OSINT can be ones worst enemy or best friend, depending on what angle the person is looking at it from. This introduction level workshop will start out discussing the basis of OSINT then transition into applicable use case scenarios. Once we have a sound foundation in OSINT, we’ll start to work on some collection considerations and techniques.
In terms of tools used in this presentation, the list is somewhat fluid based upon the advancement of other tools, social media platforms, or other variables. Tools intended to be highlighted are: OSINTFramework.com, Inteltechniques.com, Buscador Linux, Recon-ng, Datasploit, APIs (Twitter and possibly Facebook; maybe others), haveibeenpwned. Cree.py, whois, persona generator, and others.
Depending on your position, this talk with either arm you with the right tools to build better OSINT engagements, whether for phishing or other investigations or educate you on steps you can take to better secure yourself.
Detailed talk outline : Hour 1
What is Open Source Intelligence (OSINT)?
Outlets/Sources Starts by giving definition of OSINT and introduces Michael Bazzell. This moves on into places to gather and discusses software like Datasploit and Recon-ng (demonstrated later) as sources per se.
Methods This discusses things on the internet: job boards, forums, Google, Intel Techniques and OSINT Framework (demonstrated later) as well as other outlets. From here we discuss automation in terms of tools, prextexting, and search parameters.
Aims and goals Simply put, is to gather as much information about our target as we can. I talk about timing for the purpose of explanation. We look at some examples of easy wins and start the integration.
Basis of OSINT
Info sources This discusses the similarities in the information gathering.
Uses of collected data (generalization) Here, I talk about making the OSINT actionable via contact with the target and having better context. Other goodies to be discovered is also discussed.
That first tidbit of data I explain that most OSINT starts with something minor: a name, phone number, email address, user name, physical address, meta data. I talk about “harmless surveys”
Unwinding the web From here, I show what comes next with the tidbit and the snowball effect. I talk about the correlation of information and the ease in building a profile on you.
Rinse and Repeat Several rounds may be required. You may find something interesting towards the end that causes you to look at everything again from a different angle.
Integrations to/from OSINT
Applying the OSINT for SE Attacks
Dr. Cialdini’s 6 Principles of Persuasion I reiterate the 6 principles and provide more in-depth analysis of the application of them based on collected OSINT. The next step is applying the principles to each type of attack:
Pretexting and impersonation
knowledge. This is not placing the burden on them, but empowering them to contribute from the trenches.
Using tools like OnionScan to pinpoint correlations in onion sites to regular sites to identify the sources of malware
Use by Law Enforcement or other entities to find information about a target
Marketing and Sales
How these entities leverage OSINT data to better market and sell to you
Show how to dig for more tidbits This will include using OSINTFramework more thoroughly than in the talk. I will demonstrate some of the capabilities in searching for user names, reverse phone searches, address searching, and Social Media mapping for sentiment.
OSINT on a car back windshield
Show how to do more mass scanning for various data using the IntelTechniques Tools This will include using IntelTechniques more thoroughly than in the talk. I will demonstrate some of the capabilities in searching for user names, reverse image searches, reverse video searches, YouTube, Pastebins, Satellite Views, and Social Traffic.
I will discuss Michael Bazzell’s books, blog, and podcast as a reference point.
Protecting the data
Demo of tools
Venue for DEF CON 27:
Talks: Celebrity 5
InfoBooth and CTF: Contest Area
Got a question?
DM @reconvillage or Drop an email to firstname.lastname@example.org