homepage
Open menu Go one level top
  • Train and Certify
    • Get Started in Cyber
    • Courses & Certifications
    • Training Roadmap
    • Search For Training
    • Online Training
    • OnDemand
    • Live Training
    • Summits
    • Cyber Ranges
    • College Degrees & Certificates
    • NICE Framework
    • DoDD 8140
    • Specials
  • Manage Your Team
    • Overview
    • Security Awareness Training
    • Voucher Program
    • Private Training
    • Workforce Development
    • Skill Assessments
    • Hiring Opportunities
  • Resources
    • Overview
    • Reading Room
    • Webcasts
    • Newsletters
    • Blog
    • Tip of The Day
    • Posters
    • Top 25 Programming Errors
    • The Critical Security Controls
    • Security Policy Project
    • Critical Vulnerability Recaps
    • Affiliate Directory
  • Focus Areas
    • Blue Team Operations
    • Cloud Security
    • Digital Forensics & Incident Response
    • Industrial Control Systems
    • Leadership
    • Offensive Operations
  • Get Involved
    • Overview
    • SANS Community
    • CyberTalent
    • Work Study
    • Instructor Development
    • Sponsorship Opportunities
    • COINS
  • About
    • About SANS
    • Why SANS?
    • Instructors
    • Cybersecurity Innovation Awards
    • Contact
    • Frequently Asked Questions
    • Customer Reviews
    • Press Room
  • Log In
  • Join
  • Contact Us
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  1. Home >
  2. Blog >
  3. #OSINTforGood: Using Open-Source Intelligence to Solve Real-World Problems
370x370_Micah-Hoffman.jpg
Micah Hoffman

#OSINTforGood: Using Open-Source Intelligence to Solve Real-World Problems

90+ SANS students used their skills to help uncover tips on real missing persons cases at CDI 2019. Learn how you can use OSINT for good as well.

January 23, 2020

We often say that the SANS community is full of heroes who protect us and our society through their work every day. That fact, and the spirit and skill of this community, were on full display at the inaugural SANS OSINT (Open Source Intelligence) Missing Persons Capture-the-Flag (CTF) event at Cyber Defense Initiative (CDI) in December, in partnership with the Canadian non-profit organization, Trace Labs.

More than 90 students volunteered their time over two nights at CDI to uncover and turn in more than 400 pieces of intelligence related to 12 active missing persons cases – a significant achievement from a volunteer, evening cyber challenge.

Hear more about how this #OSINTforGood event came to be in the video below:

#OSINTforGood, For Everyone

One of the themes that resonated throughout the two-night event is that anyone can participate in OSINT activities – it’s not just for experienced cyber professionals, and CTF events like this benefit from a diverse group of participants. In fact, the winning team of students, which gathered and submitted 82 tips, was entirely comprised of OSINT newcomers.

“You know, I’m sharing this with my friends and family and I’m encouraging them to participate,” said Adam Silk, a SOC analyst who was on the winning team. “It really just takes the ability to go on Google and see what’s out there.”

Jessica Lee, a threat intelligence analyst for a financial company and a member of the winning team told us that she initially focused on the competition element of the event, targeting points to move her team ahead. As the team did more research, however, things changed.

“You start to learn a little bit more about the person when you’re doing this, and it stops becoming just about finding data points,” she said. “Then you are able to dig deeper and find things about their personality, their lifestyle, and cues that may help law enforcement locate them.”

5 OSINT Hacks from the Winning Team

The winning team shared with us the tactics and approaches they took to find intelligence, as well as a few lessons learned along the way. The result is the following five hacks that you may be able to use to ramp up your OSINT skills and prepare for the next Missing Persons CTF.

1. Prepare Your Research Environment

Before you arrive for the CTF, you need to prepare. Make sure to spend some time getting your research environment set up by downloading virtual machines and more, Jessica advised. That way, you’re not spending the time configuring things during the CTF. Also, read the resources ahead of time. One challenge Jessica’s team ran into was that they didn’t have a mobile research environment set up. Because some social apps, like Snapchat, are only available on mobile, they were unable to search every corner they wanted to.

Trace Labs makes available all the categories and examples of data that go under each category, Jessica said. “For example, I wouldn’t have thought to try to look for make and model and license plates for related vehicles. Using the categories related to point collection will help guide your research efforts.”

2. Stay Anonymous

OSINT researchers must keep their anonymity, so it’s important to confirm that your setup is bulletproof before starting. “If you’re using your personal accounts to do research and you accidentally ‘like’ something or friend somebody, you could potentially be putting yourself in jeopardy or, at least, alerting the missing person that somebody is looking for them.”

3. Take Different Approaches for Different Age Groups

Something that became clear to the winning team right away was that adults had more of a paper trail, and there were public records for more of their activities. Minors, on the other hand, weren’t old enough to have bought a house, and much of their information was private or protected, so the team had to rely more on what the minor had posted online about themselves.

4. Try Google Dorking

One concept that Adam found especially useful was Google Dorking, which is basically how to use Google’s advanced search features to get much more specific results than what would normally be available. While the results you’d get searching inside Instagram might uncover some key user information, advanced search criteria in Google such as site:instagram.com “user name” will widen your result field and locate more of the traceable data you’re actually looking for, Adam suggested.

5. Look into People Search Engines

People search engines can also be a great tool for OSINT investigations, Adam said. Just by entering the person’s name and residential region, the engine can return correlated Facebook and LinkedIn accounts. It’s important to realize this data could be incorrect, Adam commented, but sometimes even the incorrect accounts can get you closer to what you’re looking for by eliminating certain options.


Micah Hoffman, SANS Certified Instructor and organizer of this Missing Persons CTF, teaches professionals how to master these skills, tools, techniques and much more every day, and expects to partner with Trace Labs again in the near future to host more of these types of CTFs.

Catchup on more of our #OSINTforGood mission by looking at Micah’s course, SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Join the SANS Community to receive the latest curated cybersecurity news, vulnerabilities, and mitigations, training opportunities, plus our webcast schedule.
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia (Slovak Republic)
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

Tags:
  • Blue Team Operations

Related Content

Blog
SUMMIT_Free_SANS_2021_Summits_Teaser.jpg
Digital Forensics and Incident Response, Cyber Defense Essentials, Industrial Control Systems Security, Purple Team, Blue Team Operations, Penetration Testing and Ethical Hacking, Cloud Security, Security Management, Legal, and Audit
November 30, 2020
Good News: SANS Virtual Summits Will Be FREE for the Community in 2021
They’re virtual. They’re global. They’re free.
Emily Blades
read more
Blog
_MUST_HAVE_RESOURCES_OSINT.png
Blue Team Operations
June 8, 2020
"Must Have" Free Resources for Open-Source Intelligence (OSINT)
Free OSINT resources to help in any investigation, pen test or to just see if your organization is exposed
SANS Institute
read more
Blog
Blue Team Operations, Penetration Testing and Ethical Hacking
May 29, 2020
Spiderfoot and the Dangers of Doxing
I had heard so many great things about SEC504 (GCIH), that I decided to take it, and one of the OSINT tools we use in this course I called Spiderfoot.
370x370_kenneth-may.jpg
Kenneth May
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters
  • The Critical Security Controls
  • Focus Areas
  • Blue Team Operations
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Join the SANS Community to receive the latest curated cybersecurity news, vulnerabilities, and mitigations, training opportunities, plus our webcast schedule.
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia (Slovak Republic)
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe
  • © 2021 SANS™ Institute
  • Privacy Policy
  • Contact
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn