DFIRCON - Live Online: The ALL Digital Forensics, Threat Hunting and Incident Response Training Event. Save $300 thru 10/7.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Practical Open Source Intelligence: Six Tips for Starting an Effective Investigation

  • Thursday, August 18, 2016 at 3:00 PM EDT (2016-08-18 19:00:00 UTC)
  • Micah Hoffman

You can now attend the webcast using your mobile device!



The firewall was circumvented. IDS sensors never alerted and the IPS prevented nothing. Servers were breached and your company's internal, proprietary data is being shared with everyone on the Internet. Your manager walks into your cubicle and throws a scrap of paper on your cluttered desk. A single word is written on the page: "r0s3buhd". You glance up at your boss, for verification. She nods and you have your first Open Source Intelligence case: find anything you can about the attacker that did this to your organization. An attacker named "r0s3buhd".

Join me in this webex where you'll learn how to start an attribution-focused (looking for the human attacker) Open Source Intelligence (OSINT) assessment and avoid some of the obstacles that could keep your investigation from being successful.

Speaker Bio

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.