OSINT – Open-source Intelligence
In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. You will get equipped with various tools and techniques and learn how to set up a virtual lab and protect yourself. This is a …
Overview
In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. You will get equipped with various tools and techniques and learn how to set up a virtual lab and protect yourself. This is a comprehensive course that will be using free open source tools to investigate people and companies. No matter if you are totally new to the fascinating world of OSINT and hacking or have some experience, this course will walk you through how both hackers and investigators use these tools and why.
Our Open-Source Intelligence (OSINT) Course is a comprehensive training package aimed at researchers, investigators, law enforcement, government, military & decision support personnel. We teach you how to use advanced methods & techniques to collect, analyze & produce high-quality open-source intelligence & support your mission.
learn real-world applicable skills that are utilized by law enforcement, military intelligence, private investigators, loss prevention, cyber defenders and attackers all use to help aid in their investigations.
By the end of this course, you will have a good understanding of OSINT, how to perform it, the tools necessary, and how your own information online could be used against you. You will learn Linux basics and how to set up your own virtual lab.
What you’ll learn:
You will learn real-world applicable skills that are utilized by law enforcement, military intelligence, private investigators, loss prevention, cyber defenders and attackers all use to help aid in their investigations. After completing this course, learners should be able to:
- Create an OSINT process
- Conduct OSINT investigations in support of a wide range of customers
- Understand the data collection life cycle
- Create a secure platform for data collection
- Analyze customer collection requirements
- Capture and record data
- Create sock puppet accounts
- Harvest web data
- Perform searches for people
- Access social media data
- Assess a remote location using online cameras and maps
- Examine geolocated social media
- Research businesses
- Collect data from the dark web
Who Should Attend:
This course will teach you techniques to help your work whether you are trying to find suspects for a legal investigation, identify candidates to fill a job position, gather hosts for a penetration test, or search for honey tokens as a defender. While this list is far from complete, the OSINT topics will be helpful to:
- Cyber Incident Responders
- Digital Forensics (DFIR) analysts
- Penetration Testers
- Social Engineers
- Law Enforcement
- Intelligence Personnel
- Recruiters/Sources
- Private Investigators
- Insurance Investigators
- Human Resources Personnel
- Researchers
Why is this important?
Whether you are in cyber network defense, an intelligence analyst, corporate investigator, or law enforcement personnel, we have the curriculum and qualified instructors to enhance your capabilities. From tracking the digital exhaust from a target on the dark web to uncovering a source looking to disrupt your brand reputation by stealing your intellectual property – organizations must be equipped with defenses to prevent critical disruption in their company’s operations.
Module 1 – OSINT for data collection – start-up:
Starting with DNS enumeration, getting useful URLs, IP and host finder, we will dive into harvesting email addresses anonymously and finding information about an email. Google dork or Google hacking database will play a crucial role in finding the complete information about anything deeply. Netcraft, web archives and cached data will complete this module with outstanding command over all the topics discussed. You can start OSINT straight from here.
- DNS Enumeration
- DNSSEC analyzer
- URLcrazy
- URL Expanders
- Passive recon
- IP, Host automater
- Harvesting email addresses
- Email information gathering
- Netcraft analytics
- GHDB
- Multiple Website Archives
- Cached data
Exercises:
- Harvesting email addresses
- Using Google dorks to find hidden data
- Searching for cached data
- Using Automater
- Gathering DNS records
Module 2 – Company, Social Networks and file metadata OSINT:
This module consists of several such tools that are capable of doing anything from extracting information or data from the file’s metadata, insights of a company’s details that will be beneficial while conducting attacks for pen-testing. We will dig into databases of job site postings to figure out the servers and databases used inside a company. Further, we will find people, their details, phone numbers, and social profiles will be gathered in order to perform social engineering. Maltego-CE will be investigating domains, people, email, and so on. We will get details about a picture, from date and time, pixel, focal length, geo-location, and much more.
- FOCA – Extract information from metadata
- Metagoofile
- Opanda PowerExif – Data viewer
- EDGAR – Accessing company insights
- Company search database
- Get database/server used in a company with job site
- Twofi – Twitter data
- Peekyou – people search
- Lullar
- Maltego-CE – finding links and details with an investigation
- Facebook OSINT
- Twitter OSINT
- Google+ OSINT
- LinkedIn OSINT
- Reddit, Tinder, eBay, Craigslist (Classifieds)
Exercises:
- Database server of a company from the job site
- Information about a picture (Metadata)
Module 3 – Databases and records:
This module will make you think of yourself as an investigator or something like a crime scene investigator. Getting data leaks of someone’s email record, information about terrorist group’s strength, blasts weapons, etc., feeling like James Bond will be when you get someone’s flight details. Vehicle records, wireless networks around you, cell phone tower locations worldwide, employee records, important documents with a whole database, default passwords, live cameras, finding geo-location details over a live map, and, most importantly, government data that is top secret. All of these are key information that needs someone to hack into or penetrate networks for security testing. We will collect data even from the Darknet (Dark web).
- Exploit DB and search sploit
- Terrorism record database
- Hunting criminal records
- Default passwords DB and lists
- Juicy information from Dark web
- Data Leaks hunt
- Air traffic live database
- Mapping the fence like intruders
- Vehicle records and database
- Live cameras in the world
- Wireless network mapping
- Cell phone tower mapping
- Important Documents search database
- Employee profiles
- Government Records
Exercise:
- Investigate leaked data
- Get the flight data on and before the time of landing
- Map the fence of a location
- Find employees of an organization
Module 4 – Threat Intelligence – Automating the whole thing:
The last module of this course will remind you how the black hat hackers work without leaving a trace of presence. From GUI tools to CLI, the first three lessons dive in with multiple format information gathering. Recon-ng alone is powerful enough to get each piece of information, from internal IP addresses to the geo-location of stand-alone servers around the globe and that makes us think about how many load balancers may be there. And yes, threat intelligence will prove to be a backbone for security guys who think about protection from Zero-day attacks. We will get cell phone numbers and details about that from a social profile. Web information leakage about the servers, misconfigurations, developer’s comments in the source code will leave a web application open to attack. And finally, the SHODAN HQ, which is called a search engine for hackers, will be playing a great role in hunting vulnerable servers, databases, routers, cameras, and so on.
- Spider foot – Extracting information in a GUI
- Discover script – multi-specialty hunter
- Recon-ng – Complete info data
- Threat Intelligence
- Recorded future
- Search engine for Ethical hackers
- Accidental leakage data web leak
- Mobile phone number details
- Exploits and advisories
- Bonus – Godfather of every OSINT
Exercises:
- Search for vulnerable or outdated servers of Microsoft
- Perform the recon-ng on the target site
- Collect geo-location IP addresses of target