OSINT: Fun with Open Source Intelligence

A good primer on OSINT, this course explains what Open Source Intelligence is and also covers types of OSINT sources, ethics and grey areas, useful tools available for OSINT information gathering including Google custom searches. The course will also cover cases and scenarios allowing the student to see how intelligence they have gathered can be used/ seen in different contexts. Students will also be exposed to tools like Maltego, FOCA and cree.py and work on labs where they will build their own fake/ puppet LinkedIn profile for intelligence gathering purposes, build a Google Custom Search Engine and gather intelligence on a large organization. Students will take away an appreciation for OSINT, why it needs to be a part of their toolbox, an intelligence gathering recipe and exposure to tools and techniques they can start using right away.

 

Course Outline:

OSINT Basics:

  • What is intelligence and OSINT
  • Grey Areas and Ethics
  • Robin Sage – A powerful Social Engineering experiment
  • Information is Everywhere
  • Lab 1: Using OSINT to build a fake/ puppet profile for intelligence gathering purposes and connecting with individuals of interest

Tools and engines for use in your OSINT searches:

  • Thinking and Analysis
  • Looking at websites
  • Google Custom Searches
  • Disposable Search Engines
  • FOCA, Cree.py & Maltego
  • Lab 2: Building your own Google Custom Search Engine

Scenarios and Cases:

  • Counter Intelligence and Defenses
  • Fake BBC news site and spreading misinformation
  • Attacking the Stock Market
  • General Petraeus and Clinton
  • Volkswagen emissions scandal
  • Mossack Fonseca (Mossfon)
  • Intelligence Gathering Recipe
  • Lab 3: Gathering intelligence on an organization
  • Concluding Thoughts

 

Jamal Bandukwala

Jamal Bandukwala is a security professional with experience in the financial sector. He is also a blogger and researcher with a variety of infosec interests including Google hacking, Open Source Intelligence & pen testing among others. He has previously presented at Black Hat Abu Dhabi 2011 and the ISEA 2012 conference/workshop at the Indian Institute of Technology Guwahati. His personal research and musings can be found at infosecmindstorm.blogspot.com