This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Knowing is Half the Battle
Today we continue our spotlight on Black Hat USA 2013's extensive schedule of Trainings, with a focus on intelligence: getting it, and using it. Mastering the technical aspects of hacking is important, but having the right intel at the right time can mean the difference between victory and ignominious defeat. Check out these four Trainings, which aim to help you master the art of intel.
Aside from basic O/S and app enumeration, it's surprising how little time many security pros spend profiling targets. Unfortunate, as proper enumeration exposes vulnerabilities, boosts the odds of success, and reduces attack noise. In Advanced OSINT Target Profiling (aka OSINT Target Profiling Like A Pro), two-time DEF CON social engineering CTF winner Shane MacDougall will show you the tools, websites, and procedures that every offensive actor should have in their arsenal. Remember, just because a piece of info seems irrelevant at first doesn't mean it is.
F3EAD is hard to pronounce, but the U.S. Special Operations Forces prefer it to saying "Find, Fix, Finish, Exploit, Analyze, and Disseminate," its proven methodology for taking out the networks of terrorists and insurgents. The Cyber Intel F3EAD Training will take you through each stage of F3EAD, and how you can adapt these intelligence practices for your own defensive operations. This will let you focus not only on one-off indicators but the overall threat factor, giving you the 50,000-foot view needed to piece together a cyber adversary's operations.
Whether mapping a target's infrastructure or profiling a person's sphere of influence, Maltego is the open-source tool of note. Digital Intelligence Gathering Using Maltego will show you how to unlock its true potential, enhancing your understanding of its underlying technologies and helping you extend it with your own code. This two-day Training will be packed with practical exercises using real-world data, and will touch on everything from mapping infrastructure to profiling individuals to extracting data from social networks and geotagged pictures. In short, prepare to get your hands dirty.
Information is the lifeblood of investigations, so it's crucial for investigators to obtain info that's both useful and accurate. In Ultimate Investigative Interviewing you'll learn techniques to establish rapport and gain trust, master the art of asking questions, detect lies, and gain new understanding of the workings of memory, as well as memory-retrieval techniques that are admissible in court. The result of over 40 years of research and real-world validation, the techniques taught in this Training will prove invaluable.