Open-Source Intelligence Assessment

Before a burglar picks a lock, they watch the house. When do you leave? Which window never quite shuts? Whose name is on the post? Almost everything an attacker needs to plan against you can be gathered without touching a single one of your systems - and most organisations have no idea how much of it they have already published. Systematically gathering and synthesising this information is called Open-Source Intelligence, or OSINT. The OSINT Assessment reproduces that reconnaissance deliberately, and sees how well an attacker could use it against your organisation. We aim to see your organisation from the same vantage point an attacker would, before they make a move.

Casing The Joint

We assemble your external digital footprint from the same public sources an adversary would. We map your internet-facing infrastructure through DNS records, WHOIS data, and certificate transparency logs, which routinely surface forgotten subdomains, staging environments, and services nobody remembers standing up. We search breach databases and credential dumps for corporate accounts already exposed - reused passwords from a third-party breach being one of the most common roots of compromise. We examine the metadata buried in your published documents, the secrets occasionally committed to public code repositories, and the org chart reconstructable from professional networks, along with the role and personal details that make a convincing pretext or answer a security question.

Eyeing The Individuals

Beyond this organisation-wide information lies another, even higher-value, target for OSINT: your staff and leadership. In the social media era, an enormous amount about individuals can be learned from their public online presence; and the most important people in your organisation are usually publicly affiliated with it, often directly listed on your website or on Companies House. Shellhex is deeply mindful of the legal and privacy constraints of conducting OSINT exercises against staff, but given authorisation from the specific individuals in question, we may be able to conduct an exercise aimed at discerning how much personal information about individual members of your organisation is available publicly. This information is highly valuable to attackers as it can be used in social engineering and password cracking attempts, and as such this service pairs naturally with our Social Engineering Assessment and Password Resilience Assessment services.

The Value Is In The Synthesis

Tooling plays its part - precise search-engine operators, infrastructure search platforms such as Shodan and Censys, information aggregation tools like Maltego, link-analysis tools that correlate scattered points into a coherent picture - but individually, each fragment is harmless. The power of OSINT lies in correlating many different, individually often trivial, pieces of information that collectively paint a picture about an organisation and its members. Assembled, they become a targeting package: who to impersonate, whom to impersonate them to, what they would plausibly say, and which exposed service to aim the resulting access at. All of this work is passive; we gather only what is already public, never interacting with your systems in a way that could tip off a real defender or cross a legal line, and we handle any personal data we encounter in accordance with the UK GDPR. Additionally, this service only extends to information about your organisation specifically; real attackers may further conduct OSINT against your supply chain and key partners, but due to the fundamentally different constraints of OSINT exercises against third parties, we offer this separately through our Reconnaissance service.

What You Receive

The deliverable of our Open-Source Intelligence Assessment is a footprint report laying out everything we gathered, organised by how an attacker would use it, alongside a concrete reduction plan: what to take down, what to lock down, what to monitor, and how to keep the footprint from quietly regrowing. We pay particular attention to high-value individuals - executives and administrators whose compromise carries outsized consequences. All of it gives you something most organisations lack: a clear, attacker's-eye inventory of what you expose to the open internet, and a prioritised plan for shrinking it. Because a digital footprint regrows the moment you stop watching it, clients may wish to consider this service as a recurring sweep rather than a one-off, to catch each new leak before an attacker makes use of it.