People as the Payload: OSINT Tactics for Identity Tracing, Social Graphing, and Executive Recon

In today’s threat landscape, people are often the weakest link-and attackers are aware of it. From phishing and impersonation to executive targeting and account compromise, adversaries increasingly use open-source intelligence (OSINT) to build detailed profiles of individuals long before launching an attack.

This session dives into the evolving art of people-focused reconnaissance, demonstrating how seemingly harmless public data can be weaponized into precise social engineering campaigns, identity spoofing, and credential pivoting.

We’ll cover:

Identity tracing techniques using breach data, professional directories, dark web leaks, and forgotten digital breadcrumbs

Building detailed social graphs across platforms like LinkedIn, GitHub, Twitter/X, Facebook, and academic/industry conference rosters

Tools and techniques to identify executive targets, their digital habits, exposed credentials, and behavioral patterns

Mapping corporate org structures and vendor relationships through public filings, social posts, and collaboration tools

How to uncover personal infrastructure (GitHub repos, sandbox environments, demo servers) tied to specific developers or architects

Cross-referencing usernames, email handles, avatars, and metadata to track digital identities across platforms

Using automation to generate identity maps and behavioral timelines using OSINT scripts and browser automation frameworks

You’ll also learn how attackers combine this recon with voice deepfakes, domain typosquatting, and AI-generated emails to execute convincing social engineering attacks-especially against high-value individuals.

While this session is grounded in offensive techniques, it’s highly actionable for blue teams, threat intel analysts, and enterprise security leaders. We’ll walk through real-world case studies where simple recon led to large-scale breaches, compromised business email accounts, and insider attacks.

Takeaways will include:

A checklist for assessing your organization’s exposed human attack surface

Tools and workflows to replicate attacker tactics in your threat modeling and phishing simulations

Guidance on proactive identity protection and executive exposure management

Strategies to anonymize or reduce OSINT footprint without undermining productivity

In an era where people are increasingly the payload-not just the target-understanding how digital identities are discovered, mapped, and exploited is critical to building a truly defensible organization.