How to Become One of Them: Deep Cover Operations in Cybercriminal Communities

HUMINT is one of the most powerful, yet least understood tools in cyber threat intelligence. This talk will walk through the full lifecycle of a deep cover HUMINT operation-from identifying high-value sources, to crafting believable personas, navigating forum dynamics, and extracting intelligence through direct engagement with threat actors. We’ll explore how these operations provide early warning of attacks, insights into actor motivations, and access to tools before they’re deployed. But going undercover isn’t without risk. We’ll cover the technical and psychological challenges, OPSEC fundamentals, and ethical dilemmas that define this high-stakes work. Attendees will learn how to map underground communities, build credibility, and collect actionable intelligence without blowing cover. With real-world examples and field-tested strategies, this session offers a rare look inside the human side of CTI-where trust, deception, and tradecraft matter more than tooling. For anyone serious about adversary engagement, this is where the automation ends-and infiltration begins.