Im heutigen Video möchte ich meine persönlichen Top 5 der Online OSINT Tools vorstellen. Dabei handelt es sich um die Webseiten, die ich in Penetrationstests am meisten verwende. Wer sich für automatisierte OSINT Programme interessiert, kann auch einen Blick auf unser Video von letzter Woche werfen. Darin habe ich das Programm SpiderFoot vorgestellt.

-= Links =-
www.googleguide.com/print/adv_op_ref.pdf
www.exploit-db.com/google-hacking-database
hunter.io/search
transparencyreport.google.com/https/certificates
crt.sh/?a=1
censys.io/certificates
www.shodan.io
wigle.net/
haveibeenpwned.com/

-= Newsletter =-
Abonniere unseren Newsletter für monatliche Updates zu Videos, Trainings, Blog Posts und mehr.
lastbreach.us12.list-manage.com/subscribe?u=f9e18dd06480686b1abb16f6d

Лекция «OSINT в расследовании киберинцидентов», @soxoj, DC7495 на конференции RuCTF 2019

Слайды: yadi.sk/i/kMuMGzMLgi69fw

Edited by Iwa: www.rozz.me

OSINT
www.bellingcat.com/news/uk-and-europe/2015/10/08/mh17-the-open-source-evidence/
www.armscontrolwonk.com/archive/4701/open-source-and-the-mh17-shootdown/

I started a merch store. Get cool products

The rise in targeted eCrime attacks was a major focus of CrowdStrikes 2020 Global Threat Report. The OverWatch threat hunting team has continued to see this trend in 2020 as criminal adversaries evolve to capitalize on targeted tactics, particularly with intent to deploy ransomware. This presentation covers how these intrusions occur and what you should look for in your threat hunting to uncover them. Discussion will include details on the commands the adversaries are actually running to exploit their victims.

Attendees will learn:

— More about the current eCrime ecosystem
— Targeted eCrime techniques recently observed in the wild
— How to use threat hunting to discover eCrime actors before they accomplish their objectives

Speaker Bios

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at Black Hat, multiple SANS Summits, Sp4rkcon, and many other events. Katie has also served as a co-chair of the SANS CTI Summit and FIRST CTI Symposium. She was the 2018 recipient of the Presidents Award from the Womens Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins

Karl Scheuerman

Karl is a Senior Strategic Intrusion Analyst on CrowdStrike’s OverWatch threat hunting team. Previously, he led threat intelligence programs for the Department of Energy. Karl began his career as an Air Force officer and he continues to serve in the Air National Guard as commander of a threat intelligence squadron. He holds multiple SANS certifications, a Bachelor of Science degree from the U.S. Air Force Academy, and a Master of Public Policy degree from the University of Maryland, College Park. You can follow him on Twitter at @KarlScheuerman.

Jason Wood

Jason is a Senior Researcher on CrowdStrike’s OverWatch threat hunting team. He has worked as a threat hunter, penetration tester, consultant, trainer, security engineer and systems administrator. Jason is involved in the security community through podcasting and speaking at conferences. You can find him every week on Security Weekly News and the InfoSec Career Podcast. Jason is also an instructor for SANS SEC504, Hacker Tools, Techniques, Exploits, and Incident Handling. He holds a bachelors degree in Computer Science and the GCIH certification.

FOR578 — Cyber Threat Intelligence has now been running as a course at SANS for a little over two years. In that time a lot has evolved including the field itself being extended through the SANS FOR578 authors and students. A major update has now taken place in the course to codify next skill sets and advancements, understanding in adversary behavioral tradecraft, and new exciting labs to push security to a new level. Come learn about the updates, why FOR578 should be a class you should take, and in general why Intelligence matters to you regardless of your security role.

For more information about the FOR578 course visit or to register for the course visit: sans.org/FOR578

For more information about GCTI Certification vsit: www.giac.org/u/wY7

Speaker Bio

Robert M. Lee

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcodes Influencers, awarded EnergySecs Cyber Security Professional of the Year (2015), and inducted into Forbes 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 — «ICS Active Defense and Incident Response» with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 — «Cyber Threat Intelligence» with its accompanying GIAC GCTI certification. He may be found on Twitter @RobertMLee

MIT 6.858 Computer Systems Security, Fall 2014
View the complete course: ocw.mit.edu/6-858F14
Instructor: Nickolai Zeldovich

In this lecture, Professor Zeldovich gives a brief overview of the class, summarizing class organization and the concept of threat models.

License: Creative Commons BY-NC-SA
More information at ocw.mit.edu/terms
More courses at ocw.mit.edu

In this project we will automate this process using Machine Learning. We will share how we can use ML for Custom Entity Extraction to automatically extract entities specific to the cyber security domain from unstructured text. We will also share how this system can be used to generate insights such as identify patterns of attacks an enterprise may have faced and much more.

By Bhavna Soman

Full Abstract

Everyone is moving to the cloud, specifically Microsoft Cloud. Microsoft expects to have 66 percent of its Office business customers in the cloud by 2019. Doing so makes sense: it’s easier than having on-premises mail servers, it (theoretically) reduces costs, and Microsoft Office 365 has one of the best security teams in the world. However, there is a downside, which is that it’s hard to protect what you can’t see or access. As of today, it is extremely difficult (or impossible, depending on your subscription level) to apply your externally created threat intelligence into Microsoft Office 365 detections. It is even more frustrating to try and search for known indicators on a platform that is not designed to help the security community.

This talk will describe methods and release open-source code to enhance your Office 365 security by analyzing email metadata, attachments, and even full content with tools like stoQ or LaikaBOSS and by looking at how to use that information to research and create actionable threat intelligence via platforms like Splunk.

Dave Herrald (@daveherrald), Staff Security Strategist, Splunk
Ryan Kovar (@meansec), Principal Security Strategist, Splunk

Продолжаем рассматривать инструменты операционной системы Buscador. Удачные и неудачные программы. Рассматриваем, как должны работать программы на самом деле.

Earn $$. Learn What You Need to Get Certified (90% Off): nulb.app/cwlshop

How to Run an OSINT Investigation on a Phone Number
Full Tutorial: bit.ly/PhoneOSINT
Subscribe to Null Byte: goo.gl/J6wEnH
Kodys Twitter: twitter.com/KodyKinzie

IMPORTANT (JUNE 6, 2019): The OSINT Tools by Mike Bazzel featured in this guide were taken down from his website due to increased DDoS-style attacks, as well as DMCAs and cease-and-desists from some of the tools included. Phoneinfoga will still work in this guide, but for the others, you can try using each companys individual tool instead. You can see how it used to work, however, in this video and on null-byte.com.

When running an OSINT investigation, a phone number can prove to be extremely useful in gathering information about a target. On this episode of Cyber Weapons Lab, well explore a couple tools you can use to extract information from a phone number. First, theres the command-line tool called Phoneinfoga, then theres the web app tool on the IntelTechniques website.

Follow Null Byte on:
Twitter: twitter.com/nullbytewht
Flipboard: flip.it/3.Gf_0
Weekly newsletter: eepurl.com/dE3Ovb