SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks! Save $150 thru 3/3.

Open-Source Intelligence Summit - Live Online

Virtual, US Eastern | Tue, Feb 9 - Sat, Feb 20, 2021

Open-Source Intelligence Summit

Live Online | Free Summit: February 11-12

Add all of the OSINT Summit presentations to your schedule by subscribing to the OSINT Summit Calendar
*You must be registered for the Free Summit to gain access to these presentations. Register now!

Summit talks and panel

We strive to present the most relevant, timely and valuable content. Please check back frequently for changes and updates.

Thursday, February 11, Eastern Standard Time
10:00-10:15 am

Opening & Welcome

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute

calendarAdd to Calendar

10:15-11:15 am

Keynote

Investigating Disinformation

Jane Lytvynenko @JaneLytv, Reporter, BuzzFeed News

This session will look at the issue of disinformation in a global context. It will dissect how online disinformation spreads and the effect it has both abroad and in the US. The session will also go through basic strategies and approaches for investigating false information online.

calendarAdd to Calendar

11:15-11:30 am

Break

Add to Calendar

11:30-12:15 pm

Using Mobile Apps to Leverage OSINT Investigations

Matthias Wilson @mwosint, OSINT Blogger

We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques.

calendarAdd to Calendar

12:15-12:40 pm

Rx for Pinocchioitis & Chronic Echochamberosis: Keeping Bias, Manipulation and Fake News Out of Your OSINT Analysis

Heather Honey @H2OSINT, President, Haystack Investigations

Bias, manipulation and disinformation permeate social media, traditional media and most online content. Open source investigators and analysts must be acutely aware of how these factors influence the content they evaluate for collection. Biases can have a detrimental impact on intelligence collection and analysis but there are simple techniques that OSINT practitioners can use to help recognize bias in themselves and others and concrete steps to mitigate the impact. Through case studies, this presentation will examine how bias is exploited to manipulate social media consumers and to spread disinformation. We will also examine some OSINT tools and tradecraft that can be used to expose disinformation and combat online manipulation.

calendarAdd to Calendar

12:45-1:30 pm

Lunch & Bonus Talk
Register here to earn 1 additional CPE credit

Out in the Wild: How OSINT Supports Proactive Defense
Jackie Abrams
, VP of Product, DomainTools

In the SOC, defenders are often true to their name-playing defense to manage detections, assess risk, and protect the network from an ever-evolving barrage of threats. However, attacks don't start with alerts-they start with the infrastructure that attackers set up to deliver the attack. Proactive open-source investigations and external hunting practices can help shift your security posture from reactive to proactive.

Learn how you can use real-world attacks and open-source data to:

  • Identify high-risk infrastructure associated with threat actor activity
  • Rapidly investigate infrastructure associations to identify patterns and TTPs, and
  • Create profiles that you can use to hunt externally for threats relevant to your organization-moving left in attack detection by finding threats before they find you

calendarAdd to Calendar

1:30-1:55 pm

OSINT Google and Social Networks Hacks

Irina Shamaeva @braingain, Chief Sourcer & Partner, Brain Gain Recruiting

Many useful bits of info and search functions are hidden and less known. My presentation will shine some light to simple Google search, Facebook, LinkedIn, and other hacks that would allow you to get the info and access functions with a few mouse clicks. No need to script or use expensive tools.

calendarAdd to Calendar

2:00-2:45 pm

Extracting and Analyzing Social Networks Data Efficiently

Azat Kashparov, Head of Research and Development, Social Links
Andrew Kulikov @1984Jabberwocky, CEO, Social Links

The workshop will be dedicated to the methods of researching web resources code and requests in order to gather and organize accurate information. During the course of webinar we will go through a complete analysis of a popular social network, analyzing html files, json files, api requests and more.

calendarAdd to Calendar

2:45-3:00 pm

Break

Add to Calendar

3:00-3:25 pm

Leveraging VIPs Attack Surface Through OSINT

Ygor Maximo @mxm0z, iSecurity Inc.

The presentation will try to describe and go through an OSINT engagement focused on gathering information about high privileged employees (VIPs) within a given company, such as executives, board of directors, etc., in a way that the collected data could be used for Red Team exercises. Some of the learnings from this presentation are as follows: - OSINT techniques for collecting company VIP’s data in depth - Importance of organization on an OSINT exercise - Free tools on the internet used by analysts and researchers

calendarAdd to Calendar

3:30-4:15 pm

OSINT Tools for Diving Deep into the Dark Web

Apurv Singh Gautam @ASG_Sc0rpi0n, Student Researcher, Georgia Institute of Technology

How can you monitor and collect data from the dark web, what open-source tools you can utilize, and what are the benefits? If you are curious about the answers to these questions, then this talk is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like exploits, trojans, ransomware, etc. Monitoring and collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this presentation, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, and how you can create your data collection architecture using different open-source tools.

calendarAdd to Calendar

4:15-4:30 pm

Break

Add to Calendar

4:30-4:55 pm

Leveraging OSINT to Track Cyber Threat Actors

Curtis Hanson @cybershtuff, Threat Intelligence Analyst, PwC

In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors (a.k.a. hackers), there are non-technical OSINT techniques that support tracking threat actors. Several common open sources leveraged in tracking threat actors include indictments, corporate registries, news and social media. There are several cases that demonstrate this notion. In particular, contextualising information operations based on postmortem social media accounts; using indictment and sanction announcements to pivot off and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector. These cases are not only applicable to threat intelligence analysts, but law enforcement, investigative journalists, and similar investigative professions.

