SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
SEC497: Practical Open-Source Intelligence (OSINT)
SEC497Cyber Defense
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course authored by:
Matt Edmondson
Course authored by:Matt Edmondson
- GIAC Open Source Intelligence (GOSI)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 29 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Learn to perform effective, secure OSINT research with practical techniques. Explore critical OSINT tools and apply your skills in hands-on labs based on real-world scenarios.
Featured Quote
[SEC497 is] exactly what I wanted-a hands on, real-world deep dive into OSINT challenges, techniques, strategies and actual tools to use.
Course Overview
SEC497: Practical Open-Source Intelligence (OSINT) provides practical, real-world tools and techniques to help individuals perform OSINT research safely and effectively. The OSINT training course also offers real-world examples of how those tools and techniques have been used to solve a problem or further an investigation. Hands-on labs based on actual scenarios give students opportunities to practice the skills they learn and understand how those skills can help in their research.
What You’ll Learn
- Perform OSINT investigations with strict OPSEC
- Manage sock puppet accounts for research
- Recover deleted or hidden data, including breach and dark web content
- Trace digital footprints across sites and social media
- Uncover website owners, linked domains, and metadata
- Analyze large datasets and produce reports for cybersecurity, M&A, and more
Business Takeaways
- Enhance competitive intelligence through OSINT techniques
- Improve risk management by identifying vulnerabilities
- Strengthen incident response with rapid information gathering
- Identify and mitigate potential threats from publicly available data
- Streamline data collection and analysis processes for operational efficiency
Meet Your Author
Matt Edmondson
Senior InstructorMatt Edmonson, Senior SANS Instructor, STI faculty, and Founder of Argelius Labs, authored SEC497 and SEC587. An industry veteran with 11 GIAC certifications and OSCP, he draws on 20 years of investigations to deliver accessibly, real-world OSINT training.
Read more about Matt EdmondsonCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC497: Practical Open-Source Intelligence (OSINT).
Section 1OSINT and OPSEC Fundamentals
Learn how to conduct OSINT safely and effectively. This section covers the OSINT process, avoiding analytical pitfalls, and managing OPSEC, including a hands-on Pre-Flight Checklist lab to understand what you expose online.
Topics covered
- The OSINT Process
- Avoiding Analytical Pitfalls
- OPSEC and Attribution
- Creating Accounts (Sock Puppets)
- Hunchly, Obsidian, and Report Writing
Labs
- OPSEC Pre-Flight Checklist
- Dealing with Potential Malware
- Canary Tokens
- Hunchly and Obsidian
- [Optional] Linux Command Line Practice
Section 2Essential OSINT Skills
Build core OSINT skills including search techniques, web data collection, and archiving. Learn how to analyze metadata, images, and translations, and use tools like ArchiveBox to capture and preserve online content.
Topics covered
- Web Fundamentals and Search Engines
- Web Archives and Proxy Sites
- Collecting and Processing Web Data
- Metadata, Mapping, and Image Analysis
- Facial Recognition and Translations
Labs
- ArchiveBox Web Capture Lab
- Metadata Analysis
- Reverse Image Search
- Facial Recognition
- Translation Techniques
Section 3Investigating People
Investigate individuals using usernames, emails, phone numbers, and social media. Learn to work with breach data, APIs, and detect AI-generated content while analyzing identity, behavior, and online presence.
Topics covered
- Privacy and Identity Research
- Usernames, Emails, and Phone Numbers
- Breach Data and APIs
- Social Media Analysis and Geolocation
- Detecting AI-Generated Content
Labs
- API Data Collection Lab
- Breach Data Investigation Lab
- Social Media Analysis
- Geolocation
- AI-Generated Content Detection
Section 4Investigating Websites and Infrastructure
Analyze websites, IPs, and infrastructure to answer key investigative questions. Learn how to uncover ownership, identify technologies, and understand how systems work to avoid missteps and strengthen analysis.
Topics covered
- IP Addresses and Common Ports
- WHOIS, DNS, and Certificate Transparency
- Email Headers and Subdomains
- Site Attribution and Ownership
- Cloud and CTI Resources
Labs
- IP Address Research
- WHOIS and DNS
- Amass and Eyewitness
- Censys and Shodan
- Buckets of Fun
Section 5Automation, the Dark Web, and Large Data Sets
Work with large datasets, explore the dark web, and automate OSINT tasks. Learn how AI tools like Whisper can speed up investigations and how to efficiently process massive amounts of data.
Topics covered
- Researching Businesses and Wireless
- Large Dataset Triage
- Dark Web Investigation
- AI for OSINT
- Automation and Path Forward
Labs
- Business and Wireless Analysis
- Bulk Data Triage
- Dark Web Exploration
- Whisper Transcription Lab
- Automation Techniques
Section 6Capture the Flag
Apply your skills in a multi-hour capture the flag. Work in teams to build a threat assessment for a fictional client using real-world data and techniques, then present findings for instructor feedback.
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathProtection
SCyWF: Protection And DefenseThis role uses cybersecurity tools to protect information, systems and networks from cyber threats. Find the SANS courses that map to the Protection SCyWF Work Role.
Explore learning pathThreat Analysis (OPM 141)
NICE: Protection and DefenseResponsible for collecting, processing, analyzing, and disseminating cybersecurity threat assessments. Develops cybersecurity indicators to maintain awareness of the status of the highly dynamic operating environment.
Explore learning pathOSINT Investigator/Analyst
Cyber DefenseThese resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Explore learning pathThreat Intelligence (THIN)
Collection and contextual analysis of threat actor activity, indicators, and tactics. Outputs support detection engineering, hunting strategies, and proactive defence planning.
Explore learning pathCybersecurity Researcher
European Cybersecurity Skills FrameworkResearch the cybersecurity domain and incorporate results in cybersecurity solutions.
Explore learning pathCourse Schedule and Pricing
Have Questions?Contact Us
Group and Private Pricing
Enroll your team as a group or arrange a private session for your organization. We’ll help you choose the format that fits your goals.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course priceA$13,350 AUD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course priceS$11,390 SGD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,900 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course priceS$11,390 SGD*Prices exclude applicable local taxes
Showing 10 of 18
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4I appreciate the realism in all of these labs. Students can easily turn around and do real world OSINT investigations with many of these labs.
- Slide 2 of 4Very Informative course and provided pointers to numerous breach data sites which could aid numerous investigations.
- Slide 3 of 4
Very relevant information is provided that can be deployed immediately even by novice users. Excellent! - Slide 4 of 4The module on dealing with large data sets was very helpful. Getting a deep understanding on the challenges large data sets pose and how to work around them is very helpful and practical.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources