OSINT for pre-acquisition due diligence

Sector

B2B technology · acquirer with Western European operations · target a growth-stage startup · M&A operation not yet public.

Initial situation

The acquirer's M&A team needed to complement the financial and legal due diligence with an independent technical reading of the target, without direct contact with their security team and before the deal became public. The delivery window was short and confidentiality was absolute.

Approach

We designed an OSINT due diligence structured in five blocks: external technical posture (subdomains, certificates, exposed services, weak configurations), code and secrets hygiene in public repositories, credential exposure in historical breaches associated with the corporate domain and known suppliers, reputation and traceability of key technical staff, and declared compliance posture versus public evidence. All activity was passive or low-profile, with no contact with target-owned assets.

Result

We delivered a report with 8 critical findings (3 with direct impact on deal valuation) and 14 medium findings. The critical findings led to specific representation and warranty clauses in the final agreement, plus a 90-day post-closing integration plan.

Lesson

The public surface of a company tells you more about its real security maturity than any self-declared questionnaire.

Time and effort

2-3 weeks · 40-60 consulting hours · executive report + technical report + findings matrix.