Open-Source Intelligence Summit
Live Online | Free Summit: February 11-12
Add all of the OSINT Summit presentations to your schedule by subscribing to the OSINT Summit Calendar
*You must be registered for the Free Summit to gain access to these presentations. Register now!
We strive to present the most relevant, timely and valuable content. Please check back frequently for changes and updates.
Thursday, February 11, Eastern Standard Time | |
---|---|
10:00-10:15 am |
Opening & Welcome Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |
10:15-11:15 am |
Keynote Investigating DisinformationJane Lytvynenko @JaneLytv, Reporter, BuzzFeed News This session will look at the issue of disinformation in a global context. It will dissect how online disinformation spreads and the effect it has both abroad and in the US. The session will also go through basic strategies and approaches for investigating false information online. |
11:15-11:30 am |
Break |
11:30-12:15 pm |
Using Mobile Apps to Leverage OSINT InvestigationsMatthias Wilson @mwosint, OSINT Blogger We all know how OSINT can leverage investigations in general. However, not everything can be found using the browser-based access to platforms such as Instagram or Facebook. In order to find out who is behind a certain phone number or email address, the use of mobile phone apps can be helpful. From WhatsApp to Snapchat, from Google Lens to caller ID apps; the presenter will show how these apps can provide valuable information and provide further leads to follow up upon with traditional OSINT techniques. |
12:15-12:40 pm |
Rx for Pinocchioitis & Chronic Echochamberosis: Keeping Bias, Manipulation and Fake News Out of Your OSINT AnalysisHeather Honey @H2OSINT, President, Haystack Investigations Bias, manipulation and disinformation permeate social media, traditional media and most online content. Open source investigators and analysts must be acutely aware of how these factors influence the content they evaluate for collection. Biases can have a detrimental impact on intelligence collection and analysis but there are simple techniques that OSINT practitioners can use to help recognize bias in themselves and others and concrete steps to mitigate the impact. Through case studies, this presentation will examine how bias is exploited to manipulate social media consumers and to spread disinformation. We will also examine some OSINT tools and tradecraft that can be used to expose disinformation and combat online manipulation. |
12:45-1:30 pm |
Lunch & Bonus Talk Out in the Wild: How OSINT Supports Proactive Defense In the SOC, defenders are often true to their name-playing defense to manage detections, assess risk, and protect the network from an ever-evolving barrage of threats. However, attacks don't start with alerts-they start with the infrastructure that attackers set up to deliver the attack. Proactive open-source investigations and external hunting practices can help shift your security posture from reactive to proactive. Learn how you can use real-world attacks and open-source data to:
|
1:30-1:55 pm |
OSINT Google and Social Networks HacksIrina Shamaeva @braingain, Chief Sourcer & Partner, Brain Gain Recruiting Many useful bits of info and search functions are hidden and less known. My presentation will shine some light to simple Google search, Facebook, LinkedIn, and other hacks that would allow you to get the info and access functions with a few mouse clicks. No need to script or use expensive tools. |
2:00-2:45 pm |
Extracting and Analyzing Social Networks Data EfficientlyAzat Kashparov, Head of Research and Development, Social Links The workshop will be dedicated to the methods of researching web resources code and requests in order to gather and organize accurate information. During the course of webinar we will go through a complete analysis of a popular social network, analyzing html files, json files, api requests and more. |
2:45-3:00 pm |
Break |
3:00-3:25 pm |
Leveraging VIPs Attack Surface Through OSINTYgor Maximo @mxm0z, iSecurity Inc. The presentation will try to describe and go through an OSINT engagement focused on gathering information about high privileged employees (VIPs) within a given company, such as executives, board of directors, etc., in a way that the collected data could be used for Red Team exercises. Some of the learnings from this presentation are as follows: - OSINT techniques for collecting company VIP’s data in depth - Importance of organization on an OSINT exercise - Free tools on the internet used by analysts and researchers |
3:30-4:15 pm |
OSINT Tools for Diving Deep into the Dark WebApurv Singh Gautam @ASG_Sc0rpi0n, Student Researcher, Georgia Institute of Technology How can you monitor and collect data from the dark web, what open-source tools you can utilize, and what are the benefits? If you are curious about the answers to these questions, then this talk is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like exploits, trojans, ransomware, etc. Monitoring and collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this presentation, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, and how you can create your data collection architecture using different open-source tools. |
4:15-4:30 pm |
Break |
4:30-4:55 pm |
Leveraging OSINT to Track Cyber Threat ActorsCurtis Hanson @cybershtuff, Threat Intelligence Analyst, PwC In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors (a.k.a. hackers), there are non-technical OSINT techniques that support tracking threat actors. Several common open sources leveraged in tracking threat actors include indictments, corporate registries, news and social media. There are several cases that demonstrate this notion. In particular, contextualising information operations based on postmortem social media accounts; using indictment and sanction announcements to pivot off and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector. These cases are not only applicable to threat intelligence analysts, but law enforcement, investigative journalists, and similar investigative professions. |
5:00-5:30 pm |
Wrap-Up Panel Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |
Friday, February 12 | |
10:00-11:00 am |
Keynote OSINT Efficiency: Extending & Building ToolsChris Poulter @osintcombine, CEO, OSINT Combine This session will take participants through the process of how to create efficiency with information collection & production of open-source intelligence by extending tools & platforms and then building custom tools using no-code-required platforms through to developing with HTML5 & JavaScript for web-based efficiency and collaboration. With a focus on creating tools that can be shared with the community, the workshop will provide skills in setting up low-attribution proxies to support browser-based OSINT tool development. We will create repeatable methods to collect & analyze common data points that can be applied to any web source which is publicly available. |
11:05-11:30 am |
Panel
Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute The OSINT Curious Project is a source of quality, actionable, Open Source Intelligence news, original blogs, instructional videos, and a bi-weekly webcast/podcast. |
11:30-11:45 am |
Break |
11:45 am - 12:30 pm |
Basic Persistent Threat (Monitoring)Matt Edmondson @Matt0177, Certified Instructor, SANS Institute Sometimes OSINT isn't about digging deep on a topic and moving on; sometimes it's about constantly monitoring for anything that meets a specific criteria. It doesn't matter if you call it "indications & warnings," "brand monitoring," or "persistent monitoring;" the struggle is real and commercial solutions can get really pricey really quick. This talk will cover free and open source options that can be hosted in the cloud for pennies a day and provide 24/7 monitoring for the internet, social media and even a dash of dark web. |
12:30-12:55 pm |
Haters Gonna Hate: Gathering and Analyzing Hate Using OSINTNico Dekens @dutch_osintguy, OSINT consultant and investigator; Certified instructor candidate, SANS. Within the structure of the intelligence cycle, Nico will talk about how to use OSINT techniques to gather and analyze online hate content and hate groups. In the last several years, online hate and hate groups are seeing more momentum and online presence then ever before. By using structured methodologies, tactics, techniques, and procedures, it will become much easier to perform a sound analysis on this subject matter. This talk covers the fundamentals needed to understand how to track online hate or hate groups using OSINT. |
1:00-1:45 pm |
Lunch & Bonus Talk Using Marketplaces for Valuable OSINT Data Jake will show you manual investigation techniques for discovering product listings and seller accounts. Learn how to expand your investigation and discover locations, phone numbers, email addresses, and other social media accounts from marketplace listings. Key Takeaways:
|
1:45-2:10 pm |
Hard and Soft OSINT Skills for SuccessJeff Lomas @bleubloodhound, Detective, Las Vegas Metropolitan Police Department; Certified Instructor Candidate, SANS Institute The OSINT and cyber forensics fields can be challenging for someone to get into and the same can be said for employers looking for qualified employees. The field for OSINT-related work is evolving, so it is important to understand three core hard skills and three core soft skills that are needed to adapt. We will examine how the soft skills of communication, curiosity, and creativity are necessary to successfully foster the hard skills of problem-solving, knowledge of networking, and coding from an employer and employee perspective. |
2:15-3:00 pm |
Is This Thing Even On? Leveraging Automation in OSINT CollectionDaniel Ben-Chitrit, Senior Product Manager - Cyber and Open Source Threat Intelligence, Authentic8 Online data is constantly changing, and the number of sites to investigate and keep track of grows every single day. Unlike other areas of security, there are few good options for OSINT data harvesting and even fewer for management. There is no "OSINT SIEM" that you can just pull the logs into. In this presentation, we'll look at: existing methods of OSINT collection; best practices and a range of automation techniques that can help meet mission requirements while providing managed attribution to keep investigations - and investigators - secure; and different collection options, when to use them and how to tie in standard best practices and managed attribution techniques. This presentation will also include a demonstration of how automation can ensure analysts are always collecting relevant information without manual collection. |
3:00-3:15 pm |
Break |
3:15-4:00 pm |
Hash or It Didn't HappenSteven Harris @nixintel Open source internet investigation is becoming more commonplace in every area from law enforcement to investigative journalism, but digital evidence like screenshots, email headers and file metadata are still prone to manipulation. This talk looks at the challenge of establishing truthfulness in OSINT and some useful techniques to ensure the integrity of your OSINT work. |
4:00-4:30 pm |
Wrap-Up Panel Micah Hoffman @WebBreacher, Principal Instructor & Summit Co-Chair, SANS Institute |