Open-Source Intelligence Summit
Live Online | Free Summit: February 11-12
Sign Up to Receive Updates About OSINT Summit
We strive to present the most relevant, timely and valuable content. Please check back frequently for changes and updates.
| Thursday, February 11, Eastern Standard Time | |
|---|---|
| 10:00-10:15 am |
Opening & Welcome Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |
| 10:15-11:15 am |
Keynote Investigating DisinformationJane Lytvynenko, Reporter, BuzzFeed News This session will look at the issue of disinformation in a global context. It will dissect how online disinformation spreads and the effect it has both abroad and in the US. The session will also go through basic strategies and approaches for investigating false information online. |
| 11:15-11:30 am | Break |
| 11:30-12:15 pm |
Using Mobile Apps to Leverage OSINT InvestigationsMatthias Wilson @mwosint, OSINT Blogger We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques. |
| 12:15-12:40 pm |
Rx for Pinnochioitis & Chronic EchochamberosisHeather Honey @H2OSINT, President, Haystack Investigations Bias, manipulation and disinformation permeate social media, traditional media and most online content. Open source investigators and analysts must be acutely aware of how these factors influence the content they evaluate for collection. Biases can have a detrimental impact on intelligence collection and analysis but there are simple techniques that OSINT practitioners can use to help recognize bias in themselves and others and concrete steps to mitigate the impact. Through case studies, this presentation will examine how bias is exploited to manipulate social media consumers and to spread disinformation. We will also examine some OSINT tools and tradecraft that can be used to expose disinformation and combat online manipulation. |
| 12:45-1:30 pm | Break |
| 1:30-1:55 pm |
OSINT Google and Social Networks HacksIrina Shamaeva @braingain, Chief Sourcer & Partner, Brain Gain Recruiting Many useful bits of info and search functions are hidden and less known. My presentation will shine some light to simple Google search, Facebook, LinkedIn, and other hacks that would allow you to get the info and access functions with a few mouse clicks. No need to script or use expensive tools. |
| 2:00-2:45 pm |
Extracting and Analyzing Social Networks Data EfficientlyAzat Kashparov, Head of Research and Development, Social Links The workshop will be dedicated to the methods of researching web resources code and requests in order to gather and organize accurate information. During the course of webinar we will go through a complete analysis of a popular social network, analyzing html files, json files, api requests and more. |
| 2:45-3:00 pm | Break |
| 3:00-3:25 pm |
Leveraging VIPs Attack Surface Through OSINTYgor Maximo @mxm0z, iSecurity Inc. The presentation will try to describe and go through an OSINT engagement focused on gathering information about high privileged employees (VIPs) within a given company, such as executives, board of directors, etc., in a way that the collected data could be used for Red Team exercises. Some of the learnings from this presentation are as follows: - OSINT techniques for collecting company VIP’s data in depth - Importance of organization on an OSINT exercise - Free tools on the internet used by analysts and researchers |
| 3:30-4:15 pm |
OSINT Tools for Diving Deep into the Dark WebApurv Singh Gautam @ASG_Sc0rpi0n, Student Researcher, Georgia Institute of Technology How can you monitor and collect data from the dark web, what open-source tools you can utilize, and what are the benefits? If you are curious about the answers to these questions, then this talk is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like exploits, trojans, ransomware, etc. Monitoring and collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this presentation, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, and how you can create your data collection architecture using different open-source tools. |
| 4:15-4:30 pm | Break |
| 4:30-4:55 pm |
Leveraging OSINT to Track Cyber Threat ActorsCurtis Hanson @cybershtuff, Threat Intelligence Analyst, PwC In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors (a.k.a. hackers), there are non-technical OSINT techniques that support tracking threat actors. Several common open sources leveraged in tracking threat actors include indictments, corporate registries, news and social media. There are several cases that demonstrate this notion. In particular, contextualising information operations based on postmortem social media accounts; using indictment and sanction announcements to pivot off and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector. These cases are not only applicable to threat intelligence analysts, but law enforcement, investigative journalists, and similar investigative professions. |
| 5:00-5:30 pm |
Wrap-Up Panel Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |
| Friday, February 12 | |
| 10:00-11:00 am |
Keynote OSINT Efficiency: Extending & Building ToolsChris Poulter @osintcombine, CEO, OSINT Combine This session will take participants through the process of how to create efficiency with information collection & production of open-source intelligence by extending tools & platforms and then building custom tools using no-code-required platforms through to developing with HTML5 & JavaScript for web-based efficiency and collaboration. With a focus on creating tools that can be shared with the community, the workshop will provide skills in setting up low-attribution proxies to support browser-based OSINT tool development. We will create repeatable methods to collect & analyze common data points that can be applied to any web source which is publicly available. |
| 11:05-11:30 am |
Panel
Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. |
| 11:30-11:45 am | Break |
| 11:45 am - 12:30 pm |
Basic Persistent Threat (Monitoring)Matt Edmondson @Matt0177, Certified Instructor, SANS Institute We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques. |
| 12:30-12:55 pm | Talk to be announced |
| 1:00-1:45 pm |
Lunch & Bonus Talk Using Marketplaces for Valuable OSINT Data Jake Creps, Product Manager, Skopenow Jake will show you manual investigation techniques for discovering product listings and seller accounts. Learn how to expand your investigation and discover locations, phone numbers, email addresses, and other social media accounts from marketplace listings. Key Takeaways:
|
| 1:45-2:10 pm | Talk to be announced |
| 2:15-3:00 pm |
Is This Thing Even On? Leveraging Automation in OSINT CollectionDaniel Ben-Chitrit, Senior Product Manager - Cyber and Open Source Threat Intelligence, Authentic8 Online data is constantly changing, and the number of sites to investigate and keep track of grows every single day. Unlike other areas of security, there are few good options for OSINT data harvesting and even fewer for management. There is no "OSINT SIEM" that you can just pull the logs into. In this presentation, we'll look at: existing methods of OSINT collection; best practices and a range of automation techniques that can help meet mission requirements while providing managed attribution to keep investigations - and investigators - secure; and different collection options, when to use them and how to tie in standard best practices and managed attribution techniques. This presentation will also include a demonstration of how automation can ensure analysts are always collecting relevant information without manual collection. |
| 3:00-3:15 pm | Break |
| 3:15-4:00 pm |
Hash or It Didn't HappenSteven Harris @nixintel Open source internet investigation is becoming more commonplace in every area from law enforcement to investigative journalism, but digital evidence like screenshots, email headers and file metadata are still prone to manipulation. This talk looks at the challenge of establishing truthfulness in OSINT and some useful techniques to ensure the integrity of your OSINT work. |
| 4:00-4:30 pm |
Wrap-Up Panel Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |
