A talk about something I have been thinking about recently. OSINT is the new entry drug into the crazy and amazing infosec industry. Along the journey one also learns about what people can find on you, and in doing so, you can, at minimum be more mindful of your online footprint and how to protect your information better.

The best part about OSINT is that it can be performed by literally anyone with an internet connection and a web browser. With that being said, there are no established guidelines for OSINT collection. The potential for misuse (either intentional or unintentional) is huge.

This talk will explore:
* What are “”ethics””? How would they apply to collecting OSINT?

* What are some common temptations that could inadvertently lead an OSINT investigator in a bad direction? Example: Your friend comes to you because they think their wife is cheating on them. Do you help them? What are the possible outcomes?

* Discuss the psychology behind OSINT abuse. Address some common pitfalls of OSINT collection: “”It’s not against the law. So what’s the big deal?”” “”I’m not actually stalking them physically…”” Along with the change in behavior that comes with working “”anonymously”” on the internet

*Sketch realistic guidelines that could keep a new OSINT person on the right side of things.

Breach-sourced data leaks are on the rise, and breached data services have been created to both respond to a growing problem. In this presentation, we explore the history and relevance of these third-party data breach search services.

Many of us know of and use “Have I Been Pwned?”, one of the first services to appear in 2013, but many others have been created since then. Right now, these breached data services offer access to billions of leaked hacked credentials, including usernames, passwords, emails, and other personally identifiable information. Some services allow users to check if they exist within these data breaches without granting them access to the raw data, while other services make this data readily available for anyone to access. We will evaluate the effectiveness, usefulness, and ethics of these subjects.

This workshop shares techniques and technologies to more effectively monitor and rapidly respond to global crises with near-real-time OSINT & social media intelligence. Led by a career intelligence analyst, this session will introduce a variety of free online tools that security analysts, crisis managers, corporate security, journalists, travelers, and law enforcement can use to improve their situational awareness and crisis management capabilities during global incidents.

I intend to cover some of the historical dark web arrests and how they were executed by law enforcement, not through some technologically savvy technique, but due to poor OPSEC on the part of the dark web market user. With each example, I will showcase some basic OSINT tools or techniques that can be used to exploit a dark web market user making similar mistakes. My current list of particular points I want to touch on (still subject to change) includes: Virtual identifies and their reuse, extracting information from PGP keys, tracing cryptocurrency transactions, photo metadata, and perhaps how to extract a fingerprint from a high-res photo.

Ransomware is one of the greatest threats to public and private organisations worldwide. The major ransomware operators all control darknet leak sites to further extort their victims into paying the ransom, causing irreparable damage to client privacy, organisational reputation, and trust. As a CTI analyst, Will has worked with Fortune 500 firms, financial services, and law enforcement to gather intelligence on the latest changes in the threat landscape. To defend against the threat of ransomware organisations can utilise monitoring open source intelligence, darknet and deepweb intelligence, and malware analysis to better understand the initial infection vector.

Murders, Scams, and Cold Cases: The Use of OSINT Techniques to Investigate Crime
An obsession with the “average person” solving true crime cases has spread across the world. With the excitement surrounding series such as Making A Murderer, Don’t [email protected] with Cats, Tiger King, and I’ll be Gone in the Dark the use of Open-source Intelligence by “armchair detectives” has grown increasingly mainstream. With a heightened interest in the field of OSINT, there appears to be a rise in ethical complications surrounding the cases. In this session, I will define the difference between OSINT and doxxing and lay out some best practices for investigating various types of crime. We will talk about the ethics surrounding OSINT and criminal cases and I will show examples of how using OSINT irresponsibly is not only a safety risk to the investigator but can cause irreparable damage to a person’s life and the overall criminal investigation.

Many people, especially students, pick up the $5 Shodan license during Black Friday and never learn the amazing features it has. This talk sets out to educate the listeners on the many filters available to use and how to string them all together to turn them into a pro at searching on Shodan

Venmo is a popular mobile application that allows for sending cash quickly between friends and online stores. As of June 2020, Venmo has approximately 52 million users. With it’s popularity, it’s also garnered scrutiny from organizations like Mozilla for making it’s transactions public by default. While they’ve taken minor steps to improve privacy and security, any authenticated user can obtain an API key and gather all the things. The API can give us access into a user’s social network, iPhone vs Android, contact info, and spending habits (what were they doing, who were they with, etc). We can even gather some info without being authenticated! We’ll go over Venemy, a simple python tool for leveraging the API, and what kind of analysis we can perform to help you in your OSINT investigations.

The ‘IT Guy’ is the Nigerian Prince of Pretexts. As bad actors grow more cunning and use more specialized and unique pretexts, so too should Pentesters use more specialized, custom pretexts during assessments. Reinvigorate your pretext repertoire and learn to make custom pretexts that fly under the radar and won’t raise any red flags, using target specific data gathered during OSINT.

At the end of this talk, attendees will be able to: define the anatomy of a pretext, understand how pretexts fail, conduct OSINT against a company/business target and its employees and use what they find to build a custom pretext for use in email phishing, voice elicitation, physical assessments or a combination of these types of attacks.

Add more value to your engagements, better prepare employers and their employees, and learn how to create pretexts that your targets are much less likely to question. This talk is a fully refreshed version and unique in content and targets from any previously shared version of this talk by the same title. New targets, new osint, new pretexts. This is one talk that only get better each time it’s presented and as Alethe grows her library of pretexts and OSINT skills.

Cryptocurrency? Blockchain? Ransomware? We hear these terms on a daily basis, not only because they are cool buzzwords, but because they are being used by malicious threat actors to further their end-goals. As crypto, blockchain, and ransomware evolve and become more sophisticated, the act of attribution and tracking cyber-criminals becomes equally difficult. Open-source intelligence can aid in potentially bridging this gap. This presentation covers the basics of how a blockchain operates, its role in cryptocurrency, and attacks directed towards blockchain and crypto. The presentation then goes through a brief history of ransomware and how its tactics have evolved to match the current technological landscape during its respective period. The first two points then diverge on one another through a discussion of ransomware cryptocurrency demands, beginning with Bitcoin requests then shifting focus towards privacy coins like Monero. This shift in demand will be further covered through a comparison of Bitcoin and Monero trackability, and how open-source intelligence can help with traceability. The presentation wraps up by looking at the big picture of the digital asset threat landscape, as well as COVID-19’s role in amplifying the propagation of ransomware.

What are the different layers of the internet, and how can we pivot between layers for an OSINT investigation? How can the darknet, or darknet access points, be used to help push a case forward? Let’s find out just how useful, and how dark, the darknet is.

As security professionals we use OpenSource Intelligence (OSINT) in one way or another almost every day of our lives. This talk will focus on using OSINT to find information about people. This can be a useful skill when trying to track a malicious user from email address to home address. It is also a very important topic to discuss in user awareness training to help prevent social engineering attacks like spear phishing. Additionally, there are opportunities where you can use your analytical skills to give back leveraging OSINT.

A very high level overview of the various data points one can glean to go from a malicious artifact (file, URL, email, SMS message, etc.) to more revealing information (IPs, domains, URLs, certificates, hashes, strings, metadata, etc.) in order to better understand and/or track the artifact (such as uncovering a threat actor, determining related campaigns, tracking an APT, etc.)

Continuous threat hunting is a proactive approach to identifying threats within the environment while adopting the assumption of breach mentality. Find out why CTI play an important in assisting threat hunting and learn some key points when implementing threat hunting in your organization. Incorporating threat intelligence into your daily hunts; and what is required in a successful threat hunting platform. Some freebies for the attendees:

– Analysis of Intelligence Reports
– Competing Hypotheses
– YARA/ Sigma Rule Development
– STIX/ TAXI Framework
– Importance of Building a Campaign Heat Map
– Enriching and Understanding Limitations leveraging RedTeam Simulations of specific APT groups.

During this 2 hour workshop, Joe will discuss some of his favorite and unique techniques in identifying information about a subject (person). Starting with a quick description of OSINT and methods of analysis, we will quickly transition into the techniques via demonstrations. All of the demonstrations will be done from a browser, but will yield powerful results – some of which from platforms that privacy conscious people routinely use. This session will be a solid refresher for experienced investigators as well as a good foundation for those just developing their skills and passion.

Everybody is keen on using the latest tool to find evil in their networks or follow the latest trend in their investigations. But what we forget is that the human mind is still the best tool that we can utilize in our investigations. However, as humans we are can still fall into certain mindset or way of thinking. This session will cover how we can have an investigative mindset while applying lessons from the field of cognitive psychology and behavioral sciences to help us become better investigators.

As a Certified Social Engineer pentester, I often utilize these techniques to get information about the target that no tool can obtain.
These consist of well planned methods with a specific goal in mind to grab certain proof. Creating meaningful aliases, link trackers, phone elicitation, impersonation, and chatting are all part of this.

OpSec is extremely important.

The talk will provide multiple examples of where OSINT techniques and resources were exhausted and social engineering techniques plowed through the investigation.