® 
OSINT
Definition
OSINT (Open Source Intelligence) is the collection and analysis of information from publicly available sources. Pentesters and attackers use OSINT to reconnaissance targets.
OSINT (Open Source Intelligence) is the systematic collection, analysis and interpretation of information from publicly available sources for security purposes. According to the SANS Institute, over 90% of all cyberattacks use information gathered through OSINT during the reconnaissance phase.
How does OSINT work?
OSINT encompasses searching a broad range of public sources: websites and social media, DNS records and WHOIS databases, job portals revealing technology stacks, leaked credentials on paste sites and dark web forums, company registries and annual reports, technical metadata in documents, source code in public repositories and certificate transparency logs. OSINT tools automate the collection and correlation of this data. The result is a detailed profile of an organisation's attack surface from an attacker's perspective.
OSINT in offensive and defensive security
In pentesting and red teaming, OSINT is the first phase: what information about the organisation is findable online and how could an attacker use it? In defensive security, OSINT helps organisations understand what attackers can discover about them. OSINT is also used for threat intelligence: monitoring dark web forums, hacker groups and paste sites for mentions of the organisation, leaked credentials or planned attacks.
Impact on organisations
Organisations are often unaware of how much sensitive information is publicly available. Employee email addresses, internal server names in DNS, technology choices in job postings and metadata in published documents provide attackers with valuable intelligence. Every publicly available detail lowers the threshold for a targeted attack. NIS2 requires organisations to know and manage their attack surface. ISO 27001 emphasises the importance of asset management and risk assessment.
Protection
Regular OSINT assessments identify what an attacker can discover about the organisation. Minimise the digital footprint: remove unnecessary information from websites, limit metadata in published documents and train employees on social media awareness. Monitor credential leaks and immediately mandate password changes when breaches occur. Implement a vulnerability disclosure policy so external researchers can responsibly report findings.
How DEFION helps
DEFION conducts OSINT reconnaissance as the first phase of every external pentest and red teaming engagement. This gives organisations insight into their digital footprint from an attacker's perspective. The Managed Threat Intelligence service continuously monitors for leaked credentials and dark web mentions.