calendarAdd to Calendar

5:00-5:30 pm

Wrap-Up Panel

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
Summit Speakers

calendarAdd to Calendar

Friday, February 12
10:00-11:00 am

Keynote

OSINT Efficiency: Extending & Building Tools

Chris Poulter @osintcombine, CEO, OSINT Combine

This session will take participants through the process of how to create efficiency with information collection & production of open-source intelligence by extending tools & platforms and then building custom tools using no-code-required platforms through to developing with HTML5 & JavaScript for web-based efficiency and collaboration. With a focus on creating tools that can be shared with the community, the workshop will provide skills in setting up low-attribution proxies to support browser-based OSINT tool development. We will create repeatable methods to collect & analyze common data points that can be applied to any web source which is publicly available.

calendarAdd to Calendar

11:05-11:30 am

Panel

Just Curious: The OSINTCurio.us Project and You

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
OSINT Curious Projecct Members

The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast.

calendarAdd to Calendar

11:30-11:45 am

Break

Add to Calendar

11:45 am - 12:30 pm

Basic Persistent Threat (Monitoring)

Matt Edmondson @Matt0177, Certified Instructor, SANS Institute

Sometimes OSINT isn't about digging deep on a topic and moving on; sometimes it's about constantly monitoring for anything that meets a specific criteria. It doesn't matter if you call it "indications & warnings," "brand monitoring," or "persistent monitoring;" the struggle is real and commercial solutions can get really pricey really quick. This talk will cover free and open source options that can be hosted in the cloud for pennies a day and provide 24/7 monitoring for the internet, social media and even a dash of dark web.

calendarAdd to Calendar

12:30-12:55 pm

Haters Gonna Hate: Gathering and Analyzing Hate Using OSINT

Nico Dekens @dutch_osintguy, OSINT consultant and investigator; Certified instructor candidate, SANS.

Within the structure of the intelligence cycle, Nico will talk about how to use OSINT techniques to gather and analyze online hate content and hate groups. In the last several years, online hate and hate groups are seeing more momentum and online presence then ever before. By using structured methodologies, tactics, techniques, and procedures, it will become much easier to perform a sound analysis on this subject matter. This talk covers the fundamentals needed to understand how to track online hate or hate groups using OSINT.

calendarAdd to Calendar

1:00-1:45 pm

Lunch & Bonus Talk
Register here to earn 1 additional CPE credit

Using Marketplaces for Valuable OSINT Data
Jake Creps @jakecreps, Product Manager, Skopenow

Jake will show you manual investigation techniques for discovering product listings and seller accounts. Learn how to expand your investigation and discover locations, phone numbers, email addresses, and other social media accounts from marketplace listings.

Key Takeaways:

  • Learn how to use search engines to find specific products listed on all marketplaces. Use advanced search options within marketplaces to expand the scope of your search.
  • Find seller information including usernames, display names, phone numbers, email addresses, locations, and other product listings. Use this information to identify fraudulent sellers.
  • Step through an interesting use case.

calendarAdd to Calendar

1:45-2:10 pm

Hard and Soft OSINT Skills for Success

Jeff Lomas @bleubloodhound, Detective, Las Vegas Metropolitan Police Department; Certified Instructor Candidate, SANS Institute

The OSINT and cyber forensics fields can be challenging for someone to get into and the same can be said for employers looking for qualified employees. The field for OSINT-related work is evolving, so it is important to understand three core hard skills and three core soft skills that are needed to adapt. We will examine how the soft skills of communication, curiosity, and creativity are necessary to successfully foster the hard skills of problem-solving, knowledge of networking, and coding from an employer and employee perspective.

calendarAdd to Calendar

2:15-3:00 pm

Is This Thing Even On? Leveraging Automation in OSINT Collection

Daniel Ben-Chitrit, Senior Product Manager - Cyber and Open Source Threat Intelligence, Authentic8

Online data is constantly changing, and the number of sites to investigate and keep track of grows every single day. Unlike other areas of security, there are few good options for OSINT data harvesting and even fewer for management. There is no "OSINT SIEM" that you can just pull the logs into. In this presentation, we'll look at: existing methods of OSINT collection; best practices and a range of automation techniques that can help meet mission requirements while providing managed attribution to keep investigations - and investigators - secure; and different collection options, when to use them and how to tie in standard best practices and managed attribution techniques. This presentation will also include a demonstration of how automation can ensure analysts are always collecting relevant information without manual collection.

calendarAdd to Calendar

3:00-3:15 pm

Break

Add to Calendar

3:15-4:00 pm

Hash or It Didn't Happen

Steven Harris @nixintel

Open source internet investigation is becoming more commonplace in every area from law enforcement to investigative journalism, but digital evidence like screenshots, email headers and file metadata are still prone to manipulation. This talk looks at the challenge of establishing truthfulness in OSINT and some useful techniques to ensure the integrity of your OSINT work.

calendarAdd to Calendar

4:00-4:30 pm

Wrap-Up Panel

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
Summit Speakers

calendarAdd to Calendar