Getting started with OSINT

Presented at Kernelcon 2020 Virtual, March 28, 2020, 12:30 p.m. (60 minutes)

The first step of a Penetration Test is often called Reconnaissance, Information Gathering or OSINT. During this step, Penetration Testers attempt to gather as much information as they can about a target environment by using publicly available information. Unfortunately, this step may be ignored or not completed thoroughly. This is intended to be a 101-level presentation in which we discuss how an attacker may conduct reconnaissance against a target, and what specific information they might be interested in gathering. We will cover specific tools including theHarvester, Shodan, Recon-ng and more. This presentation is intended to give Security Professionals and Administrators an understanding of how attackers conduct information gathering against environments. Audience members will see specific examples of tools and techniques that they can apply to their own environments. We will not cover any new or novel techniques, but my goal is to provide the audience with the knowledge to gather meaningful information quickly.

Presenters:

• Jamie Maguire - High Point Networks
  Jamie Maguire is a Senior Security Engineer at High Point Networks where he focuses on Penetration Testing and Vulnerability Assessment services. Over the past nine years Jamie has held various roles in IT and Security including: Helpdesk Support, Network Administration and Vulnerability Management. To unplug from technology, Jamie enjoys spending time with his dog Frank and reading. Jamie just finished Click Here to Kill Everybody.

Links:

• https://www.youtube.com/watch?v=QgHcvb6D3So
• https://2020.kernelcon.org/cfp/K2020_jmaguire.pdf

Similar Presentations:

• DerbyCon 2.0 Reunion (2012) / DNS Reconnaissance
• ToorCon San Diego 19 (2017) / From 90′s to 20′s | Espionage to Intelligence - Birth Of OSINT
• BSidesLV 2017 / Hands-on OSINT Crash Course for Hackers