Talks

8 minute read

We are pleased to announce the list of selected talks for Recon Village.

Keynote: It’s Going To Get Worse Before It Gets Better - The Future of Recon Data Mining

by @tactical_intel

The OSINT and reconnaissance landscape is beginning to face some challenges. Current valuable sources such as open sourced lists are already facing offensive and malicious data poisoning. Privacy laws are creating barriers in many areas, and as court rulings are levying increasing fines for playing fast and loose with user data privacy. Social media companies are starting to realize that they actually need to start making profits, and are restricting their data.

Sites are aggressively combating web crawling, services like TOR and VPN face uncertain futures, the list of potential hurdles to the future of OSINT and recon seems grim. But fear not. There is still hope - and plenty of it. This presentation will discuss both the challenges and changes to both offensive and defensive reconnaissance that the presenter believes we will see in the future, and strategies that will help mitigate or enhance these changes.

More Details..

An Introduction to Graph Theory for OSINT

by @andrewsmhay

Talk Category: Comprehensive

This session aims to gently introduce graph theory and the applied use of graphs for people who, like the speaker, consider themselves lacking the often perceived advanced math, science, and computer programming knowledge needed to harness their power.

The session will include live attendee interaction to help explain the general concepts of graph theory in a safe and inclusive way that should help solidify basic knowledge…

More Details..

Attack Surface Discovery with Intrigue

by @jcran

Talk Category: Live Demo

What’s more fun than discovering vulnerable and attack-worthy systems on the internet? Come join us for live demos!

Intrigue is a powerful and extensible open source engine for discovering attack surface. It helps security researchers, penetration testers, bug bounty hunters, and defenders to discover assets and their vulnerabilities…

More Details..

Building Google For Criminal Enterprises

by @DotNetRussell

Talk Category: Live Demo

I was able to create a proof of concept application that scrubs a recreation of the Ohio Voter Database, which includes first name, last name, date of birth, home address, and link each entry confidently to its real owners Facebook page. By doing this I have created a method by which you can use the Voter Database to seed you with name address and DOB, and Facebook to hydrate that information with personal information.

My application was able to positively link a voter record to a Facebook account approximately 45% of the time…

More Details..

Do Tinder Bots Dream of Electric Toys? How Tinder Bots are breaking hearts all over the world, and trashing Tinder’s reputation while they’re at it.

by @inbarraz

Talk Category: Comprehensive

Tinder. The Final Frontier. Pick gorgeous (or not so gorgeous) members of your desired sex with the tip of your finger, at the comfort of your sofa, your bed, and let’s admit it - your toilet seat.

Research shows that there are 50 million active users on Tinder, who check their accounts 11 times per day and spend an average of 90 minutes per day on the app. Even celebrities, it seems…

More Details..

Domain discovery, expanding your scope like a boss

by @Jhaddix

Talk Category: Comprehensive

Whether you do wide scope pentesting or bounty hunting, domain discovery is the 1st method of expanding your scope. Join Jason as he walks you through his tool chain for discovery including; subdomain scraping, bruteforce, ASN discovery, permutation scanning, automation, and more…

More Details..

FERPA: Only Your Grades Are Safe; OSINT In Higher Education

by @Sweet_Grrl

Talk Category: Comprehensive

Institutions of higher education are supposed to be somewhere that students go, earn a degree, and leave, all while their data is safe. Or is it? In this talk, I discuss the gaping security holes left by FERPA (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) with regard to student data.

Almost all student data, with the exception of grades and select demographics picked by each institution, are commonly listed as directory information that is available to anyone who asks. Add to this most institutions of higher education commonly practice automatic “opt-in” for Directory Information and require students to specifically request that their information be withheld. This leads to an OSINT opportunity ripe for abuse…

More Details..

How to obtain 100 Facebooks accounts per day through internet searches

by @bym0m0

Talk Category: Lightening

Back in 2016, it was very new the way how the Facebook mobile application implements content through ““Instant articles””. A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on.

