Open-Source Intelligence (OSINT)
Open-Source Intelligence (OSINT) is derived from public information. OSINT is not limited to online searches and can be used to focus efforts on a specific area of interest. Watch out for information overload.
When performing OSINT, do not limit yourself to only one search engine. There are different algorithms which means different results.
Some common search engines include:
- Duck Duck Go
- Google Hacking Database
Google hacking is also known as Google dorking or Google-Fu. Google hacking is a technique using Google to search and find security holes using advanced Google search operators.
Google Hacking Examples
"private marketing material"
Specific file extension
Specific file type
Specific string in the URL
Text that must be included
One or the other
marketing OR purchasing
Include and exclude a word
Search Google’s cached pages for a site (trying to be stealthy)
Specific site excluding the "www" subdomain
Search for marketing PDF files
site:example.com filetype:pdf allintitle:marketing
Search for directory listings
intitle:index.of "parent directory"
Search for a directory listing that may be vulnerable to directory traversal up to the admin directory
Find public web cameras
Google Hacking Database
The Google Hacking Database (GHDB) is an index of search queries (dorks) used to find public information. It is intended for penetration testers and security researchers.
Professional Security Services Offered by Central InfoSec
Central InfoSec offers a variety of professional security services including:
- Red Teaming
- Attack simulation to test, measure, and improve your detection and response
- Penetration Testing
- Real-world security tests using advanced hacking methods to identify your weaknesses
- Vulnerability Assessments
- Identification of potential vulnerabilities in your network and applications
- Application & API Testing
- Testing of security controls and products to identify your gaps and weaknesses
- vCISO Services
- Virtual CISO (vCISO) services allowing immediate access to strategic security guidance
- Cyber Risk Management
- Cyber solutions to help address security threats and to help you reach your security initiatives
- Phishing Assessment
- Effective security awareness training through social engineering and phishing emails
- Managed Phishing
- Routine phishing campaigns to track and measure the security awareness of your employees
- Password Audit
- Detection of weak passwords to help you improve your password policies
- C2 & Pivot Testing
- Command and control (C2) communications, pivoting, and data exfiltration testing
- Purple Team Tabletop
- Targeted training exercises to measure people, processes, and technologies
- Security Training
- Fully customizable cyber security training and employee awareness support
Best Boutique Penetration Testing Company
Central InfoSec named Best Boutique Penetration Testing Company by the Global 100 Awards.
Best Penetration Testing Firm
Central InfoSec named Best Penetration Testing Firm by Corporate Vision's Corporate Excellence Awards.
“Central InfoSec helps organizations by discovering network and web application vulnerabilities before the hackers do!”
Central InfoSec is an award-winning cyber security company that offers professional security services including Red Teaming, Penetration Testing, and Security Training.
The Central InfoSec team consists of skilled security professionals bringing a total of 20+ years of red teaming, penetration testing, web application, and exploitation experience. Central InfoSec team members have achieved industry leading professional certifications including CRTO, OSCP, OSWP, GXPN, GPEN, GCPN, GWAPT, GMOB, AWS-CSS, AWS-CCP, PenTest+, CEH, CISSP, and more.
The Central InfoSec team goes one step further and develops open-source tools including Burp Suite extensions, Cobalt Strike aggressor scripts, scripts tying into tools (including GoPhish, PhishMe, Slack, Lair), other custom-built security tools, and Capture The Flag (CTF) events!
Central InfoSec performs a variety of penetration tests including external-networks, internal-networks, web applications, and APIs. The company quickly informs clients of critical vulnerabilities by creating ad-hoc reports and hosting ad-hoc debriefs as necessary.
Best Penetration Testing & Security Consulting Firm
Central InfoSec Red Teaming
Central InfoSec can quickly uncover critical vulnerabilities that have been missed for years. No automated scanning tool can replace high-quality security professionals. Utilizing Central InfoSec’s custom-built tools and manual analysis, Central InfoSec’s security experts have found numerous vulnerabilities within web applications including multiple 0-days allowing direct access to web servers hosting the applications. Once critical vulnerabilities are discovered, Central InfoSec’s experts work directly with application developers to address security flaws. With many success stories, Central InfoSec is constantly contributing to the community by sharing its knowledge through blogs, open-source projects, tool development, conferences, presentations, and local security meetups.
& Penetration Testing
Every organization, at a minimum, should receive both network pen testing and web application pen testing, and cost should never be the reason that quality testing is not performed. Therefore, the company focuses on offering quality and affordable professional security services while increasing security awareness at organizations. The Central InfoSec team educates clients through security assessments and tailored security training while also helping with permanent resource staffing. We want to help organizations understand the core foundation to security, help businesses acquire the appropriate staff that they need, and help strengthen security postures through offensive security testing.
Best Boutique Pen Test CompanyCentral InfoSec strengthens the security posture of businesses by reducing cyber risk through red teaming and pen testing.
Best Boutique Pen Test Company
Let’s Work Together
If you’d like to see why Global 100 selected Central InfoSec as the Best Boutique Pen Test Company, let's have a chat to see how you could benefit from Central InfoSec security services. It’s simple and easy. We’ll even include a free customized quote. Let’s get started: Contact Us
Central InfoSec offers a variety of other professional security services to help you test, measure, and improve your overall security posture. Security services offered include red teaming, pen testing, vulnerability assessments, web app testing, managed phishing, and other tailored security services to help you reduce risk to your organization.