Digital Risk Assessment Methodology

Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at https://osintframework.com) to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance.

Activities conducted within a Digital Risk Assessment are noted within the brief:

• Company research
• Domain and host enumeration
• Email, name, phone, and username harvesting
• Advanced Search Engine Operators (“dorks”)
• Attempts to identify code used for internal applications
• Password dumps
• Attempts to identify sensitive or proprietary indexed files
• Identification of employee badges on social media sites
• Building layouts
• Online brand protection