In this 1 day Open Source Intelligence (OSINT) workshop, taught by a passionate social engineer and DerbyCon Black Badge recipient for the Social Engineering Capture the Flag with a proven OSINT track record, we will begin with a fundamental understanding of OSINT. We will also discuss the legal and ethical considerations of collection and destruction of OSINT data. From here, we will discuss the offensive and defensive applications of OSINT information. In the next modules, we will discuss “People OSINT” and “Business OSINT” as they relate to offensive attacks. We will wrap up with a discussion about defending against OSINT collection via data minimization, disinformation, and deceptive techniques.
As with all current courses at the OSINTion, there are no specific prerequisites. Students who have completed the Basic OSINT course may derive more value from the course.
While this course will discuss a couple of tools, there is no need for any virtual machines, API Keys, or tools before the course. Most of the practical portion of the course can be completed using a basic web browser.
What You Will Learn
In this 8-hour class, you will learn:
Hour 1: Intro to Class
- Course Flow
- Technical Set Up Period for those with issues | Operating system – Kali, Linux
- API Keys
Hour 2: Intro to OSINT
- Introduction to Open Source Intelligence (OSINT)
- Types of OSINT | Business OSINT | People OSINT | OSINT for Threat Intelligence
- Sources of OSINT
- Ethical and Legal considerations
- Specialized Operating Systems – Kali, CSI
- Collection Considerations
- Securing the Data Collected
Hour 3: People OSINT
- Collection Considerations | Scoping | Adversary Profile
- What to collect?
- Platforms | Social Media | Business Filings | Public Records | Email Addresses | Genealogy websites
- Parsing the data for relevance
Hour 4: People OSINT Lab
- Part 1 (15 minutes): Collect OSINT about you and your family
- Part 2 (45 Minutes): Using the assigned company, collect flags from the instructor on C-Suite of the company
Hour 5: Business OSINT
- Review and Free Question Period
- Introduction to Business OSINT
- Collection of Business OSINT | Target Website | Professional Associations | SEC filings and Bloomberg | Public Records | Social Media | Pivoting to/from the People OSINT
Hour 6: OSINT Tools
- What’s My Name
- Custom Tooling
Hours 7-8: Team OSINT CTF
- In groups, obtain a new target (different than lab targets) and collect the flags from the instructor
Who Is This Class For?
This class is for anyone from an absolute beginner in OSINT and Missing person investigations all the way up to seasoned law enforcement and beyond.
This course costs are:
- $300+fees+tax (Early bird – Prior to March 31)
- $450+fees+tax (Normal)
Registration is handled by WorkshopCon via Eventbrite.
This class will be offered on Friday, June 5, 2020 from 8:30 AM-5:30 PM remotely.
About Joe and The OSINTion
The OSINTion is an online and onsite Open Source Intelligence (OSINT) training provider based in the US. The Principal Instructor, Joe Gray, is a recognized expert in OSINT and other relevant topics in information security. Joe’s passionate and common sense approach to OSINT is easy to comprehend and natural for students to follow along. By day, Joe is a Senior OSINT Specialist with a firm in the US.
Competitively, Joe has placed in the following competitions involving OSINT:
- 3rd place in the NOLACon OSINT CTF in 2018 (as a member of the Password Inspection Agency)
- 3rd place in the NOLACon OSINT CTF in 2019 (as a member of the Password Inspection Agency)
- 2nd place in the BSides Atlanta OSINT CTF in 2019 (as a member of the Password Inspection Agency)
- 1st place in the DerbyCon Social Engineering Capture the Flag (SECTF) in 2017
- 4th place in the DerbyCon OSINT CTF in 2019
- 2nd place in the Hackfest (Quebec) Missing Persons CTF powered by TraceLabs in 2019 (as a member of the Password Inspection Agency)
- 2nd place in the Hackfest (Quebec) Social Engineering Capture the Flag (SECTF) in 2019
- 18th place in the TraceLabs Global Missing Persons CTF III (as a member of the Password Inspection Agency)
- 5th place in the TraceLabs Global Missing Persons CTF IV (as a member of the Password Inspection Agency)