HTB Insider

4 min read

Get into OSINT cyber research with HTB Academy

OSINT is the craft of doing cyber threat research with information that's on the internet. Here's what you can learn with HTB Academy.

Sep 08

Hack The Box is world famous for training top pentesting talent. But did you know that you can explore a wide variety of cybersecurity skills with HTB Academy?

OSINT stands for “open source intelligence.” It’s the craft of finding information that’s publicly available on the internet to learn about cyber attackers and cyber threats that are actually happening in real life.

HTB Academy has a course all about OSINT-- OSINT: Corporate Recon. It’s a Tier IV Hard difficulty level module, created by our Senior Training Developer Valentin Dobrykov (Cry0l1t3). I had a chat with Cry0l1t3 about this exciting but very challenging course.


Interview with OSINT: Corporate Recon creator Cry0l1t3

Kim “Crowgirl” Crawley: Please tell us a bit about HTB Academy's OSINT course. What do people need to know before they take it?

Cry0l1t3: OSINT is an art in itself. However, this topic is also often underestimated by those who use OSINT, who rely on various tools and only receive rough information. One of the most enormous confusion is the information gathering with OSINT. During information gathering, we use passive and active methods such as scans and manual tests to obtain pure information. With OSINT however, we collect this information passively only and connect the individual pieces of information to discover the background behind the information. It is instead the connections in information that leads to the whole picture. 

To run OSINT efficiently, you need an extensive repertoire of organizational and technical skills. This means that one should know how companies are structured and how the technical requirements can be met. Nevertheless, the essence of creative thinking, which is essential for OSINT, requires thinking outside the box.

Crowgirl: Does your course cover any particular OSINT tools, such as Shodan?

Cry0l1t3: Yes, some tools are shown. But they collect information from third parties, and Shodan is one of them. However, the tools are not enough for effective OSINT research, and you need a practical methodology that covers all possible cases.  OSINT: Corporate Recon module includes a newly developed methodology based not on information sources but rather on information categories. After all, information sources vary from company to company. The information categories, however, always remain the same.

Crowgirl: I do OSINT on the Dark Web as a side gig for a bank. I examine darknet markets and forums (mainly Dredd) to research particular illegal activity, and report on it so the bank can improve their cyber defense. Which strategies in your course would make my work more effective?

Cry0l1t3: The course gives you an overview of the information categories. Through the methodology, you will identify which sources and information are new and which can be of great value. In the course, many different scenarios are discussed to show how such information can be connected. It will also help you keep track of the ways and opportunities that could compromise the structure and technical aspects of the business. Based on this, you will learn to connect such elements and discover different ways. This requires a lot of creativity and time to achieve the best possible results.

Crowgirl: Which job paths and roles is your course most useful for?

Cry0l1t3: The course is designed for penetration testers who are looking for vulnerabilities. However, pretty much anyone can benefit from it. Apart from all IT security-specific roles, this can also be of great interest for the marketing department to discover interests and marketing gaps of the companies and communities. Threat hunters, for example, can use these techniques to more accurately identify threats and track where the threat is coming from. OSINT is ultimately an art of thinking taught in the course, not a collection of tools.

Crowgirl: Excellent. Do you have anything else to add?

Cry0l1t3: OSINT is often underestimated and, unfortunately, very often even misrepresented. However, the applied techniques and methods shown in the course, which go far beyond simple Google research, have already brought me many very surprising results that always amaze me, and I hope to have helped others with the course so far that they could also discover the strength of OSINT for themselves.

OSINT: Corporate Recon

Check out HTB Academy

OSINT: Corporate Recon is one of many different modules you can explore in HTB Academy. And we’re always adding new courses and new content. Learn more about HTB Academy and get started today.

Share article

Hack The Blog

The latest news and updates, direct from Hack The Box