Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subjects computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And «normal people» shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet. While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data. Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the «whois» system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools. Come join Micah as he examines how to move beyond «Googling it» in your personal and professional lives.
Speaker Bio
Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.
Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micahs SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and hes been a SANS Certified Instructor since 2013. Hes the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.
From Wild West Hackin Fest 2018 in Deadwood, SD.
Presenter: April C. Wright
April C. Wright is a hacker, writer, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about personal privacy and information security with the goal of safeguarding the digital components we rely on every day. A security specialist for a Fortune 15 company and an OReilly author, April has held roles on offensive, defensive, operational, and development teams throughout her career, and been a speaker and contributor at numerous security conferences including BlackHat, DEF CON, DerbyCon, Hack in Paris, DefCamp, ITWeb, as well as for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017 she co-founded the Boston DEF CON Group DC617.
Aaron Jones presented «Introduction To Shodan» at the Phoenix Linux Users Groups security meeting on July 19th 2018
Introduction To Shodan is designed to provide an overview of the search engine for finding devices connected to the internet. Shodan is a security researcher tool that works by scanning the entire internet, locating and parsing banners, and then returning this information to the user. Shodan is an excellent tool to familiarize yourself with if you do not have the infrastructure or tools necessary to run masscan yourself. Shodan is useful in the target selection phase of an operation.
About Aaron:
Aaron is an experienced Linux user with several years of teaching experience. He works in the industry as a software developer while also providing consultancy on cyber security related topics. His discussions are AZ Post certified for training credit for law enforcement and he prides himself on providing quality educational material that is relevant and topical. He has a Masters Degree in Intelligence Analysis with a focus in Cyber Security, is a life long learner, and prides himself on staying up to date with the ever changing field of cyber security.
If you like what you see here and live in the Phoenix, Arizona area, the Phoenix Linux Users Group meets several times a month. Please visit PhxLinux.org for meeting times and locations then come see the presentations live and uncut.
Presentation at Pasadena City College on Maltego. This week focuses on OSINT and conducting an investigation with advanced tools. We learn the importance of framing an investigation and walk beginners through the steps of a sample investigation.
Presentation at Pasadena City College on Maltego. This week focuses on OSINT and conducting an investigation with advanced tools. We learn the importance of framing an investigation and walk beginners through the steps of a sample investigation.
Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subjects computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And «normal people» shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet.
While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data.
Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the «whois» system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools.
Come join Micah as he examines how to move beyond «Googling it» in your personal and professional lives.
Speaker Bio
Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.
Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micahs SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and hes been a SANS Certified Instructor since 2013. Hes the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.
There’s a lot of talk about data breaches but not much is discussed about where the data ends up and how it can be used for good. In this low-key talk, we’ll discuss where breach data ends up, how you can find copies of it, and most importantly, how you can use it to further your security goals. We’ll discuss how it can benefit blue teams/threat intel shops, pen testers, OSINT researchers and even DFIR practitioners.
Matt Edmondson @matt0177, Certified Instructor, SANS Institute
OSINT is an essential tool for any investigator or ethical hacker. Today, well start with only a photo of an unknown subject, and string together OSINT tools to locate them on a US sanctions list.
Sign up for our e-mail alerts to stay updated when we go live