Corporate OSINT for Social Engineering. Lekati, C. May, 2022.
Corporate OSINT for Social Engineering [link]Paper  abstract   bibtex   
If your work involves protecting organizations from social engineering attacks, you will most probably also be required to conduct open-source intelligence on the organization and its people. Your task will be to find vulnerabilities or high-risk information that is likely to be exploited by attackers in a social engineering attack. Such information would include: identifying specific technologies, key people, and their relationships with internal or external partners (typically used in spear-phishing attacks), the internal organizational culture and hierarchy, company events, and more. Your client organization will need to know which of the publicly available information pose a risk that needs to be removed or managed. Below is a list of resources and research ideas that can be used in the OSINT phase of social engineering engagements, vulnerability assessments, or other projects. Corporate OSINT for social engineering attacks usually revolves around three main subjects: employee information or vulnerabilities (for specific persons, teams, or a broader spectrum of employees), corporate information, and the physical perimeter. The two latter tend to overlap in some instances. This blog will focus on conducting corporate research for social engineering attack simulations or vulnerability assessments.
@misc{lekati_corporate_2022,
	title = {Corporate {OSINT} for {Social} {Engineering}},
	copyright = {CC-BY-SA/4.0},
	url = {https://osintcurio.us/2022/05/17/corporate-osint-for-social-engineering/},
	abstract = {If your work involves protecting organizations from social engineering attacks, you will most probably also be required to conduct open-source intelligence on the organization and its people. Your task will be to find vulnerabilities or high-risk information that is likely to be exploited by attackers in a social engineering attack. Such information would include: identifying specific technologies, key people, and their relationships with internal or external partners (typically used in spear-phishing attacks), the internal organizational culture and hierarchy, company events, and more. Your client organization will need to know which of the publicly available information pose a risk that needs to be removed or managed.

Below is a list of resources and research ideas that can be used in the OSINT phase of social engineering engagements, vulnerability assessments, or other projects. Corporate OSINT for social engineering attacks usually revolves around three main subjects: employee information or vulnerabilities (for specific persons, teams, or a broader spectrum of employees), corporate information, and the physical perimeter. The two latter tend to overlap in some instances. This blog will focus on conducting corporate research for social engineering attack simulations or vulnerability assessments.},
	language = {en},
	urldate = {2022-08-21},
	journal = {We are OSINTCurio.us},
	author = {Lekati, Christina},
	month = may,
	year = {2022},
	keywords = {Guides et tutoriels / Guides, tutorials and how-tos, social engineering},
}

Downloads: 0