SANS CyberCast - SANS@Mic - Moving Past Just Googling It: Harvesting and Using OSINT

  • Webcast Aired Monday, 16 Mar 2020 8:30PM EDT (17 Mar 2020 00:30 UTC)
  • Speaker: Micah Hoffman

Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subject's computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And \normal people" shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet. While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data. Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the "whois" system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools. Come join Micah as he examines how to move beyond "Googling it" in your personal and professional lives.