OCTOBER 10, 2020 – Closing out conINT 2020 is none other than acclaimed nerdcore artist YTCracker. A former “cracker” turned rapper, MC and DJ, YTCracker is considered by many to be one of the originators of nerdcore. Outside of music, YTCracker is a respected information security professional, serving in roles ranging from advisor to CISO. YTCracker’s performance will start immediately following the conclusion of conINT 2020’s closing keynote.
TALKS & WORKSHOPS
Whether you are an enthusiast looking to break in to the industry, or a seasoned law enforcement investigator, day 1 is an opportunity hone your existing skills, and learn new ones, in intelligence acquisition and analysis, investigations, and more with a full day of presentations and hands-on technical workshops hosted by The Many Hats Club.
EVERY 40 SECONDS…
a child disappears or is abducted. conINT is a fundraising event, with all proceeds going to the National Child Protection Task Force (NCPTF) and Trace Labs. Your support will help enable both organizations to continue to expand and provide vital support to law enforcement agencies around the world.
SEARCH PARTY CTF
Day 2 of conINT 2020 gives attendees an opportunity to directly apply their newly learned skills to assist international law enforcement agencies locate missing persons, from real cases, using OSINT techniques during the full day Trace Labs OSINT Search Party Capture The Flag (CTF).
FEATURED SPEAKERS FOR conINT 2020
Every 40 Seconds...
a child goes missing or is abducted in the United States. conINT 2020 is a fundraising event for the National Child Protection Task Force and Trace Labs, two non-profit organizations that provide vital support to law enforcement in bringing them home.
conINT 2020 SCHEDULE
This session will showcase some of the skills and practices in the geolocation, chronolocation and visual forensics of an image or video in open source investigations with case-studies from military conflicts, stop child-abuse campaigns and crimes against humanity.
A talk about something I have been thinking about recently. OSINT is the new entry drug into the crazy and amazing infosec industry. Along the journey one also learns about what people can find on you, and in doing so, you can, at minimum be more mindful of your online footprint and how to protect your information better.
The best part about OSINT is that it can be performed by literally anyone with an internet connection and a web browser. With that being said, there are no established guidelines for OSINT collection. The potential for misuse (either intentional or unintentional) is huge.
This talk will explore:
* What are “”ethics””? How would they apply to collecting OSINT?
* What are some common temptations that could inadvertently lead an OSINT investigator in a bad direction? Example: Your friend comes to you because they think their wife is cheating on them. Do you help them? What are the possible outcomes?
* Discuss the psychology behind OSINT abuse. Address some common pitfalls of OSINT collection: “”It’s not against the law. So what’s the big deal?”” “”I’m not actually stalking them physically…”” Along with the change in behavior that comes with working “”anonymously”” on the internet
*Sketch realistic guidelines that could keep a new OSINT person on the right side of things.
Breach-sourced data leaks are on the rise, and breached data services have been created to both respond to a growing problem. In this presentation, we explore the history and relevance of these third-party data breach search services.
Many of us know of and use “Have I Been Pwned?”, one of the first services to appear in 2013, but many others have been created since then. Right now, these breached data services offer access to billions of leaked hacked credentials, including usernames, passwords, emails, and other personally identifiable information. Some services allow users to check if they exist within these data breaches without granting them access to the raw data, while other services make this data readily available for anyone to access. We will evaluate the effectiveness, usefulness, and ethics of these subjects.
I’m going to discuss the elephant in the room that nobody likes to bring up, the psychological trauma in investigating cases. To be successful, you need to delve into the mind of your victim, suspect, target, or abuser, but are you also letting the emotions stay with you once the case is finished? Learn the tips and tricks from someone who has had to view the unconscionable and investigated monsters. I will talk about how to process what you see, and cope with the aftermath.
This workshop shares techniques and technologies to more effectively monitor and rapidly respond to global crises with near-real-time OSINT & social media intelligence. Led by a career intelligence analyst, this session will introduce a variety of free online tools that security analysts, crisis managers, corporate security, journalists, travelers, and law enforcement can use to improve their situational awareness and crisis management capabilities during global incidents.
I intend to cover some of the historical dark web arrests and how they were executed by law enforcement, not through some technologically savvy technique, but due to poor OPSEC on the part of the dark web market user. With each example, I will showcase some basic OSINT tools or techniques that can be used to exploit a dark web market user making similar mistakes. My current list of particular points I want to touch on (still subject to change) includes: Virtual identifies and their reuse, extracting information from PGP keys, tracing cryptocurrency transactions, photo metadata, and perhaps how to extract a fingerprint from a high-res photo.
