Open source intelligence gathering (OSINT) is an important part of the
reconnaissance phase of a penetration test. The more connected we are, the
more information about people and assets is held by seemingly everything. This
information can be juicy for both penetration testers and malicious threat
actors. Learning what sources of information is available to start an
engagement is a crucial step in completing a thorough but effective
exploration. Risks associated with leveraging, misusing or selling discovered
material is all too real. Especially considering 2017 US Senate investigations
regarding foreign influence. All tools and techniques can be further advanced,
ninjafied with Python, Ruby or PowerShell. The target audience is the curious,
beginning to seasoned penetration testers and those who wish to start their
own OSINT journey.
Attendees will have full access to an open source workbook used during the
workshop. All tools and documentation are open source and/or Creative Commons.
The workshop is a hands-on learning journey, using interesting and fun targets
to stimulate. Testers can spend more than half their time performing recon,
learn how to minimize time and effort. Learn about tools of the trade, APIs,
metadata and more. Lastly, how to communicate good OSINT for client reporting
utilizing time relevance, accurate data and target appetite.