Tips ： When the article is finished , Directories can be generated automatically , How to generate it, please refer to the help document on the right

Preface

One 、 Information collection and analysis

HUMINT（ Artificial intelligence ）

Artificial intelligence comes from human , Whether through underground secret collection , Or collect it publicly through diplomatic means , Artificial intelligence is the oldest form of intelligence gathering . Whether cyber Threat Intelligence can be obtained from HUMINT The conclusion is controversial . An example is trying to have an interview or conversation with those who are involved in the invasion or experienced in the invasion . The other is considered the closest HUMINT An example of this is through restricted or member only online forums , Interact with hackers to get information . This type of intelligence gathering can also be considered SIGINT, Because it comes from electronic communication .

SIGINT（ Intelligence signals ）

Signal intelligence includes intelligence obtained from electronic signals , Including communication intelligence （COMINT）、 Electronic intelligence （ELINT） And external instrument signal intelligence （FISINT）. Most technical intelligence gathering belongs to SIGINT, After all, the function of computer comes from electronic signals , So anything exported from computers or other network devices can be regarded as SIGINT.

OSINT（ Public information ）

Public sources of information include news 、 social media 、 Commercial databases and other sources . Among them, the public report on network security threats is OSINT A type of . The other type is publicly accessible IP Technical details of address or domain name , for example ,WHOIS Query the details of the malicious domain name registrant .

IMINT（ Image intelligence ）

Image information is collected from visual representation , For example, photography and radar .IMINT Usually not the source of cyber Threat Intelligence .

MASINT（ Measurement and feature intelligence ）

MASINT It means in addition to signals and images , Information collected through technical means .MASINT Usually includes nuclear 、 light 、 radio frequency 、 Characteristics of acoustics and seismic characteristics . because MASINT Does not contain signal intelligence , It is usually not a typical source of cyber Threat Intelligence .

GEOINT（ Geospatial information intelligence ）

Geospatial information intelligence comes from geospatial data , Including satellite images 、 Reconnaissance map 、GPS Data and other location related data sources . Some companies believe that IMINT yes GEOINT Part of , Some enterprises think it is a separate discipline . And IMINT similar ,GEOINT Not a typical source of cyber Threat Intelligence , But it can provide contextual information about threats , To help you understand how attackers use network domains to achieve their goals .

Two 、 Public information collection - Search engine

3、 ... and 、 Information collection and Prevention

• Public information collection defense

• Information display minimization principle , Don't release unnecessary information

• Reduce the attack area

Four 、 Information gathering tools

1、NSLOOKUP

nslookup The command is almost in all PC It is installed on the operating system , Used for query DNS The record of , Check whether domain name resolution is normal , It is used to diagnose network problems when the network fails . Information security personnel , You can collect information through the returned information .

2、DIG

Dig It's also true DNS A tool for collecting information ,dig comparison nsllooup Not only more functions , First, connect by default DNS The server queries the corresponding IP Address , Then set dnsserver For up connection DNS The server .

3、Whois

whois It is used to check whether the domain name has been registered , And a database of registered domain name details （ Such as domain owner 、 Domain registrar ）. adopt whois To realize the query of domain name information . In the early whois Query mostly exists with command line interface , But now there are some online query tools with simplified web interface , You can query different databases at one time .

Web interface query tools still rely on whois Protocol sends query request to server , Command line interface tools are still widely used by system administrators .whois Usually use TCP agreement 43 port . Each domain name /IP Of whois Information is kept by the corresponding management organization .

5、 Active information collection

Recon-ng It is a framework for information collection , It can be compared with exploit To metasploit framework、 Social engineering is for SET.

5、 Active information collection

Active information collection is the use of some tools and means , Some interaction with the collected target , So as to obtain target information . Some traces can't be avoided in the process of active information collection .

summary

The content of research information collection

Methods of information collection

Tools for information collection