We would like to extend our sincerest apologies to this year’s CTF participants for the events that transpired on November 21. It is important that we share with the community what went wrong, what we learned, and what steps we will take to prevent such incidents from happening again in the future. Below you will find the writeup from NCPTF’s Cloud Operations team, who engineered and hosted this year’s CTF.
TALKS & WORKSHOPS
SUPPORT OUR MISSION
conINT 2021 is an fundraising event benefiting the National Child Protection Task Force (NCPTF), a US-based 501(c)(3) non-profit, that provides detectives, analysts, and other law enforcement with access to investigative expertise and resources to support missing and exploited persons investigations.
Day 2 of conINT gives attendees an opportunity to directly apply their newly learned skills as part of our OSINT CTF! More information on the CTF, including registration information, will be made available soon.
FEATURED SPEAKERS FOR conINT 2021
conINT 2021 SCHEDULE
Exploring techniques and the methodology around utilising OSINT for threat intel-led pentesting, including technical and human recon. This talk will then look to discuss what this means for a target organisation and how this information can be used for pentesting and threat landscaping.
This is a quick all encompassing talk on how to build rapport with a verbal algorithm and some key basics to using body language and nonverbal cues. It starts with breaking down the differences in nonverbal/body language and then cultural and cross cultural cues. Then it moves into how to use language to build comfort in under 5 min. By the end of the talk people will have a working understanding of how to deliver themselves to ensure anyone will feel more at ease and trusting. It will also give them nonverbal tools to ensure the target is being honest and compliant.
Announcements for a new competitive product launch of a high-value brand have already been spotted on Dark Net Forums and Marketplaces. A couple of Dark Web vendors with a Deep Web presence are discussing supply and distribution of hot brands in a highly infringing region, where counterfeiting is business-as-usual. Competitors are looking for a target client’s leaked data to find out about its patent secrets, clients, and suppliers. How are high-value brands addressing these challenges on the Dark Web? How are the Dark Web Investigators detecting, monitoring, and investigating brand infringements, and how are they collaborating with law enforcement? This presentation is based on three key components of a Dark Web Brand Protection investigative workflow. The first component addresses brand infringement attribution, via username identification and correlation across Dark Web, Deep Web and Surface Web platforms; deanonymization via OSINT investigation and CYBER-HUMINT monitoring, infiltration and engagement via Deep Web, Dark Web Forums, Marketplaces, or direct contact details if identified (e.g., phone numbers; emails, IRC, Wickr, Telegram etc.). Secondly, the presentation approaches product traceability from the Dark Web to the Surface Web. This subsection discusses how to find unique identifiers of a brand listed on the Dark Web; useful metadata of a product image; how to correlate dark web storefronts to identify similar products across the Internet and expand the investigative scope; advanced reverse image searches and Surface Web methods (e.g. probabilistic matching, text matching, product attributes matching) to trace similar brand infringements associated with multiple clusters that are part of multi-brand infringing networks. Lastly, the presentation ends with an introduction of how online-to-offline actionable intelligence is gathered via OSINT investigations and CYBER-HUMINT monitoring, infiltration and engagement with the target networks. Live examples and case studies from fashion, pharma, electronics high-value brands are provided throughout presentation.
Part 1) Skylight a.k.a kitchen-sinking object enrichment – meaning – you have a phone number, email address, IP address or whatever and you need to know EVERYTHING the Internet knows about it – at any cost. Now make it work directly in your current webpage.
Part 2) Vortimo 1.1 – now with fancy graphs. We skip the boring parts and go straight to the eye candy. Make people think your work is more complex than it really is.
Part 3) AutoVort – the Swiss army knife of scrollers – to automate data collection with tools like … Vortimo (but also others)
IRC, Hexchat, XChat, and more recently: Discord, Matrix, Element, … have been an integral part of interconnecting people from around the world on various topics of interest, and thus, have become an integral component in the creation of digital communities.
Building a community online, however, is much like sending a message to everyone in your town that you live at a specific address, and also inviting every one of them over for dinner at the same time: inevitably, less charitable or law-abiding people will show up, and some of them may try to take advantage of the situation.
In being a member of and managing a few digital communities, I have personally had to respond to incidents when such a threat emerges.
As such, I wanted to discuss various processes in managing communities, potentially underlined with examples, such as:
– how to identify, catalog and possibly respond to threats to the wellbeing of a community
– how OSINT and knowledge of law and law enforcement can help in the resolution of incidents
– how exchanging intelligence about threats between communities presents opportunities and risk
– how webs of trust can wrench in complications and facilitate the reduction of vigilance in terms of Operations Security (OPSEC)
– how community guidelines exist as a framework with which staff members can intimate a sentiment of interest and vigilance
“This talk is based on the book Psychology of Intelligence Analysis by Richard Heuer of the CIA (https://www.cia.gov/resources/csi/books-monographs/psychology-of-intelligence-analysis-2/).
We will introduce difference biases and heuristics that our brains use everyday and how these may lead us to make incorrect decisions.
Afterwards, we will teach practical tools and methodologies to combat these biases and that allow individuals and teams to construct better intelligence products.
The talk is quasi-interactive, with the participants being asked to respond in the comfort of their own homes to on-screen prompts in order for them better to understand their biases.”
Sometimes OSINT investigators can’t easily find an e-mail address of their targets. But e-mail addresses are important as they are one of the most valuable leads to pivot from. This talk will show ways that OSINT investigators can use to try and guess an e-mail address of their target. We are going to use names and surnames, birth dates, usernames, flaws in platforms and more that can lead an OSINT investigator to drastically increase his chances of “guessing” the target’s e-mail address.
“””Zoom in. Enhance the image. We got ’em.””
Some version of that scene is in nearly every crime show, but somehow when I try the same “”technique,”” the result is a sad-looking scene from an 8-bit game. So what can we do to improve small details in an image during an investigation? What if the photo is blurry? What tools are worth the time and money? Together we will analyze various types of damaged pictures and decide the best route to enhancing them for an OSINT investigation.”
OSINT is a challenging discipline with many distinct parts. It’s my belief like anything though if we break it down into its fundamental parts it can be learned. In this talk BosintBlanc takes you through an exploration of the skills, tools and mindsets you’ll need for successful OSINT investigations. This is a hands on talk where he will break down his process in digging up new information in digital investigations. *This talk includes a practical case study with prerecorded screenshots where BosintBlanc researched information on one the FBI’s most wanted fugitives.
“Public accessibility of breached data is a nightmare for everyone but useful for OSINT investigators.
I’ll go over the good, the bad and the ugly of breached data, how to use it to your advantage in OSINT investigations, how not to use it and more importantly, what you can do today to protect yourself from its repercussions.
A definite eye opener for those who haven’t see the contents of some of these breaches!
One of the biggest challenges beginner OSINT practitioners face is finding ways to apply the skills they learn. This presentation will cover another area of OSINT which will allow beginner (and advanced) OSINT practitioners to sharpen their practical skills: scam investigations. We will learn ways to identify scams, collect intelligence, pivot across scammer infrastructure, and ultimately report the scam (hopefully ruining the scammer’s day in the process).
“We are often told to keep OSINT investigations to a separate machine to avoid evidence tainting for professionals, and to prevent unexpected leakage of information to those being investigated, if doing on a voluntary basis.
This could be an expensive way of doing things and often virtual machines are used instead.
In this talk I show how the cheap but powerful Raspberry Pi can be setup as a standalone portable OSINT lab.”
In many instances, images can be as much of a modern day identifier as usernames, and a valuable point of pivoting for any open source investigator. From profile pictures to company logos, images offer a unique opportunity to tie disparate online activity together. Beyond the surface, EXIF metadata contained in these images offer a potentially valuable wealth of information that can move investigations forward. During this talk, Griffin will cover several examples of manual and automated reverse image searching, extraction and use of metadata, and how to find potential modification leveraging an error level analysis tool.
Two Feds having a virtual “fireside” chat about what keeps us up at night.
A conversation between the FBI and NCA about all things cyber.
Lots of opportunities to ask questions, so start thinking.
conINT 2021 Closing Keynote. Nicole will discuss some of the more common types biases in intelligence. She will then dive into the intelligence cycle and how biases can creep into each stage and ultimately give us bad intelligence. Nicole will then discuss how we combat these biases and tips for analysts and managers on the ways to spot bias ahead of a bad incident.
Dan Sampayo has been DJing in various night clubs in London, Brighton and the South Coast for 24 years playing at legendary clubs such as Ministry Of Sound, Turnmills, The Honey Club, The Concorde, The Escape Club, Audio and his residencies at The Q Club and 3TO. He also produces tunes and had a few remixes released.
Considering current conditions he’s had a pretty good summer playing at Block, Brighton and The Volks a fair few times as well as for Cyber House Party, BeerCon3 and IsolationCon2 after parties!
Access information and registration will be available in the event portal on Eventbrite. Please check your registration email for the Online Event Portal link.
Advance Registration REQUIRED To Participate. To register, visit conINT.io/Register
SEPTEMBER 24, 2021 – Due to a series of scheduling conflicts and delays, including the National Child Protection Task Force’s ongoing Operation Chivalrous Knight, the conINT board has opted to re-schedule our 2021 event to November 20-21, 2021. Rescheduling the conference from October to November will allow the event team additional time to handle administrative activities, including CTF development, speaker recruitment, and sponsorship sales.
OCTOBER 10, 2020 – Closing out conINT 2020 is none other than acclaimed nerdcore artist YTCracker. A former “cracker” turned rapper, MC and DJ, YTCracker is considered by many to be one of the originators of nerdcore. Outside of music, YTCracker is a respected information security professional, serving in roles ranging from advisor to CISO. YTCracker’s performance will start immediately following the conclusion of conINT 2020’s closing keynote.