Tips & Tricks

Excellent OSINT Questions for Social Engineering Engagements

Please note that this list came from Christopher Hadnagy’s book, Social Engineering The Science of Human Hacking.

Questions for a Corporation:
How does the corporation use the internet?
How does the corporation use social media?
Does the corporation have policies in place for what its people can put on the internet?
How many vendors does that corporation have?
What vendors does the corporation use?
How does the corporation accept payments?
How does the corporation issue payments?
Does the corporation have call centers?
Where are HQ, Call Centers, or other branches located?
Does the corporation allow BYOD?
Is the corporation in one location or many?
Is there an org chart available?

Questions for an Individual:
What social media accounts does the person use?
What hobbies does the person have?
Where does the person vacation?
What are the person’s favorite restaurants?
What is the family history (sicknesses, businesses, and so on) of the person?
What is the person’s level of education? What did the person study? Where?
What is the person’s job role, including whether people work from home, for themselves, and who they report to?
Are there any other sites that mention the person (maybe they give speeches, post to forums, or are part of a club)?
Does the person own a house? If yes, what are the property taxes, liens, and so on?
What are the names of the person’s family members (as well as any of the previously mentioned info on those people)?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s