For the OSINT workshop, students should have the following:
- Laptop with windows OS. If an attendee is more comfortable with Mac or Linux, that's fine, but the instructor will not be able to provide much troubleshooting assistance.
- Ability to disable AV and any web content filtering in place on the machine
- Browser of attendee's choice
- Wireless access
- Recommended -- instance of Kali Linux on virtual machine (VMware, Oracle Virtual Box, or, in the case of an Apple person, Fusion).
How much data can be found on you or your company on the Internet? The unfortunate answer in today’s world is often far too much. Further, this data can often be used by malicious actors to cause damage to individuals or organizations through cyberattacks or social vendettas.
This short workshop will give attendees an introduction to OSINT by walking through the OSINT Framework available on GitHub. The instructor will help frame the exposure and risk that the different types of information present, and attendees will have an opportunity to perform some investigation of a subject of their choosing during the hands-on exercises that make up the majority of the workshop.
Among the topics covered during this workshop include:
- Goals of OSINT
- OSINT Frameworks
- Free tools to perform OSINT investigations
- Searching for data on companies
- People searching on social media
- Monitoring to protect you and your business
- Where to go for more extensive application
Conducting an OSINT exercise should be an expected part of the preparation for any vulnerability assessment or penetration test. It is through these queries that the potential aggressor learns about possible chinks in the armor worn by the target. At the completion of this workshop, the attendees should have a much deeper appreciation of how very true is the statement – “Nothing is ever really deleted from the Internet.”
Cybersecurity specialists and business owners should pay close attention to the amount of information about an organization or individual that exists on the web. This information is often exploited by hackers and other malicious actors bent on doing damage to the reputations of individuals or the integrity of business organizations.