Hands-on OSINT Crash Course for Hackers

Presented at BSidesLV 2017, July 25, 2017, 8 a.m. (595 minutes)

Open source intelligence gathering (OSINT) is an important part of the reconnaissance phase of a penetration test. The more connected we are, the more information about people and assets is held by seemingly everything. This information can be juicy for both penetration testers and malicious threat actors. Learning what sources of information is available to start an engagement is a crucial step in completing a thorough but effective exploration. Risks associated with leveraging, misusing or selling discovered material is all too real. Especially considering 2017 US Senate investigations regarding foreign influence. All tools and techniques can be further advanced, ninjafied with Python, Ruby or PowerShell. The target audience is the curious, beginning to seasoned penetration testers and those who wish to start their own OSINT journey. Attendees will have full access to an open source workbook used during the workshop. All tools and documentation are open source and/or Creative Commons. The workshop is a hands-on learning journey, using interesting and fun targets to stimulate. Testers can spend more than half their time performing recon, learn how to minimize time and effort. Learn about tools of the trade, APIs, metadata and more. Lastly, how to communicate good OSINT for client reporting utilizing time relevance, accurate data and target appetite.




Similar Presentations: