Investigating cyber incidents and breaches
An essential part of responding to cyber incidents is conducting technical investigations into the affected websites. Responders can find possible vulnerabilities in websites by studying their technical characteristics with the use of OSINT tools. Website hosting information and SSL certificate details are only two of the many technical aspects that could be uncovered. An example of this is that you find a company website that is being hosted on a shared server known for security vulnerabilities. Using tools such as WHOIS or DomainTools, responders can identify the hosting provider and research known vulnerabilities associated with that provider. Likewise, tools such as SSL Labs’ SSL Test (https://www.ssllabs.com/ssltest/) can be used to examine the SSL certificates of a website, revealing potential security gaps such as outdated encryption algorithms or certificates issued by non-trusted authorities.
Figure...
