Keynote: From Breach to Bust: A short story of graphing and grey data

The OSINT and reconnaissance landscape is beginning to face some challenges. Current valuable sources such as open sourced lists are already facing offensive and malicious data poisoning.

In his Keynote, Andrew will talk about general OSINT/Recon tools: these typically involve single steps; from things like taking an email address to a social profile or looking up websites related to a domain. These are single order tools designed to focus on a single task and not seen in context of any other relationships you may already have. I will show how a combination of multiple orders and directed graphs can be used to gain insight into data sets that were not possible in the past.

The talk will then focus on the “OS” part of OSINT. I’ll go into whether breaches, forum dumps and compromised databases should be part of an investigator’s arsenal. These sources of information are usually in the grey area of obtainability and accessibility. I’ll talk about the level of availability of these as well as practical methods to interrogate such enormous data stores.

The talk will conclude with some future directions for the researchers and the OSINT community.

Speaker Profile

Andrew Macpherson @AndrewMohawk is the operations manager at Paterva. With a degree in Information Science and an uncanny knowledge of cat memes he successfully 0day’d at Paterva in 2007. With a decade of graphing, arguing and tea making he has proved to be a valuable asset at the company. Aside from Maltego’ing everything that looks like a nail he also has a keen interest in hardware and security.