Layer8 Conference 2020 (Powered by WorkshopCon)

Layer8 Conference

WorkshopCon

Class Description

In this 1 day Open Source Intelligence (OSINT) workshop, taught by a passionate social engineer and DerbyCon Black Badge recipient for the Social Engineering Capture the Flag with a proven OSINT track record, we will begin with a fundamental understanding of OSINT. We will also discuss the legal and ethical considerations of collection and destruction of OSINT data. From here, we will discuss the offensive and defensive applications of OSINT information. In the next modules, we will discuss “People OSINT” and “Business OSINT” as they relate to offensive attacks. We will wrap up with a discussion about defending against OSINT collection via data minimization, disinformation, and deceptive techniques.

Prerequisites

As with all current courses at the OSINTion, there are no specific prerequisites. Students who have completed the Basic OSINT course may derive more value from the course.

While this course will discuss a couple of tools, there is no need for any virtual machines, API Keys, or tools before the course. Most of the practical portion of the course can be completed using a basic web browser.

What You Will Learn

In this 8-hour class, you will learn:

Hour 1: Intro to Class

  • Course Flow
  • Expectations
  • Technical Set Up Period for those with issues | Operating system – Kali, Linux
  • API Keys
  • Tools

Hour 2: Intro to OSINT

  • Introduction to Open Source Intelligence (OSINT)
  • Types of OSINT | Business OSINT | People OSINT | OSINT for Threat Intelligence
  • Sources of OSINT
  • Ethical and Legal considerations
  • Specialized Operating Systems – Kali, CSI
  • Collection Considerations
  • Securing the Data Collected

Hour 3: People OSINT

  • Collection Considerations | Scoping | Adversary Profile
  • What to collect?
  • Platforms | Social Media | Business Filings | Public Records | Email Addresses | Genealogy websites
  • Parsing the data for relevance

Hour 4: People OSINT Lab

  • Part 1 (15 minutes): Collect OSINT about you and your family
  • Part 2 (45 Minutes): Using the assigned company, collect flags from the instructor on C-Suite of the company

Lunch

Hour 5: Business OSINT

  • Review and Free Question Period
  • Introduction to Business OSINT
  • Collection of Business OSINT | Target Website | Professional Associations | SEC filings and Bloomberg | Public Records | Social Media | Pivoting to/from the People OSINT

Hour 6: OSINT Tools

  • Datasploit
  • Recon-ng
  • Spiderfoot
  • What’s My Name
  • Custom Tooling

Hours 7-8: Team OSINT CTF

  • In groups, obtain a new target (different than lab targets) and collect the flags from the instructor

Who Is This Class For?

This class is for anyone from an absolute beginner in OSINT and Missing person investigations all the way up to seasoned law enforcement and beyond.

Cost

This course costs are:

  • $300+fees+tax (Early bird – Prior to March 31)
  • $450+fees+tax (Normal)
  • $550+fees+tax(Late)

Registration is handled by WorkshopCon via Eventbrite.

Registration

Register here.

Class Offerings

This class will be offered on Friday, June 5, 2020 from 8:30 AM-5:30 PM remotely.

About Joe and The OSINTion

The OSINTion is an online and onsite Open Source Intelligence (OSINT) training provider based in the US. The Principal Instructor, Joe Gray, is a recognized expert in OSINT and other relevant topics in information security. Joe’s passionate and common sense approach to OSINT is easy to comprehend and natural for students to follow along. By day, Joe is a Senior OSINT Specialist with a firm in the US.

Competitively, Joe has placed in the following competitions involving OSINT:

  • 3rd place in the NOLACon OSINT CTF in 2018 (as a member of the Password Inspection Agency)
  • 3rd place in the NOLACon OSINT CTF in 2019 (as a member of the Password Inspection Agency)
  • 2nd place in the BSides Atlanta OSINT CTF in 2019 (as a member of the Password Inspection Agency)
  • 1st place in the DerbyCon Social Engineering Capture the Flag (SECTF) in 2017
  • 4th place in the DerbyCon OSINT CTF in 2019
  • 2nd place in the Hackfest (Quebec) Missing Persons CTF powered by TraceLabs in 2019 (as a member of the Password Inspection Agency)
  • 2nd place in the Hackfest (Quebec) Social Engineering Capture the Flag (SECTF) in 2019
  • 18th place in the TraceLabs Global Missing Persons CTF III (as a member of the Password Inspection Agency)
  • 5th place in the TraceLabs Global Missing Persons CTF IV (as a member of the Password Inspection Agency)