Skip to content
Social Engineering Resilience

Open Source Intelligence Engagements

A treasure trove of data gold

Open Source Intelligence (OSINT) refers to any information about your organization that is available to the public. Sources include the Internet, social media, news, government databases, and press releases in which a multitude of different data types exist. 

This public data is available to everyone, not just the good guys. Bad actors use open source information to identify weak links in your organization and build a profile they can use as they plan their attacks.  


Assessing your exposure

The problem with open source data is that there may be information out there that you may not even be aware of that can translate into a lot of unnecessary – and exploitable – exposure.

During Summit Open Source Intelligence Engagements, our experts collect available open source data on your organization, its assets, employees, vendors, and partners by leveraging the mindset, tools, and methods of reconnaissance a bad actor would use. 

We evaluate this gathered “intelligence” – such as personal information from social media accounts or key organizational changes from press releases – to determine its sensitivity and how it might be utilized in an attack strategy.

A proactive approach to open source risk

Bad actors actively look for open source information about your organization that will help them strengthen their strategy for an attack. But our OSINT assessments help you beat them to the punch. 

We efficiently and proactively track down open source data that exposes your organization and inform you of any vulnerabilities. Based on this intelligence, our team provides you with actionable measures to help you address sensitive open source disclosures before a bad actor can exploit them.

During a typical Summit OSINT engagement, our cybersecurity team uses tools and techniques to:

  • Discover your organization’s domains and subdomains
  • Search publicly available data sources and social media for exposed data
  • Reveal publicly available email addresses that are known to be compromised
  • Confirm valid email addresses
  • Review historical or cached website content for sensitive information
  • Search documents and images for sensitive data leakage
  • Enumerate public-facing interfaces with login portals
  • Review publicly available source code, projects, or configuration files

Frequently Asked Questions

Praesent ac sem eget est vestibulum ante ipsum.

Suspendisse enim turpis, dictum sed, iaculis a, condimentum nec, nisi. Quisque malesuada placerat nisl. Maecenas nec odio et ante tincidunt tempus. Praesent blandit laoreet nibh. Sed libero.

Donec sodales sagittis magna. Nam ipsum risus, rutrum vitae, vestibulum eu, molestie vel, lacus. Sed in libero ut nibh placerat accumsan. In hac habitasse platea dictumst.

Etiam ut purus mattis mauris sodales aliquam. Proin faucibus arcu quis ante. Morbi mollis tellus ac sapien. In hac habitasse platea dictumst.

Nam eget dui. Pellentesque libero tortor, tincidunt et, tincidunt eget, semper nec, quam. Etiam rhoncus. Donec id justo.

Curabitur ullamcorper ultricies nisi. Sed a libero. Aliquam eu nunc. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu.

Explore our comprehensive suite of services in Cybersecurity Advisory, Cybersecurity Engineering, and vCISO Services: