The result of an OSINT analysis is the enumeration of the technical attack surface of a company. To do this, we put ourselves in the position of an attacker who is planning an attack on this very company.
With the help of publicly accessible sources, we first determine as many systems as possible that can be attributed to this company. The servers and IP addresses of these systems are then analysed in more detail and enriched with relevant metadata.
Based on these results, a first basic vulnerability analysis can be carried out and, building on this, an initial risk assessment is conducted. This is intended to give the company a better overview of which systems are particularly interesting for an attacker.