Ransomware is one of the greatest threats to public and private organisations worldwide. The major ransomware operators all control darknet leak sites to further extort their victims into paying the ransom, causing irreparable damage to client privacy, organisational reputation, and trust. As a CTI analyst, Will has worked with Fortune 500 firms, financial services, and law enforcement to gather intelligence on the latest changes in the threat landscape. To defend against the threat of ransomware organisations can utilise monitoring open source intelligence, darknet and deepweb intelligence, and malware analysis to better understand the initial infection vector.
With investigations becoming more complex and the threat landscape ever evolving, law enforcement face some unique challenges. Technology is integral to our day to day activities.
With that in mind this talk will provide a view from the one of UK’s National Crime Agency International Liaison Officers, an agency that seeks to lead the UK’s fight against serious and organised crime.
Bringing years of investigatory experience from local through to international, I hope to provide some insight into the range of the threats we currently face, the challenges and opportunities this brings and where you fit into all of this.
Murders, Scams, and Cold Cases: The Use of OSINT Techniques to Investigate Crime
An obsession with the “average person” solving true crime cases has spread across the world. With the excitement surrounding series such as Making A Murderer, Don’t [email protected] with Cats, Tiger King, and I’ll be Gone in the Dark the use of Open-source Intelligence by “armchair detectives” has grown increasingly mainstream. With a heightened interest in the field of OSINT, there appears to be a rise in ethical complications surrounding the cases. In this session, I will define the difference between OSINT and doxxing and lay out some best practices for investigating various types of crime. We will talk about the ethics surrounding OSINT and criminal cases and I will show examples of how using OSINT irresponsibly is not only a safety risk to the investigator but can cause irreparable damage to a person’s life and the overall criminal investigation.
Many people, especially students, pick up the $5 Shodan license during Black Friday and never learn the amazing features it has. This talk sets out to educate the listeners on the many filters available to use and how to string them all together to turn them into a pro at searching on Shodan
Venmo is a popular mobile application that allows for sending cash quickly between friends and online stores. As of June 2020, Venmo has approximately 52 million users. With it’s popularity, it’s also garnered scrutiny from organizations like Mozilla for making it’s transactions public by default. While they’ve taken minor steps to improve privacy and security, any authenticated user can obtain an API key and gather all the things. The API can give us access into a user’s social network, iPhone vs Android, contact info, and spending habits (what were they doing, who were they with, etc). We can even gather some info without being authenticated! We’ll go over Venemy, a simple python tool for leveraging the API, and what kind of analysis we can perform to help you in your OSINT investigations.
In this talk, Chris will walk through the intelligence cycle to understand the process of turning information into intelligence. Using geo-specific searching across multiple social media platforms with various techniques & tools, we will explore how to pivot from persons of interest to understand their social interactions, behaviours & pattern of life. Finally, we will look at auxiliary sources of information such as WiFi & IoT device searching for geo-specific information that ties into the intelligence cycle as part of painting a holistic picture for understanding a subject.
The ‘IT Guy’ is the Nigerian Prince of Pretexts. As bad actors grow more cunning and use more specialized and unique pretexts, so too should Pentesters use more specialized, custom pretexts during assessments. Reinvigorate your pretext repertoire and learn to make custom pretexts that fly under the radar and won’t raise any red flags, using target specific data gathered during OSINT.
At the end of this talk, attendees will be able to: define the anatomy of a pretext, understand how pretexts fail, conduct OSINT against a company/business target and its employees and use what they find to build a custom pretext for use in email phishing, voice elicitation, physical assessments or a combination of these types of attacks.
Add more value to your engagements, better prepare employers and their employees, and learn how to create pretexts that your targets are much less likely to question. This talk is a fully refreshed version and unique in content and targets from any previously shared version of this talk by the same title. New targets, new osint, new pretexts. This is one talk that only get better each time it’s presented and as Alethe grows her library of pretexts and OSINT skills.
In this talk, Charles will walk through the process of using OSINT for information gathering and enumeration during a penetration test. Using specific social media platforms along with various tools and techniques.
Cryptocurrency? Blockchain? Ransomware? We hear these terms on a daily basis, not only because they are cool buzzwords, but because they are being used by malicious threat actors to further their end-goals. As crypto, blockchain, and ransomware evolve and become more sophisticated, the act of attribution and tracking cyber-criminals becomes equally difficult. Open-source intelligence can aid in potentially bridging this gap. This presentation covers the basics of how a blockchain operates, its role in cryptocurrency, and attacks directed towards blockchain and crypto. The presentation then goes through a brief history of ransomware and how its tactics have evolved to match the current technological landscape during its respective period. The first two points then diverge on one another through a discussion of ransomware cryptocurrency demands, beginning with Bitcoin requests then shifting focus towards privacy coins like Monero. This shift in demand will be further covered through a comparison of Bitcoin and Monero trackability, and how open-source intelligence can help with traceability. The presentation wraps up by looking at the big picture of the digital asset threat landscape, as well as COVID-19’s role in amplifying the propagation of ransomware.
