Reconnaissance is the very first phase of any Risk Assessment Exercise, which is often under-rated by many security professionals. Every pentester's arsenal should, therefore, include Open Source Intelligence (OSINT) and active reconnaissance for effective assessments.
This training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly used in offensive security. Of course, OSINT has found its application in various fields, but for this training, we will be focusing on the use-cases related to the offensive side of security. This hands-on training covers a wide range of OSINT techniques for finding, collecting and correlating publicly available information related to the target, be it a person, company, email, domain or an IP Address. This Extracted information will be further used for launching targeted and effective attacks.
The training will cover topics like unconventional search engines, Social Media Intelligence (SOCMINT), automated data mining, metadata extraction, data-dump harvesting, breach monitoring, Tor and much more. Utilizing a variety of such techniques along with freely available tools and services like DataSploit, Maltego, Foca, etc. as well as tailored scripts, participants will perform real-life attack scenarios. Training will not only cover these topics but will also go in-depth on how OSINT techniques can be chained together and even a small piece of information can lead to the catastrophic results for an organization.
The training program will cover the following topics:
Day 1
- Organization Profiling and Scoping
- Mapping the Attack Surface
- Whois & Reverse Whois, ASN ID, IP Lookups, Allocated IP Range Extraction
- Subdomain Enumeration
- Advanced Searching - Searching beyond Google
- Enumerating and Attacking Subdomains
- Certificate Transparency Reports and LDNS Walking
- Identifying Sensitive information from Code Aggregators and Public-Disclosures/Forums
- Spraying OSINT data over Organization Assets
- Attacking Assets with Spidering and Metadata Extraction
- Intelligent Brute Force Attacks like a Pro
- Automating Dorking and Pattern Matching
- Attacking Domain IP History
Day 2
- Identifying and Attacking Neighbours
- Identifying and Attacking Organization's Supply Chain
- Email co-relation Account identification and User Profiling
- Phishing Framework INtegration
- User's Domain/Service(s) Passwords using Breach Status
- Writing custom Module for DATASPLOIT
- Info Gathering using custom MALTEGO Transforms and Machines
- OSINT for Internal Network Penetration at Catastrophic Level
- Automating the 'Walkthrough Public Dumps'. Love for Python?
- Monitoring and Alerting for Attacks
- Online Anonymity
- Case Studies
- Quick OSINT CTF for Fun
You should have a laptop with admin access on it. It should have a browser and should support Wifi Connection in order to reach the Internet. Any OS is fine (Windows/Mac/Linux). Everything else will be provided in the Student Kit.
Please avoid Chromebooks.
Student Pack which contains:
- Slide deck and OSINT CheatSheet
- Important Tools and custom Scripts
- Code Skeletons
- Custom OSINT Browser
- Vagrant Configs - To create instant OSINT Machine(s).
- Answers to challenges (covered during the training program)
- Bonus Challenges
- Access to private CTF Server
- 1 Month Lab Access
