Recon Village Workshops @ DEFCON 32

Join us at Recon Village for an in-depth workshop on the OWASP Amass Project, a powerful open-source tool used for network mapping, attack surface analysis, and asset discovery. This workshop will delve into the exciting advancements in data collection capabilities within Amass, demonstrating how these enhancements have taken the project from a humble subdomain enumeration tool to an OSINT collection system. Participants will gain hands-on experience with new features, learn best practices for leveraging Amass, and explore the broader dataset of findings and associated assets. Whether you are a seasoned security professional or new to network reconnaissance, this session will provide valuable insights and practical skills to elevate your reconnaissance game. Workshop Outline Introduction (15 minutes) - Welcome and speaker introductions - Overview of OWASP Amass - Brief history and evolution - Core functionalities and typical use cases - Workshop objectives and agenda Understanding Amass's Data Collection Capabilities (15 minutes) - Current data sources utilized by Amass - Public data sources - OSINT (Open Source Intelligence) integration - Third-party APIs - Introduction to new data collection features - Enhanced API integrations - Proprietary data sources Hands-On with New Data Collection Features (30 minutes) - Setting up Amass for expanded data collection - Installation and configuration - API key management and integration - Practical demonstration - Running Amass with new data sources - Interpreting results - Case study: Real-world scenarios and outcomes Analyzing and Utilizing Recon Data (30 minutes) - Attack surface mapping is more than internet infrastructure - Introduction to the Open Asset Model (OAM) - Collecting email addresses with Amass - OAM types to be supported by the project - The Future of Mapping attack surfaces Q&A Session (20 minutes) Conclusion (10 minutes) - Recap of key takeaways - Additional resources and further learning - Closing remarks and feedback session --- Preparation Requirements:** - Participants are encouraged to bring laptops with pre-installed OWASP Amass. - API keys for various data sources (details to be provided prior to the workshop). Target Audience:** - Security researchers and professionals - Penetration testers - Network administrators - Anyone interested in improving their reconnaissance skills and knowledge This workshop promises to be an engaging and educational experience, equipping attendees with the latest techniques and tools to enhance their security reconnaissance capabilities using OWASP Amass.

This workshop aims to describe how to use Maltego CE with the common available transform sets. Additionally we will teach you how to extend the tool by integrating external datasources and OSINT tools thanks to the open-source maltego-trx library. Outline: - Overview - Datasources - Investigation basics - Creating your own entities - Building your own transforms - Demo - Lab: - Connecting an OSINT tool (holehe, whatsmyname…) - Q&A Prerequisites - Maltego Community Edition (requires Maltego ID registration for activation) - Python + pip - Maltego-trx library - Optional: your favourite IDE (VSCode, Pycharm…)

Join us for an immersive workshop designed for beginners and professionals looking to enhance their Open Source Intelligence (OSINT) skills. This workshop provides a technical guide to uncovering hidden connections and expanding investigative horizons using advanced OSINT techniques and tools. Participants will gain hands-on experience with leading OSINT tools, learn how to identify pivotal data points, and practice real-world pivoting strategies through interactive exercises and case studies. This workshop is ideal for those seeking to refine their investigative methodologies and leverage cutting-edge OSINT practices for more effective and efficient investigations. Topics: - OSINT Introduction and Walkthrough - Common tools and platforms - Data Sources - Understanding Pivoting - Identifying Pivot Points - Techniques and Tools - Data Correlation - Automation and Scripting - Case Study - Integrating OSINT with other Intel - Ethical and Legal Considerations Skill Level: Beginner to Intermediate