OSINT Threat Intelligence Project – Noventa Technologies

Objectives

Perform open-source intelligence (OSINT) gathering using industry-standard tools.
Identify digital exposures such as documents, APIs, employee data, and historic URLs.
Correlate findings with real-world attack scenarios including phishing, credential stuffing, and social engineering.
Provide risk-based recommendations aligned with cybersecurity best practices.
Maintain ethical and legal standards by using only passive, publicly available information.

Methodology and Tools

The assessment was conducted in structured phases using widely accepted OSINT techniques and tools:

Google Dorks: Discovered exposed PDFs and misconfigured directories.
Hunter.io & theHarvester: Verified employee email formats and harvested subdomains.
Shodan & WHOIS: Mapped external infrastructure, open ports, and DNS configurations.
HaveIBeenPwned & SOCRadar: Checked for leaked credentials and dark web mentions.
Wayback Machine: Identified outdated APIs and deprecated login portals.
LinkedIn Reconnaissance: Analyzed employee exposure and oversharing risks.

Key Findings

📂 Exposed Documents: Public PDFs containing internal financial and operational information.
🔑 API Keys and Tokens: References to sensitive data discovered in GitHub repositories.
📧 Email Exposure: Employee email formats confirmed; some accounts linked to past data breaches.
🌐 DNS Misconfigurations: Merchant subdomains exposing directory listings.
🕰️ Historic Attack Surface: Deprecated login paths and outdated APIs accessible through Wayback Machine.
👤 Employee Oversharing: LinkedIn profiles revealing roles, technologies, and access levels.

Recommendations

Implement automated secret scanning and regular token rotation in repositories.
Harden merchant domains and disable public directory indexing.
Enforce SSO and MFA for all employees.
Launch security awareness training to reduce exposure via LinkedIn and other platforms.
Set up continuous dark web monitoring to identify leaked credentials early.

Ethical Considerations

This assessment was performed under strict adherence to ethical OSINT practices.
Only publicly available information was collected.
No scanning, exploitation, or unauthorized access was performed.
Sensitive identifiers and confidential information were masked in all reports.

Outcome

This project demonstrates my ability to:
✅ Conduct structured OSINT investigations.
✅ Translate findings into real-world security risks.
✅ Produce professional threat intelligence reports with actionable recommendations.
✅ Apply ethical and legal standards to cybersecurity assessments.

Skills Highlighted

OSINT and Threat Intelligence
Network and Application Security
Passive Reconnaissance Tools: Shodan, theHarvester, HaveIBeenPwned, SOCRadar
Professional Reporting and Documentation
Risk Analysis and Security Recommendations

Hello

Profile Picture
Get in touch if you'd like to learn how I can contribute to your team or project.
Availability: Maximum: 2 Hours
Contact me