OSINT for InfoSec: Red Team Recon, Threat Intel, & Attribution
Event Information
Description
A few updates
Parking:
Feel free to park anywhere that visitors are allowed, however the closest parking will be at the Cone Parking Decks 1 & 2 next to cone university center:
Room:
We'll be in the lucus room on the third floor
We've Updated the Class Requirements - See Below
----------------------------------------------------------
Charlotte ISSA Members can take this course for only $200! (Plus EB Fees). If you haven't already, you can register for membership here: https://www.charlotteissa.org/join/ . To get the discount, please enter your MEMBERSHIP EMAIL as your DISCOUNT/PROMO CODE. New members are synchronized with this registration system every 2 weeks; if you have any questions please reach out to board@charlotteissa.org
Course Description
OSINT is amazing and scary! What can be found on the internet astounds me on a daily basis.
Just getting started in the field? This class is perfect for you. Being good at computers is simply knowing how to find an answer on the internet. Learn how to craft better search queries and expertly find answers to strange problems.
But I’m an expert blue teamer, how will OSINT help me? Every blue team should be doing OSINT against their organization to know exactly what their attack surface looks like. It’s surprising just what systems you can find on the public internet or what kind of information your employees are leaking on social media.
Red teamer? Perfect. Use OSINT during your recon phase to find the extra boxes your target forgot about (seriously though, passwords.client.com...) for an easy way in. Perhaps you need to dive deep on an individual to craft the perfect social engineering pre-text.
The main goal of this class is for each student to walk away with a basic understanding of OSINT topics critical to any InfoSec Pro. At the end of two days, you will be able to come up with your own creative ways of using OSINT to hunt for and gather detailed information about a target.
Course Outline
Day 1: Introducing OSINT
Creating Your OSINT Research Environment
-VMs
-Browsers
-Browser extensions
-Tools
-VPNs
-Document everything
OpSec
-VPNs
-Browser Leaks
-LinkedIn
-Persona Creation / Management
Automating OSINT Collection
-Keywords
-Alerting services
-Social Media
-Existing Automation Tools
-APIs / Scripting
Search Engines
-Multiple Search Engines
-Search operators
-Google customized search engines
Social Networks
-Facebook
-Twitter
-LinkedIn
-Instagram
-Other Social Networks
Telephone Numbers
-Reverse Lookups
-VOIP
-Mobile Numbers
-Mobile Emulation
All the Webs and Nets
-Dark / Deep / Dirty
-Tor
-I2P
Day 2: Let's Go Hunting
Threat Intelligence
-Open source IOC sources
-IOC Pivoting
-Hunting for Attribution (Russia, of course)
Hunting Domains / IPs
-DNS and Whois
-IP tools
-Reputation
-Subdomains
-Web Spidering
-Advertising IDs
-Certificates
-Metadata
Hunting Companies
-General Company Info
-Employee Profiling
-Determining a Company's Online Footprint
Hunting People
-Usernames
-People Search Engines
-Email Addresses
-Image Searching
-Property
-Other Public Data
Updated Class Requirements:
No virtual machine will be provided prior to the start of the class. The only requirement to be able to fully participate in the class will be a laptop with a web browser. Admin rights and making sure that you don't have any client-side web filtering (AV and other client security products do web filtering sometimes – please check your own configuration and make sure you can disable it if present).
I would still highly recommend bringing a laptop that is capable of running virtual machines. We will be covering research tradecraft recommendations deeper in the course itself and I recommend doing all of your OSINT research from inside a VM. You are welcome to use whatever VMs you have available or what you are most comfortable with. No specific tool installations will be required for the labs.
About the Instructor: Justin has worked in cyber security for 13 years in various engineering, architecture, and research roles. His day job involves using OSINT techniques to hunt bad guys on the internet. He is currently the Galactic Viceroy of Clicking & Scrolling and occasionally has a global thought. He created and maintains the OSINT Framework (http://osintframework.com) to help others find good free OSINT resources and tools to aid their investigations.
If you have any questions about the class content, please reach out to the teacher on twitter @jnordine
If you have any questions about anything else, please reach out to board@charlotteissa.org or the Charlotte ISSA Education Director on twitter: @FrackMacker
Note from Organizer: As with all of our classes, we don't ever plan on it, but sometimes we need to cancel or reschedule classes; therefore, we reserve the right to cancel our classes for any reason. Please plan accordingly in terms of your reservations etc. (out of towners, listen up) - for example make hotel reservations that can be canceled without penalty, same for travel.
Fine print hint: If you're electing to pay $350, you're missing the point. We price the class higher than what it would (cost to join our chapter + tuition), and 100% of that discounted price goes directly to the instructor. Joining will allow you to get similar discounts on other classes or in some cases FREE admittance to some of our classes. Really, we're not trying to make money here, but we will accept it; it'll help pay for the coffee and breakfast <: If you're already a member of another ISSA chapter, it's only like $30 to add us on as an additional chapter. In case you didn't know, many employers will reimburse you for "Professional Memberships" - they usually have some special finance bucket for that and it's not a big deal at all. Check with your employer to be sure - maybe they'll reimburse you and you can enjoy our many benefits.
- Josha @FrackMacker
