BSides Tampa 2020

BSides Tampa 2020

BSides Tampa 2020

Class Description

In this 8-hour Open Source Intelligence (OSINT) workshop, we will begin with a fundamental understanding of OSINT. We will also discuss the legal and ethical considerations of the collection and destruction of OSINT data. From here, we will discuss the offensive and defensive applications of OSINT information. In the next modules, we will discuss People OSINT and Business OSINT as they relate to offensive attacks. We will wrap up a 2-hour CTF.

Hour 1: Intro to Class

  • Course Flow
  • Expectations
  • Technical Set Up Period for those with issues
  • Operating system
  • Kali
  • Buscador
  • Linux
  • API Keys
  • Tools

Hour 2: Intro to OSINT

  • Introduction to Open Source Intelligence (OSINT)
  • Types of OSINT
  • Business OSINT
  • People OSINT
  • OSINT for Threat Intelligence
  • Source of OSINT
  • Ethical and Legal considerations
  • Specialized Operating Systems
  • Kali
  • Buscador
  • Collection Considerations
  • Securing the Data Collected

Hour 3: People OSINT

  • Collection Considerations
  • Scoping
  • Adversary Profile
  • What to collect?
  • Platforms
  • Social Media
  • Business Filings
  • Public Records
  • Email Addresses
  • Genealogy websites
  • Parsing the data for relevance

Hour 4: People OSINT Lab

  • Part 1 (15 min): Collect OSINT about you and your family
  • Part 2 (45 Min): Using assigned company, collect flags from the instructor on C-Suite of the company

Lunch

Hour 5: Business OSINT

  • Review and Free Question Period
  • Introduction to Business OSINT
  • Collection of Business OSINT
  • Target Website
  • Professional Associations
  • SEC filings and Bloomberg
  • Public Records
  • Social Media
  • Pivoting to/from the People OSINT

Hour 6: Business OSINT Lab

  • Part 1 (15 min): Collect OSINT on your business
  • Part 2 (45 min): Collect OSINT on the business assigned to you by the instructor

Hours 7-8: Team OSINT CTF
* In groups, obtain a new target (different than lab targets) and collect the flags from the instructor
* Gather Flags to win a prize (1st, 2nd, and 3rd place teams)

What You Will Learn

In this 8-hour class, you will learn:

  • The fundamental basics of OSINT
  • Define legal and ethical considerations for collecting and storing OSINT
  • Gain a comprehension of the process for collecting, analyzing, and storing OSINT
  • Gain knowledge of some of the main tools and resources used in OSINT gathering
  • Weaponizing OSINT
  • Applicability of OSINT, both offensively and defensively

Who Is This Class For?

This class is for anyone from an absolute beginner in OSINT and Missing person investigations all the way up to seasoned law enforcement and beyond.

Cost

This course is $85 and registration is handled by BSides Tampa

Registration (Includes The Offering Dates)

Register here.

Class Offerings

This class will be offered on Friday, February 28, 2020 at Embassy Suites – USF (3705 Spectrum Blvd, Tampa, Fl. 33612)

About Joe and The OSINTion

The OSINTion is an online and onsite Open Source Intelligence (OSINT) training provider based in the US. The Principal Instructor, Joe Gray, is a recognized expert in OSINT and other relevant topics in information security. Joe’s passionate and common sense approach to OSINT is easy to comprehend and natural for students to follow along. By day, Joe is a Senior OSINT Specialist with a firm in the US.

Competitively, Joe has placed in the following competitions involving OSINT:

  • 3rd place in the NOLACon OSINT CTF in 2018 (as a member of the Password Inspection Agency)
  • 3rd place in the NOLACon OSINT CTF in 2019 (as a member of the Password Inspection Agency)
  • 2nd place in the BSides Atlanta OSINT CTF in 2019 (as a member of the Password Inspection Agency)
  • 1st place in the DerbyCon Social Engineering Capture the Flag (SECTF) in 2017
  • 4th place in the DerbyCon OSINT CTF in 2019
  • 2nd place in the Hackfest (Quebec) Missing Persons CTF powered by TraceLabs in 2019 (as a member of the Password Inspection Agency)
  • 2nd place in the Hackfest (Quebec) Social Engineering Capture the Flag (SECTF) in 2019