Interactive Courses + Cyber Defense NetWars Available During SANS Scottsdale: Virtual Edition 2021. Save $300 thru 1/27.

Open-Source Intelligence Summit - Live Online

Virtual, US Eastern | Mon, Feb 8 - Sat, Feb 20, 2021

Open-Source Intelligence Summit

Live Online | Free Summit: February 11-12

Sign Up to Receive Updates About OSINT Summit

Summit talks and panel

We strive to present the most relevant, timely and valuable content. Please check back frequently for changes and updates.

Thursday, February 11, Eastern Standard Time
10:00-10:15 am

Opening & Welcome

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute

10:15-11:15 am

Keynote

Investigating Disinformation

Jane Lytvynenko, Reporter, BuzzFeed News

This session will look at the issue of disinformation in a global context. It will dissect how online disinformation spreads and the effect it has both abroad and in the US. The session will also go through basic strategies and approaches for investigating false information online.

11:15-11:30 am Break
11:30-12:15 pm

Using Mobile Apps to Leverage OSINT Investigations

Matthias Wilson @mwosint, OSINT Blogger

We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques.

12:15-12:40 pm

Rx for Pinnochioitis & Chronic Echochamberosis

Heather Honey @H2OSINT, President, Haystack Investigations

Bias, manipulation and disinformation permeate social media, traditional media and most online content. Open source investigators and analysts must be acutely aware of how these factors influence the content they evaluate for collection. Biases can have a detrimental impact on intelligence collection and analysis but there are simple techniques that OSINT practitioners can use to help recognize bias in themselves and others and concrete steps to mitigate the impact. Through case studies, this presentation will examine how bias is exploited to manipulate social media consumers and to spread disinformation. We will also examine some OSINT tools and tradecraft that can be used to expose disinformation and combat online manipulation.

12:45-1:30 pm Break
1:30-1:55 pm

OSINT Google and Social Networks Hacks

Irina Shamaeva @braingain, Chief Sourcer & Partner, Brain Gain Recruiting

Many useful bits of info and search functions are hidden and less known. My presentation will shine some light to simple Google search, Facebook, LinkedIn, and other hacks that would allow you to get the info and access functions with a few mouse clicks. No need to script or use expensive tools.

2:00-2:45 pm

Extracting and Analyzing Social Networks Data Efficiently

Azat Kashparov, Head of Research and Development, Social Links
Andrew Kulikov @1984Jabberwocky, CEO, Social Links

The workshop will be dedicated to the methods of researching web resources code and requests in order to gather and organize accurate information. During the course of webinar we will go through a complete analysis of a popular social network, analyzing html files, json files, api requests and more.

2:45-3:00 pm Break
3:00-3:25 pm

Leveraging VIPs Attack Surface Through OSINT

Ygor Maximo @mxm0z, iSecurity Inc.

The presentation will try to describe and go through an OSINT engagement focused on gathering information about high privileged employees (VIPs) within a given company, such as executives, board of directors, etc., in a way that the collected data could be used for Red Team exercises. Some of the learnings from this presentation are as follows: - OSINT techniques for collecting company VIP’s data in depth - Importance of organization on an OSINT exercise - Free tools on the internet used by analysts and researchers

3:30-4:15 pm

OSINT Tools for Diving Deep into the Dark Web

Apurv Singh Gautam @ASG_Sc0rpi0n, Student Researcher, Georgia Institute of Technology

How can you monitor and collect data from the dark web, what open-source tools you can utilize, and what are the benefits? If you are curious about the answers to these questions, then this talk is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like exploits, trojans, ransomware, etc. Monitoring and collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this presentation, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, and how you can create your data collection architecture using different open-source tools.

4:15-4:30 pm Break
4:30-4:55 pm

Leveraging OSINT to Track Cyber Threat Actors

Curtis Hanson @cybershtuff, Threat Intelligence Analyst, PwC

In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors (a.k.a. hackers), there are non-technical OSINT techniques that support tracking threat actors. Several common open sources leveraged in tracking threat actors include indictments, corporate registries, news and social media. There are several cases that demonstrate this notion. In particular, contextualising information operations based on postmortem social media accounts; using indictment and sanction announcements to pivot off and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector. These cases are not only applicable to threat intelligence analysts, but law enforcement, investigative journalists, and similar investigative professions.

5:00-5:30 pm

Wrap-Up Panel

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
Summit Speakers

Friday, February 12
10:00-11:00 am

Keynote

OSINT Efficiency: Extending & Building Tools

Chris Poulter @osintcombine, CEO, OSINT Combine

This session will take participants through the process of how to create efficiency with information collection & production of open-source intelligence by extending tools & platforms and then building custom tools using no-code-required platforms through to developing with HTML5 & JavaScript for web-based efficiency and collaboration. With a focus on creating tools that can be shared with the community, the workshop will provide skills in setting up low-attribution proxies to support browser-based OSINT tool development. We will create repeatable methods to collect & analyze common data points that can be applied to any web source which is publicly available.

11:05-11:30 am

Panel

Just Curious: The OSINTCurio.us Project and You

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
OSINT Curious Projecct Members

The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast.

11:30-11:45 am Break
11:45 am - 12:30 pm

Basic Persistent Threat (Monitoring)

Matt Edmondson @Matt0177, Certified Instructor, SANS Institute

We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques.

12:30-12:55 pm Talk to be announced
1:00-1:45 pm

Lunch & Bonus Talk

Using Marketplaces for Valuable OSINT Data

Jake Creps, Product Manager, Skopenow

Jake will show you manual investigation techniques for discovering product listings and seller accounts. Learn how to expand your investigation and discover locations, phone numbers, email addresses, and other social media accounts from marketplace listings.

Key Takeaways:

  1. Learn how to use search engines to find specific products listed on all marketplaces. Use advanced search options within marketplaces to expand the scope of your search.
  2. Find seller information including usernames, display names, phone numbers, email addresses, locations, and other product listings. Use this information to identify fraudulent sellers.
  3. Step through an interesting use case.

1:45-2:10 pm Talk to be announced
2:15-3:00 pm

Is This Thing Even On? Leveraging Automation in OSINT Collection

Daniel Ben-Chitrit, Senior Product Manager - Cyber and Open Source Threat Intelligence, Authentic8

Online data is constantly changing, and the number of sites to investigate and keep track of grows every single day. Unlike other areas of security, there are few good options for OSINT data harvesting and even fewer for management. There is no "OSINT SIEM" that you can just pull the logs into. In this presentation, we'll look at: existing methods of OSINT collection; best practices and a range of automation techniques that can help meet mission requirements while providing managed attribution to keep investigations - and investigators - secure; and different collection options, when to use them and how to tie in standard best practices and managed attribution techniques. This presentation will also include a demonstration of how automation can ensure analysts are always collecting relevant information without manual collection.

3:00-3:15 pm Break
3:15-4:00 pm

Hash or It Didn't Happen

Steven Harris @nixintel

Open source internet investigation is becoming more commonplace in every area from law enforcement to investigative journalism, but digital evidence like screenshots, email headers and file metadata are still prone to manipulation. This talk looks at the challenge of establishing truthfulness in OSINT and some useful techniques to ensure the integrity of your OSINT work.

4:00-4:30 pm

Wrap-Up Panel

Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute
John TerBush @thegumshoo, Instructor & Summit Co-Chair, SANS Institute
Summit Speakers