OSINT for InfoSec: Red Team Recon, Threat Intel, & Attribution

Event Information

Share this event

Date and Time



University of North Carolina Charlotte

8845 Craver Road

Cone Building, Lucus Room

Charlotte, NC 28262

Friends Who Are Going
Event description


Charlotte ISSA Members can take this course for only $200! (Plus EB Fees). If you haven't already, you can register for membership here: https://www.charlotteissa.org/join/ . To get the discount, please enter your MEMBERSHIP EMAIL as your DISCOUNT/PROMO CODE. New members are synchronized with this registration system every 2 weeks; if you have any questions please reach out to board@charlotteissa.org

Course Description

OSINT is amazing and scary! What can be found on the internet astounds me on a daily basis.

Just getting started in the field? This class is perfect for you. Being good at computers is simply knowing how to find an answer on the internet. Learn how to craft better search queries and expertly find answers to strange problems.

But I’m an expert blue teamer, how will OSINT help me? Every blue team should be doing OSINT against their organization to know exactly what their attack surface looks like. It’s surprising just what systems you can find on the public internet or what kind of information your employees are leaking on social media.

Red teamer? Perfect. Use OSINT during your recon phase to find the extra boxes your target forgot about (seriously though, passwords.client.com...) for an easy way in. Perhaps you need to dive deep on an individual to craft the perfect social engineering pre-text.

The main goal of this class is for each student to walk away with a basic understanding of OSINT topics critical to any InfoSec Pro. At the end of two days, you will be able to come up with your own creative ways of using OSINT to hunt for and gather detailed information about a target.

Course Outline

Day 1: Introducing OSINT

Creating Your OSINT Research Environment
-Browser extensions
-Document everything

-Browser Leaks
-Persona Creation / Management

Automating OSINT Collection
-Alerting services
-Social Media
-Existing Automation Tools
-APIs / Scripting

Search Engines
-Multiple Search Engines
-Search operators
-Google customized search engines

Social Networks
-Other Social Networks

Telephone Numbers
-Reverse Lookups
-Mobile Numbers
-Mobile Emulation

All the Webs and Nets
-Dark / Deep / Dirty

Day 2: Let's Go Hunting

Threat Intelligence
-Open source IOC sources
-IOC Pivoting
-Hunting for Attribution (Russia, of course)

Hunting Domains / IPs
-DNS and Whois
-IP tools
-Web Spidering
-Advertising IDs

Hunting Companies
-General Company Info
-Employee Profiling
-Determining a Company's Online Footprint

Hunting People
-People Search Engines
-Email Addresses
-Image Searching
-Other Public Data

Class Requirements: Students will need to bring their own laptops with the following requirements:

  • VMWare Workstation/Fusion/Player or VirtualBox

  • Laptops need enough processing power and RAM (4GB of RAM recommended minimum) to run up to 2 virtual machines at the same time.

  • You must have admin rights on all of your systems in order to install/remove software, disable antivirus/firewall, etc.

Please be aware that VM installation instructions will be sent after registration.

About the Instructor: Justin has worked in cyber security for 13 years in various engineering, architecture, and research roles. His day job involves using OSINT techniques to hunt bad guys on the internet. He is currently the Galactic Viceroy of Clicking & Scrolling and occasionally has a global thought. He created and maintains the OSINT Framework (http://osintframework.com) to help others find good free OSINT resources and tools to aid their investigations.

If you have any questions about the class content, please reach out to the teacher on twitter @jnordine

If you have any questions about anything else, please reach out to board@charlotteissa.org or the Charlotte ISSA Education Director on twitter: @FrackMacker

Note from Organizer: As with all of our classes, we don't ever plan on it, but sometimes we need to cancel or reschedule classes; therefore, we reserve the right to cancel our classes for any reason. Please plan accordingly in terms of your reservations etc. (out of towners, listen up) - for example make hotel reservations that can be canceled without penalty, same for travel.

Fine print hint: If you're electing to pay $350, you're missing the point. We price the class higher than what it would (cost to join our chapter + tuition), and 100% of that discounted price goes directly to the instructor. Joining will allow you to get similar discounts on other classes or in some cases FREE admittance to some of our classes. Really, we're not trying to make money here, but we will accept it; it'll help pay for the coffee and breakfast <: If you're already a member of another ISSA chapter, it's only like $30 to add us on as an additional chapter. In case you didn't know, many employers will reimburse you for "Professional Memberships" - they usually have some special finance bucket for that and it's not a big deal at all. Check with your employer to be sure - maybe they'll reimburse you and you can enjoy our many benefits.

- Josha @FrackMacker

Share with friends

Date and Time


University of North Carolina Charlotte

8845 Craver Road

Cone Building, Lucus Room

Charlotte, NC 28262

Save This Event

Event Saved