Identify and reduce the risk posed by sensitive data and information accessible through publicly available sources.
What is Open Source Intelligence?
Open Source Intelligence (OSINT) involves efficiently analysing your organisation’s publicly available information to identify key risks and vulnerabilities, potential data leaks, and how to address them.
Our highly certified OSINT team use the same tools and tactics as cyber attackers to simulate real attack scenarios, uncovering weaknesses as part of wider penetration testing. Each assessment is tailored to address your organisation’s specific security concerns.
The Importance of Open Source Intelligence
- OSINT: Identifying and Mitigating Risks OSINT reveals valuable data like usernames, job titles, and contact details, which can be exploited by malicious actors to improve attack success. Organisations must identify where information is leaking and how it could be used against them. A clear strategy and expertise are essential to sift through overwhelming OSINT data effectively.
What to Expect From OSINT by Bridewell
This service is a valuable component of wider penetration testing activities, such as red team exercises, and helps simulate a real-life cyber security attack on an organisation’s infrastructure, wireless networks, applications or mobile devices
An End-to-End Service
We need minimal involvement from your organisation to complete the assessment, reducing the burden on in-house teams.
Flexible Engagement for Any Objective
Each assessment delivered by out penetration testing team is customised to address specific security concerns within your organisation.
Experience Across Sectors
We work with organisations across highly regulated and critical industries, providing our pen testers with a deep understanding of the risks and challenges they commonly face.
Extensively Accredited
We are accredited by CREST and hold certifications such as OSCP and Zeropoint Security CRTOs. Additionally, we are Tiger-certified and recognised as a Certified Cyber Security Consultancy by the National Cyber Security Centre (NCSC).
Simulate Real World Attackers
Our team utilise the same tools, tactics and procedures as real-world attackers to accurately recreate real attack scenarios.
Why is it Worth Conducting a OSINT?
A Prioritised List of Potential
Understand which risks and attacks pose the greatest risk to your applications and APIs, and how to address them.
.svg?sfvrsn=428a1942_1){kind=icon}
Guidance on Securing Information
We provide guidance on how OSINT can be removed from public forums or, where this isn’t possible, otherwise secured.
An Understanding of Your Organisation's Footprint Gain
Gain a comprehensive view of your people and processes, and how attackers may look to exploit them.
Targeted Awareness Training
Enhance your employees’ understanding of how to prevent sensitive information from leaking to public sources.
Start your OSINT Journey
Speak with one of our team to see how we can support your organisation with OSINT.
How we conduct OSINT
We employ active, passive, and semi-passive techniques to gather extensive information about your organisation from public sources. We focus on:
- Physical security measures
- Infrastructure and network details
- DNS listings
- Netblock owners and email records
- Potentially exploitable information about your organisation and employees
- Data from previous breaches
This information helps tailor our penetration assessments and advises on mitigating risks.
OSINT FAQs
Open-Source Intelligence (OSINT) is the practise of gathering, analysing, and processing publicly available information – from sources like social media, news, government records and academic research – with the aim of simulating an attack based on information potential attackers could surface via ‘open sources’. It’s commonly used in cyber security to create realistic attack scenarios that mimic the process used by real attackers.
OSINT is used in real-world cyber attacks in the reconnaissance phase. It is used by malicious actors to gather public information such as employee data, security gaps and software or infrastructure information. This can be used to implement realistic phishing scams, as well as other targeted attacks based on an organisation’s data and risk profile. Cyber security experts can also use OSINT in the same way to predict attacks before they occur.
Attackers can use OSINT to gather vast amounts of sensitive information, often without ever directly interacting with or hacking the target's internal systems. This commonly includes personally identifiable information, contact details, locations, employee information, financial and legal records and leaked credentials. This reconnaissance phase allows attackers to build detailed profiles of individuals or companies, mapping their digital footprint to identify vulnerabilities.
OSINT supports red team and phishing exercises by providing necessary reconnaissance to simulate realistic, targeted attacks without triggering immediate alerts.
Why Us?
Awards
Our team have won numerous industry awards, including 'Cyber Business of the Year' at the National Cyber Awards 2024 and 'Best Cyber Security Company of the Year' at the Cyber Security Awards 2023.
Certifications
Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.
Partnerships
As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.