In this talk, we will share how this Instant articles, and the way the were shared, lead us to the possibility to access Facebook accounts and how through internet searches this became a huge problem! We’ll discuss how we identify the issue and how it was tested, reported, fixed, rewarded and also we talk about a new vector attack for further research…

More Details..

Into the Bird’s Nest: A Comprehensive Look at Twitter as a Research Tool

by @InfoSecSherpa

Talk Category: Comprehensive

With 313 million active users and approximately 500 million Tweets sent per day, Twitter has plenty of low-hanging fruit ripe for OSINT picking. Learn from an experienced information professional how to craft advanced searches to retrieve data from this popular social media platform.

Understand the search commands that Twitter uses, tips and techniques for extracting data, examine some of the lesser-known features of Twitter, and get a glimpse of some of the resources that work in conjunction with Twitter to help you better organize all the information you will retrieve…

More Details..

OSINT Tactics on Source Code & Developers

by @simonroses

Talk Category: Comprehensive

This practical talk is about using OSINT techniques and tools to obtain intelligence from source code. By analyzing the source code, we will profile developers in social networks to see what social networks they use, what they are saying, who they follow, what they like and much more data about them.

We will use well-known tools and custom Python scripts to automatize the parsing of source code, analyzing comments for behavior and sentiments, searching for OSINT patterns in code and fingerprinting developers in social networks, among other things. The collected data will be plotted in different visualizations to make the understanding of information easier…

More Details..

Recon and bug bounties - What a great love story!

by @abhijeth

Talk Category: Live Demo

Recon is an important phase in Penetration Testing. But wait, not everyone does that because everyone’s busy filling forms with values. Effective recon can often give you access to assets/boxes that are less commonly found by regular penetration testers.

In this talk, the speaker will demonstrate few effective techniques using which researchers/pen testers can do better information gathering. The speaker would also share many stories which allowed him to earn some bounties using these recon techniques. This techniques might also be useful to red teams/incident response teams to identify rogue devices in their organisation which are often missed out during normal penetration testing…

More Details..

Skip tracing for fun and profit

by @greenhagen

Talk Category: Comprehensive

This talk covers skip tracing TTPs and countermeasures in the digital and human domains. The audience will be guided through two real world examples of how a regular citizen can use open source tools, exploits, and social engineering to assist law enforcement and profit.

Some examples include phishing websites tailored to a fugitive’s resume, geolocating a target through video game clients, and using social media meta-data to build pattern-of-life. As the audience is moved through the process step by step, online and offline countermeasure such as USPS forwarding, false resume writing, and secure communications will also be covered…

More Details..

Total Recoll: Conducting Investigations without Missing a Thing

by @jerkota

Talk Category: Lightening

Recoll is a free and open source desktop tool which allows you to search through any arbitrary documents - but it can do more. By using the Recoll web indexer, you can automatically save a copy of any web sites you visit, and search them as well. This combination makes Recoll a great “capture and search” tool for investigators.

This talk will demonstrate what Recoll can do for you using two case studies - searching through a trove of leaked NSA documents and conducting an OSINT investigation online…

More Details..

Using DFIR Orchestration and Automation Tools and Playbooks For OSINT and Recon

by @physchosis

Talk Category: Live Demo

Everyone has probably heard about orchestration and automation tools in DFIR but what if we took the same concepts from DFIR and apply that to OSINT? In this talk we will discuss how to use DFIR tools and concepts for reconnaissance, investigations, and OSINT data gathering. We will work through an automated playbook to gather evidence on things like domains, organizations and people, then discuss using integrations like Intrigue.io, Pipl, DataSploit, and more all in parallel and finally wrapping up by storing the evidence, contacting, liberating and helping others by responding with the evidence, or simply just having some fun…

More Details..

Using phonetic algorithms to increase your search space and detect misspellings.

by @alexk307

Talk Category: Lightening

In this talk I will give a brief introduction to phonetic algorithms and how they can apply to gathering recon and searching through social media data. I will then demonstrate applying these techniques to a US Census dataset, and generate a searchable dataset capable of suggesting alternative spellings and pronunciations of names…

More Details..

Updated: