newest issue, the first one in 2018. It focuses mainly on Open Source Intelligence Gathering. We hope you’ll find the articles interesting and that you will have time to read them all.

First part of the magazine focuses on OSINT tools and techniques. We will show both theoretical and practical side of the tools like Recon-NG, Belati and Trape. Also, we will use Google to gather public data. You will be provided with high-level overviews of add-ons for search engines, highlights on metasearch engines, and considerations for social media and platform-specific search tools, with full list of resources.

Second part of the magazine, as always, has more mixed content. We will talk about Meltdown and Spectre bugs in 360 panorama view and take a look at all aspects of the issue. You will be able to learn about Enterprise Risk Management, and situational awareness on a red team engagement. Lastly, you can read about the effect of Bitcoin on cybersecurity.

We want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! Every comment means a lot to us.

Enjoy your reading,
PenTest Magazine’s
Editorial Team

If want to buy this magazine click here

Table of contents

Practicing OSINT with Recon-NG
by Mauricio Harley

This article covers Recon-NG, a powerful framework focused on collecting, presenting and exercising the purposes of OSINT. It can target people, domains, companies, systems, vulnerabilities, ports and many more items. So, let’s get started!

Open Source Intelligence Gathering for Penetration Testers 

by Chrissa Constantine


Open Source Intelligence (OSINT) gathering is an essential pentesting technique. However, this is not a comprehensive list of every OSINT-specific tool and method. This article provides high-level overviews of add-ons for search engines, highlights on metasearch engines, and considerations for social media and platform-specific search tools. Additionally, there is a summary of concept mapping, extraction tools, and search syntax aimed at helping find target data more efficiently. A list of resources is at the end of this document.

Belati: The Traditional Swiss Army Knife for OSINT

by Aan ‘Petruknisme’ Wahyu


In this article, we will introduce Open Source Intelligence(OSINT) and Belati. Additionally, we will learn how to install and use Belati as an OSINT tool. The topics will focus on: Background, History, Pros & Cons and Field of OSINT and introducing Belati.

Google, at the upstream of the OSINT

by Cyrille Aubergier

Using Google to make a public data collection can be questionable as many tools can do an automated search. Managing a query using Google is the first initial step on data collection. But also to help you refine your target definition or compare results with other tools and procedures presented in this magazine.

Trape: Beyond boring phishing techniques
by Jose Pino

Trape is an OSINT tool that can also be used to run intelligent social engineering attacks that allow you to track people and make phishing attacks in real time, and the information you can get is very detailed. The aim of this is to teach the world how large internet companies could monitor and get information beyond the IP of people, as the sessions of their web sites or services can be monitored (no one is safe).

Billion Devices Vulnerable to Meltdown and Spectre bugs
by Ajay Gowtham

For the first-time, performance enhancing feature of most modern processers (Called as speculative execution and branch prediction) contains a bug that allows unauthorized users to disclose or steal sensitive data. Intel and ARM are distributors of micro-chips and CPU units for the entire global computer market. The meltdown and Spectre bug puts billions of devices in risk: from desktop PCs to smartphones. Those critical bugs affect the modern Intel and ARM micro-chips. This article interestingly covers the Meltdown and Spectre bugs in 360° panorama view and walkthrough from crust to inner core of the issue along with patch details.

Cyber Security and Enterprise Risk Management
by Ron and Rebecca Tafoya

It is important to start with a discussion of boundaries. Automation, data processing, data gathering, communications, and information flow across organization boundaries. Similarly, the risks associated with the confidentiality, access, and integrity of these same elements also cut across internal organizational boundaries and include similar risks for external interactions the organization has with its suppliers, vendors, customers and the public. This necessitates that we maintain a broad perspective when identifying and analyzing cyber security risks. We also need to note that cyber security is just one subset of an organization’s risk management efforts.

Why is situational awareness important on a red team engagement?
by Ed Williams

What is situational awareness with regards to red teaming? In the rush to gain access to whatever we are trying to gain access to, we will probably set off a large number of events and triggers that are going to increase the chances of us getting detected. Through situational awareness of our initial foothold, more often than not a Windows desktop, we should be looking to gain an appreciation and deep understanding of the security posture of the internal infrastructure that we are looking to penetrate further, so that we are making informed decisions when looking to enumerate the environment and move laterally.

Malware Analysis Infection method & Malicious work
by Debashis Pal

Working in BGD e-GOV CIRT, we regularly face various type of cyber security related issue after the incident responds team analysis we classify & record the cyber incident (if applicable) into BGD e-GOV CIRT tracking system. From our experience, we had observed, from various organization one very common issue and that is “our computers/servers is performing slowly or the computer system was not functioning as its user demand. From the bird’s eye view, the first common thing pop up our mind, may be the computers/servers resource was not enough to perform its works. But going into deeper analysis, we found computer was compromised by some sort of unknown software or malicious software …better known as malware, which not only consume lot of resource but also performing malicious/harmful activity into cyber world. The purpose of this paper is raise awareness against malware, how these malware come & how they work also to help Information Security professionals to perform basic malware analysis. Please be noted that, this paper is awareness & educational purpose only, which was analyzed on controlled environment.

The Effect of Bitcoin on Cybersecurity
by Tawhidur Rahman

In 2008, bitcoin made its debut to the world. Most people expected it would be a novelty technology that would only catch on with niche technical groups and cybercriminals. They were quickly proven wrong as it has become one of the most disruptive technologies of the past decade. Bitcoin is changing many things, including cybersecurity. Cryptocurrencies have had both positive and negative impacts on the cybersecurity industry. Here are some important changes bitcoin has created that you can’t afford to overlook.