@MASTERSTHESIS\{IMM2017-07043, author = "R. L. Petersen", title = "Enhancing identification and reporting of potentially harmful public data on danish organizations", year = "2017", school = "Technical University of Denmark, Department of Applied Mathematics and Computer Science", address = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk", type = "", note = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute", url = "http://www.compute.dtu.dk/english", abstract = "This master thesis aims to aid and enhance the current processes used to identify and report in Open Source Intelligence (OSINT) on Danish organizations. This is data generated by the daily work of the organization and its employees when they act and communicate. The data is collected by public registries or commercial 3rd parties, which can provide a valuable source of information for an attacker intending to target organizations. Security professionals are aware that such data exist and report on it as part of their services, but collecting it effectively is difficult. Relating it to the domain of the organizations acting under the different Danish legislation and standards can be difficult. The organizations themselves may have a good overview of the latter, but lack overview and awareness of {OSINT} and the attack scenarios this enables. We attempt to enhance the process of identification and reporting in two ways: By developing plug-ins (“transforms”) for the widely used {OSINT-}gathering program Maltego by Paterva and by developing a framework for inputting findings from Maltego to generate a report categorizing findings and relating them to common {OSINT-}enabled attack scenarios and applicable legislation, standards and guidelines. We examine current methodologies for conducting vulnerability- and penetration test assessments, standards, guidelines and Danish legislation pertaining to {OSINT-}data and identify and analyze a dozen common {OSINT-}enabled attack scenarios. The section on standards finds valuable, general guidance to enhance security maturity in organizations, but only little pertains to hinder {OSINT-}generation. Traits of social engineering-techniques, which often are involved in these types of attacks, are also analyzed. Two transforms were successfully developed for the Danish domain registry {DK} Hostmaster and a commercial supplier of aggregated data from the registry of Danish vehicles and debt of these. They can be included in and enhance the work processes in a security consultancy. The development also highlights problems with developing for closed source-software; due to the difficulties faced and solved in regards to this, a section on developing transforms for Maltego is included in the appendix. Based on the examined legislation, standards and guidelines and the scenarios created, a report generation framework has been developed. It takes an export from Maltego and by manually assigning labels to each entry, outputs a report. The report imitates examples of commercially used reports using colors and summaries to make it easy-read. It connects the findings to the scenarios describing specifically targeted attacks and three of the surveyed standards. The framework works and outputs successfully as-is, but the work highlighted difficulties with linking the domains of data labels of actual findings to standardized scenarios and formal standards. It is an essential task to get these links correct to ensure proper conclusions in the output, so the report can be used as-is in the product portfolio of e.g. a security consultancy. We list suggestions for future work in the discussion and conclusion and highlights the need for conducting the research with input from e.g. security professionals of consultancies and internal organizational security functions." }