Open Source Intelligence (OSINT)

With increasing complexity of the IT landscape comes the risk of losing track of your own systems. With our OSINT analysis, we offer a realistic assessment of your company's external technical attack surface.

What is an OSINT analysis?

The result of an OSINT analysis is the enumeration of the technical attack surface of a company. To do this, we put ourselves in the position of an attacker who is planning an attack on this very company.

With the help of publicly accessible sources, we first determine as many systems as possible that can be attributed to this company. The servers and IP addresses of these systems are then analysed in more detail and enriched with relevant metadata.

Based on these results, a first basic vulnerability analysis can be carried out and, building on this, an initial risk assessment is conducted. This is intended to give the company a better overview of which systems are particularly interesting for an attacker.

What is an OSINT analysis?
Why is an OSINT analysis useful?

With increasing complexity of the IT landscape comes the danger of losing an overview of one’s own systems.

This particularly affects companies without mature asset management, after takeovers of other companies and the associated infrastructure, or also those that have only recently begun to address the topic of IT security.

This technique of enumeration is predominantly passive, which is why it is often difficult for a company to recognise whether it could be the target of an attack. With our OSINT analysis, we want to give companies the tools they need to better understand their own attack surface and reduce it to a minimum in the long term.

Why is an OSINT analysis useful?

Course of an OSINT analysis

  • Reconnaissance

    We collect initial information about the company. This includes, for example, the company structure including parent/subsidiary companies as well as other information concerning the company.

  • Enumeration

    The initial results are used to identify an initial technical attack surface. This includes, for example, domains and subdomains of the company.

  • Metadata

    In the next step, the previously collected technical information is enriched with metadata to gain a better understanding of the infrastructure.

  • Analysis

    The enriched data is subjected to a technical analysis. A special focus is placed on aspects relevant to IT security.

  • Reporting

    A final report is compiled which summarises the results of the test and contains possible recommendations for action.

Wrap-up and conclusion

Following the OSINT analysis, we provide a detailed report of all systems identified, vulnerabilities found and other anomalies.

In addition to a listing of domains, services and other information relevant to an attacker, you will receive an initial risk assessment and recommendations for action.

We will be happy to explain the findings and possible actions resulting from them in a results presentation. If required, targeted vulnerability assessments or penetration tests can be carried out to test and harden the security-critical services found in the desired depth.

  • Intensive open source research of security critical information
  • Enumeration of domains and subdomains
  • Identification of the external IT infrastructure of the company (web servers, etc.)
  • Risk assessment of the identified assets

Almost all attacks by hackers, with the exception of insider attack scenarios, begin with an OSINT analysis. In this process, attackers look for information on servers, locations and employees of the company, among other things, and plan their attack accordingly.

Thus, an OSINT analysis enables you to get to know your own attack surface, to understand it and, if necessary, to take security-relevant measures at the relevant points.

Since an OSINT analysis is mainly passive, we do not need any active participation on your part.

The abbreviation OSINT stands for “Open Source Intelligence”.

This involves using a wide variety of information from freely available sources to obtain as accurate a picture as possible about a corresponding topic. In our case, however, it is mostly about companies or people.

An OSINT analysis is particularly useful if you previously had little experience with the topic of IT security and want to develop an understanding of your own attack surface.

Get in touch

Curious? Any more questions? Call us, write a mail or book a meeting with one of our consultants right away!


Would you like to stay up to date? Sign up for our newsletter: