Apply OSINT Research And Presentation Due Day 7 Assignment

Posted on December 27, 2025

Apply Osint Research And Presentation Due Day 7assignment Contentop

Apply Open Source Intelligence (OSINT) methodology involves using publicly available tools and techniques to gather information about individuals or organizations. In cybersecurity, OSINT is used to identify system vulnerabilities and strengthen defenses before exploitation occurs. The assignment involves researching a well-known company, selecting three OSINT tools or techniques—one from each of these categories: World Wide Web OSINT, website analysis, and DNS interrogations—and writing detailed reports on each. Additionally, a comprehensive OSINT research report on the chosen company must be prepared, summarizing the collected information, its potential value in a penetration test, and recommendations for implementing OSINT tools and techniques.

Paper For Above instruction

Introduction

Open Source Intelligence (OSINT) has become an integral part of cybersecurity, offering valuable insights into organizational vulnerabilities without intrusive techniques. The process involves systematically collecting publicly available information to support security assessments and penetration testing. This paper focuses on a well-known corporation—Microsoft—to demonstrate the application of three selected OSINT tools/techniques, each from different categories, and culminates in a comprehensive research report on the company’s security posture.

White Paper 1: OSINT through World Wide Web – Google Dorking

Google Dorking, also known as Google hacking, is a technique that uses advanced search operators to uncover sensitive information inadvertently exposed on the internet. This technique involves crafting complex Google searches with operators like "intitle:", "inurl:", "filetype:", and others to locate specific data such as login portals, exposed documents, or configuration files. For instance, searching for "site:microsoft.com filetype:pdf" might reveal publicly accessible PDFs containing confidential corporate information.

Usage and Applications:

Google Dorking is used during reconnaissance to discover sensitive data on organizational websites, uncover unsecured files, and identify exposed infrastructure details without direct interaction with targeted systems. It is especially useful for initial footprinting phases in penetration testing because it leverages publicly available search engine indices.

Pros:

- Readily accessible and easy to use

- Can quickly unearth a wide range of exposed information

- No specialized tools required

Cons:

- Overreliance can lead to incomplete information

- Search results depend on the indexing of publicly available pages

- Risk of legal or ethical violations if misused

Effectiveness: Google Dorking can reveal significant insights if the organization has poorly secured its web assets, but it needs to be complemented with other techniques for comprehensive reconnaissance.

White Paper 2: OSINT through Website Analysis – BuiltWith

BuiltWith is a powerful tool used for analyzing the technological profile of a website. It scans web pages to identify technologies like server software, content management systems (CMS), analytics tools, advertising networks, and security features implemented across the site.

Usage and Applications:

Pentesters and security analysts employ BuiltWith during reconnaissance to understand the underlying technology stack, which informs potential vulnerabilities. For example, identifying outdated CMS plugins or security misconfigurations can guide targeted exploits. This tool provides a detailed report on the technologies in use, including web server details and third-party integrations.

Pros:

- Offers comprehensive technology profiles

- Assists in vulnerability identification based on software and version information

- User-friendly interface that provides immediate insights

Cons:

- May not always detect custom or obfuscated technologies

- Some data may be outdated or incomplete

- Requires legal considerations when scanning for vulnerabilities

Effectiveness: When combined with other reconnaissance methods, BuiltWith can reveal exploitable factors in the organization's web infrastructure, aiding penetration testers in crafting precise attack vectors.

White Paper 3: OSINT through DNS Interrogations – DNSdumpster

DNSdumpster is an online DNS reconnaissance tool that maps DNS records such as A, MX, NS, and TXT records to uncover domain infrastructure details. It enables security professionals to identify subdomains, email servers, and domain configurations, which are critical in assessing attack surfaces.

Usage and Applications:

Researchers input the target domain into DNSdumpster to visualize the DNS landscape. This helps identify subdomains that might be vulnerable or overlooked, revealing points of entry or data leakage routes. The tool also reveals information about mail exchanges and TXT records, such as SPF or DKIM records, which can be exploited if misconfigured.

Pros:

- Easy to use and publicly accessible

- Provides comprehensive DNS records and subdomain enumeration

- Useful for mapping complex domain structures

Cons:

- Limited by the accuracy of DNS records and data availability

- Cannot detect recently changed DNS configurations immediately

- May produce false positives or outdated information

Effectiveness: DNS reconnaissance with DNSdumpster enhances understanding of an organization’s DNS architecture, which is critical for identifying indirect attack vectors and data exfiltration points.

OSINT Research Report on Microsoft

Microsoft Corporation is a global leader in technology, with a broad portfolio that includes software, services, and hardware products. Conducting OSINT on Microsoft reveals extensive publicly accessible information about its infrastructure, products, and organizational structure.

Collected Information Summary:

Using the above tools, critical public insights include details about Microsoft's technology stack, domain structure, server and hosting details, and exposed subdomains. For instance, DNSdumpster uncovers multiple subdomains for Microsoft’s various services, and BuiltWith highlights the widespread use of specific content management and security technologies.

Potential Value in Penetration Testing:

The detailed profiles provided by these OSINT techniques give pentesters a robust understanding of organizational infrastructure, highlighting potential weak points such as outdated software versions or misconfigured DNS settings. For Microsoft, which operates at a large scale, such reconnaissance can identify targeted areas for more invasive testing, such as exposed subdomains or outdated services.

Recommendations for Implementation:

Microsoft and similar organizations should adopt proactive OSINT strategies to continuously monitor public-facing infrastructure. Regular audits using tools like Google Dorking, BuiltWith, and DNSdumpster can identify vulnerabilities early. Additionally, organizations should implement strict security practices such as removing sensitive information from public pages, securing DNS configurations, and regularly updating web technologies to mitigate risks.

Conclusion:

OSINT remains a vital component of cybersecurity defense, enabling organizations to identify and address vulnerabilities preemptively. The tools discussed—Google Dorking, BuiltWith, and DNSdumpster—offer invaluable insights into an organization’s infrastructure and potential weaknesses. Regularly employing these techniques as part of a layered security approach enhances an enterprise’s resilience against cyber threats.

References

Ahmad, A., & Alazab, M. (2021). Modern OSINT Techniques in Cybersecurity. Journal of Cybersecurity Technology, 5(2), 89–106.
Bhiamo, B. (2020). Practical Guide to Web Reconnaissance with Google Dorking. Cybersecurity Journal, 12(4), 234–245.
Clarke, R. (2019). Website Technology Profiling for Security. IEEE Security & Privacy, 17(3), 27–35.
Grimes, R. (2022). DNS Reconnaissance and Its Role in Cyber Defense. Network Security, 202(1), 16–22.
Hossain, M., & Nurunnabi, M. (2020). Advanced OSINT Techniques in Penetration Testing. Cyber Defense Review, 5(1), 45–58.
Miller, S. (2018). An Introduction to OSINT for Cybersecurity Professionals. Journal of Network and Systems Management, 26, 791–806.
Rashid, T., & Alam, S. (2020). Application of DNS Data in Security Analysis. International Journal of Cybersecurity, 1(2), 100–110.
Smith, J. (2023). Cyber Reconnaissance: Tools and Techniques. Cybersecurity Trends, 4(1), 52–64.
TechTarget. (2020). Using BuiltWith for Technology Profiling. https://searchsecurity.techtarget.com/Using-BuiltWith-for-Technology-Profiling
Williams, P. (2021). Ethical Considerations in OSINT. Journal of Digital Ethics, 3(2), 45–51.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.