What are the different layers of the internet, and how can we pivot between layers for an OSINT investigation? How can the darknet, or darknet access points, be used to help push a case forward? Let’s find out just how useful, and how dark, the darknet is.
As security professionals we use OpenSource Intelligence (OSINT) in one way or another almost every day of our lives. This talk will focus on using OSINT to find information about people. This can be a useful skill when trying to track a malicious user from email address to home address. It is also a very important topic to discuss in user awareness training to help prevent social engineering attacks like spear phishing. Additionally, there are opportunities where you can use your analytical skills to give back leveraging OSINT.
A very high level overview of the various data points one can glean to go from a malicious artifact (file, URL, email, SMS message, etc.) to more revealing information (IPs, domains, URLs, certificates, hashes, strings, metadata, etc.) in order to better understand and/or track the artifact (such as uncovering a threat actor, determining related campaigns, tracking an APT, etc.)
Android analysis has long been viewed as a niche workflow that is often ignored by people outside the RE space. People see APK and assume that there is far too much going on under the hood. OSINT analysts and researchers should not be afraid to dive into this deep ocean of data points.
This talk will:
•outline the basic breakdown of an Android application
•highlight the primary pivot points that can be derived from analysis
•step through an example Android application investigation
Continuous threat hunting is a proactive approach to identifying threats within the environment while adopting the assumption of breach mentality. Find out why CTI play an important in assisting threat hunting and learn some key points when implementing threat hunting in your organization. Incorporating threat intelligence into your daily hunts; and what is required in a successful threat hunting platform. Some freebies for the attendees:
– Analysis of Intelligence Reports
– Competing Hypotheses
– YARA/ Sigma Rule Development
– STIX/ TAXI Framework
– Importance of Building a Campaign Heat Map
– Enriching and Understanding Limitations leveraging RedTeam Simulations of specific APT groups.
During this 2 hour workshop, Joe will discuss some of his favorite and unique techniques in identifying information about a subject (person). Starting with a quick description of OSINT and methods of analysis, we will quickly transition into the techniques via demonstrations. All of the demonstrations will be done from a browser, but will yield powerful results – some of which from platforms that privacy conscious people routinely use. This session will be a solid refresher for experienced investigators as well as a good foundation for those just developing their skills and passion.
The Art of Perception teaches professionals in law enforcement to enhance their observation, perception, and communication skills by learning to analyze works of art. In this highly visual and participatory presentation, individuals revisit both the application of their perception skills and the ability to communicate concisely and effectively in a variety of law enforcement contexts. The workshop is specifically designed to address the role of perception and observation in crime scene analysis, investigation, surveillance, and human trafficking as well as the importance of precise articulation in exchanges of critical information, including but not limited to communications on social media. Art and photography are also used as tools to reconsider the role of assumptions, biases, and related ethical issues in professional decision making, community relations, and best practices. Prepare to have your eyes opened when you did not even know they were closed.
Everybody is keen on using the latest tool to find evil in their networks or follow the latest trend in their investigations. But what we forget is that the human mind is still the best tool that we can utilize in our investigations. However, as humans we are can still fall into certain mindset or way of thinking. This session will cover how we can have an investigative mindset while applying lessons from the field of cognitive psychology and behavioral sciences to help us become better investigators.
As a Certified Social Engineer pentester, I often utilize these techniques to get information about the target that no tool can obtain.
These consist of well planned methods with a specific goal in mind to grab certain proof. Creating meaningful aliases, link trackers, phone elicitation, impersonation, and chatting are all part of this.
OpSec is extremely important.
The talk will provide multiple examples of where OSINT techniques and resources were exhausted and social engineering techniques plowed through the investigation.
Join the conINT 2020 Organizers as we wrap up Day 1 of conINT 2020 and talk about whats ahead for Day 2’s CTF.
Bryan Hurd, Founder of global intelligence programs at NCIS, EDS, Microsoft and the former chief of all identities for the US Watchlisting system will talk about some of the strategic themes the community today along with reflections on setting up national level intelligence programs. This closing keynote will explore the innovation of intelligence, the leadership of people and how to build lasting impact for global missions.
CTF platform closes at 22:00. All submissions must be received prior to closure to be scored.
OCTOBER 5, 2020 – conINT has formally accepted presentations 19 speakers from across the security and intelligence industry from this year’s Call for Presentations. conINT received more than 30 talk proposals for 2020’s event covering a wide range of intelligence and security topics.
OCTOBER 2, 2020 – Charles Shirer has joined the roster for conINT 2020. Currently working Security Consultant and Threat Hunter, Charles has had more than 17 years in Information Technology and Security. Charles is also a contributor to the SECBSD penetration testing distro based on the OpenBSD Operating System.