What Does an Attacker Know About You Before They Start?
Targeted attacks rarely begin with technology. They begin with research. Through public sources, social media, job listings, GitHub repositories, data breaches, and dozens of other channels, an attacker builds a picture of your organisation — long before they approach a single system. Which employees are visible? What technology do you use? Are there credentials sitting in public somewhere? Is there an old system still reachable?
An OSINT investigation exposes that picture — but from your side. We carry out the same kind of reconnaissance an attacker would, and map out what is findable about your organisation and which information poses a risk.
What Do We Investigate?
Your Public Profile
We look at everything findable about your organisation, employees, and technology through open sources: LinkedIn, job postings, press releases, forums, registration databases, and documents containing metadata you would rather not share. Information that looks harmless on its own can become useful in combination with other data — for phishing, social engineering, or targeted attacks.
Your Technical Exposure
We map your external digital presence: which domains, subdomains, and systems are reachable? Are there management interfaces, outdated applications, or unsecured services publicly accessible? How is your email security configured? Technical details that seem obvious to you can give an attacker exactly the foothold they need.
Leaked Data
We check whether credentials from your employees or organisation appear in known data breaches or on the dark web. The same applies to API keys, tokens, or sensitive configurations that have ended up in public repositories — sometimes by accident, sometimes through an old project or a former employee.
What Do You Get Back?
After the investigation you receive a clear report with an overview of our findings, organised by risk level. For each finding we provide concrete recommendations: what can be closed off, removed, or improved? The report is written for both your technical team and your management.
Ready to See What Others See?
Contact us for a no-obligation conversation. We are happy to explain what an OSINT investigation can deliver for your specific situation.