Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

OSINT (Open Source Intelligence)

Harness the power of the internet with OSINT. Defendza helps you to gather information for analysis and then prepare for red team attack operations to ensure your business is totally prepared for cyber attacks.

Find out more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.


OSINT (Open Source Intelligence) is a process that involves gathering and analysing information using resources from the internet and other sources that are open to anyone. This exercise is black-box - no prior information is provided by the client. 
During complex assignments such as red teaming, intelligence gathering is the reconnaissance process against a target to gather useful information that could be used for attacks such as email-based phishing campaign subjects and voice phishing attacks. It is what a cyber criminal would do to target you or your business.
Given the recent boom in social networking applications, it is critical to be aware of how much information your business might inadvertently be giving away.
This is a passive assessment - all information is collected and analysed using online sources. There are no intrusive attacks attempts on infrastructure.

Why do you need OSINT (Open Source Intelligence)?

OSINT ensures you stay informed via regular checks on the sensitivity of your staff, technology, or assets in the web market – knowledge is power. If you have this knowledge, you’re staying ahead of the game.
OSINT determines various entry points into an organisation – they might be physical, electronic, or human – and keeps you informed about your vulnerabilities, so that you can do something about them.
OSINT identifies information that has been made public inadvertently by communications, marketing and other departments through things like case studies, online forums or formal email messages, so that you know what’s out there.
OSINT validates your controls against exposure that could form cyber espionage campaigns: it helps keep you safe. 

What is it NOT?

HUMINT (Human Intelligence) complements the more passive gathering on the asset as this information could not be found using online sources. However, this element is excluded from all our corporate assessments, and no 'personal' perspectives are included to obtain corporate assessment objectives.

Though the majority of the information such as personnel records, locations, etc are correct, however, OSINT may not be accurate or timely. In some cases, the information sources may be deliberately/accidentally manipulated to reflect erroneous data; information may become obsolete as time passes, or simply be incomplete.

It does not encompass dumpster-diving or any methods of retrieving company information off physical items found on-premises. 

Our Approach

A high level of OSINT exercise revolves around the following pillars of information.

Staff details

From email address and social media websites like LinkedIn, details about the staff would be obtained. This would include -

  • Employee full names, job roles, as well as the software they use.
  • Obtain details about personal and corporate blogs
  • Identify all social networks used by the target user or company.
  • Obtain employee email addresses, telephone extension / mobile number details, personal interests from social media sites like Instagram, Twitter.

Leaked Information (Documents, Internet and Dark Web)

Multiple searches are performed on the internet as well as darknets (overlay networks that require specific software/configuration). Using several web services, utilities, scripts and other techniques are used to search the leaked sensitive information.

As part of Defendza's methodology, online searches are performed about employees that actively posted information online. This involves searches around code repositories such as Github, developer forums, test and staging websites.

Information such as usernames/names of employees, software products names is searched and extracted from inside the documents found online. 

Organisation Analysis

In this phase, we obtain details about the organisation and their staff using various online sources. This includes (and is not limited to)

  • Use of multiple search engines such as Censys, Shodan, Google, Wayback machine, archives and cached search results. 
  • Job postings on the corporate website as well as on job networks.
  • Infrastructure Reconnaissance - Information such as network blocks, infrastructure components, websites, networks & DNS is collected from online sources.
  • WhoIS, Domain Search Results such as registrant information, domain squatting.
  • Review threat intelligence feeds related to the network blocks obtained.
  • Web archive / time machine to obtain data posted in the past on the corporate website.
  • Obtain data from past compromises, postings on Pastebin and GitHub.

Business Intelligence

  • Corporate information from the official website and other online financial information databases
  • Investments information, supply chain network partnerships and vendors, network providers, software in use, and other facilities. 
  • Metadata information leakage from official documents released online. This information often contains staff usernames, software in use, installation paths of software in use and file system/operating system information. 

Email Harvesting

Email addresses are harvested from the internet using special scripts to look for target domains.

Based on the naming notation, personnel names are searched from online sources that are then used to create email addresses. This is one of the techniques used as a preparatory step for phishing campaigns.

Physical Location

A complete address including building and postal code of the organisation including details of ownership (rental, owned, shared) from which it operates. This will also include any international offices or branches that are distributed geographically around the world.

Further, where possible information about the location of cameras, gates, fences, backdoors, anti-tailgating doors and other physical security measures that are posted online or that can be found via Google maps and other online resources. This includes data obtained from Google Street view as well. 

Try our in-depth OSINT on your assets
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

How effective is your defence? Find out.
Call Us Now


"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

"Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business. Really enjoyed working with Defendza and look forward to working with them again in the future. Thank you!

IT manager
Housing Trust



Manufacturers Can’t Afford the Cyber Risks

Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces