Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Consuming OSINT: Watching You Eat, Drink, and Sleep

  • Tuesday, October 16, 2018 at 3:30 PM EDT (2018-10-16 19:30:00 UTC)
  • Micah Hoffman, John TerBush

You can now attend the webcast using your mobile device!



Ah vacations, walk-abouts, and holidays. Most people love getting away from work and the stresses of daily life. Coworkers look at sitting in the sun on beaches for a little rest and relaxation. Families head off to historical sites, camp grounds, or to amusement parks for entertainment. And OSINTers, we sit back and watch people "check-in", snap photos of their food, rate their wine, and share details inside hotel rooms. What a glorious time of the year!

Come join John TerBush and Micah Hoffman, author of the new SEC487, Open-Source Intelligence Gathering and Analysis class, as they show how people collect and use food-ratings, images from reviews, and other information for OSINT and investigations.

Speaker Bios

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

John TerBush

John TerBush works as a senior cyber threat intelligence (CTI) analyst serving multi-national enterprises in a variety of industries including finance, manufacturing, retail and energy. In this role he conducts open-source and dark web investigations, malware and traffic analysis, tracking of threat actors and their tactics, techniques and procedures, and many other tasks in order to provide analytical and technical support to clients. Previous to his role as a CTI analyst, he worked as a security operations center (SOC) analyst with a large managed security service organization handling response for numerous Fortune 500 companies. While working through a sea of alerts and research, he developed a focus on creating network detections and tracking attacks.

Prior to entering the information security field, John worked for over two decades in legal research and private investigations, providing open-source research, surveillance, court testimony, undercover operations and other investigatory work of all types. John acted as the director of investigations and lead investigator for two well-known regional investigation companies for over a decade, before starting his own investigations firm.

John assisted with the development of the SEC487: Open-Source Intelligence Gathering and Analysis course. John is a member of both the SANS GIAC Advisory Board and the SANS Open Source Intelligence Summit Advisory Board, and holds the GIAC GCIA and GREM certifications as well as the Certified Information Systems Security Professional (CISSP).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.