OSINT And You: A Love Story

but magazine I do edit of research for host sense it's kind of what my bank closes I want to say thank you to all the volunteers all sponsors so I get to Americana for everything together it's not really just a lot with the SEC Casey which is one of the local groups out here and no one takes to get a lot of stuff going so it is you know every hour they put in we truly appreciate it also I just want to point out then I see where Jenny Shippo is the more the sponsors and all the people for there's no apology so what does invade the regards to hosted hosting in your role is a love door how many people know what

does it stands for about half the realm so most that comes from open source intelligence gathering you can list at all motifs are fading almost any store that you can get your hands on that's not a closed circuit so anything that you have free access to including dumpster-diving including data dumps including anything to the dark web through the clear side Google Dorking all that stuff and the intelligent size that is just what we're trying to learn about that this we target thank you sir cheers Cheers yes so in regards to the topic we determine what is kind of used what we focus on regards to adults gathering and why this is the love story the reason I fell in

love with Osen and Intel gathering is actually because of Chris Anderson before we even knew that he was going to be the keynote for this he had a podcast called o'clock liabilities one of the things that stuck with me through all the trainings everything else I've ever done is that he Leah said okay you can pop a box you can get shells you get root great what does that mean one of the real life applications of what you can do if you just get admin to a box is does nothing do you have nothing to go through and show you can damage you don't have the HIPAA information there's no card information Whitman speed only thing

you've done actually nothing other than weeks here on time oasiz is actually where the to decipher and the meatspace kind of beat up in regards to real life applications for a lot of that stuff so I want to go through a couple different things data mining versus those Dino data mining and data science is a big thing though because a lot of people are seeing that their true value and regardless are getting data mining applications for marketing and other things data mining for the most part takes a general or broad or maybe even anonymous look at some of that is being collected Posehn is very targeted you're trying to find out about one instance one target

one environment one person and you're trying to build off of that in regards to real-life applications for o--'s that it doesn't just live in the key information security space obviously it's very well used University vulnerability assessments and penetration tests the threat hunting also the blue team side has the ability looking in use code snippets that you may get from malware to go to and use and both house or any other house words with and see what other codes been used so they can timeline it back good energy find out in real life where those people are developing those codes or what what groups are latching on to that there's even been both of them as opposed to two pastebin where

they made a call us paste in regards to getting malware sub ran back so that that type of stuff provides real-life data in regards to where the lives governments businesses Medical Corps vegetables of CBC uses those head remarks you bring operates kind of time lining in fact I'm going through and using where people were life camera put is you're going to conceive who within that radius that may be exposed certain things journalists the fact checkers she probably is it warm pickles stops but it has it has roots and reverses let's get a journalist book one thing that I think a lot of people with no sense focus don't press into is the personal aspects where you can actually look at

your own identity on the internet or in your corporate environments you can actually research yourself and find out what if anything for your service attack vectors if somebody is you know if you are posting constantly in Facebook and other social media things that may be a way for people to go through and use that and a negative life which is kind of normal kids in summer stuff is your ear development and advancement and if you are looking at the company that you want to get into and you don't research that company you don't know what their plans are long term to determine who they're actually working with be it's you know friendly companies who are in

Britain or that's a fairly companies in Saudi Arabia that may be something that you won't look into like I said blue team is always going to want to defend using those that has the ability to go through and kind of help that stuff I don't know that you as much as it should be up and out of butene 1 you know I know this using honey pots and things like that really can get actionable data and reverse a lot and stuff and work it back to that but you know when they see leading red shirts and you know they can show them down sure it's the greatest feeling in the world so here's where we get into kind of the

dark side of Oh since obviously this is open source information this isn't something where just the red team just blue team's going to go into it I don't know if anyone's heard of something called random order a lot of people are finding it very lucrative you go through and use that and be the data that's out there to go through and puts print somewhere into you know pictures of it download files will explain anything like that whoever and it's well the things where they can use that open source intelligence to go through into mates where you no longer have your bodies reading loves to win obviously with using those and things like that we can create a platform and have real-time

actionable intelligence going through that actually stop or create whatever we want and regards to the winds so be that pretexting be the fishing campaign because anything else that you know that person is going to subscribe to so let's get into a couple of examples of buttons social engineering and the intelligence that you're using obviously like I don't know if you've ever seen any things on Twitter works click play your hacker name game what's the color you're sure your email just or something you'd use a little bit better I'm going to post my value lines I've just got this new job as a medical a medical investigation professional just with that stuff there we know that obviously where she works

what she does what sort of altercation she has so in making anything the rehearsal fishing campaign or I did eat that or even just using that badge itself is going to an impersonate a person on her staff to go through into a access and no one's going to a Medical Investigator doesn't matter where you are that's a cool child so this has the golden age of social media and obviously you can go through and do your own data mining and you can filter your own things and you can see what people may enjoy just like you do these two happen to be current security including some enjoy warm films that work for necklace Barbara for Facebook as well so not only

is this something where you can be leveraged that to go through and say okay well I'm going to go through and pin Benton now learn to a set of rat photo and you know send that over to them and they own the machine that way but it's this type of information that you can take and really pin down or profiles via a sensor and that may be just on the corporate side so if that is your ear your target you're looking to go through and actually you know profiles individuals inside your your target environment that you're trying to gain access to then getting to the people making one thing that you can actually try to try to try to target

into but a lot of people will still go to a post this type of information online on a public forums which Twitter where you have your visa and then you ask wise what has what accurate numbers are in the code there item so that's a stuff obviously even though he didn't use this as a malicious attacks good we just try to user Denver we know this person here has the trusted brand that they didn't use so if we were to call her or send her an email or do anything as the guys of visa security or something we've already approached her in a minute where she knows that a ballad companies that she's done business with and we are

getting so this is just do this just don't thing where I actually saw this on Twitter and the guy's clothes was you know if your woman's not asking for your money and you're kind of history then you know you're no good to her whenever so if you're posting your your social security number and your your credit cards online I mean it reversed I think that the loan this this is just revisit easily which is something we have to do and try to change so now that we have the data what we do with we're able filaments to collect all this an open source intelligence here and it depends on what you're actually trying to do

what your main objective regardless so if you're looking as a personal security you get your own data and you see what did they locked in lockdown you you know where you going you can delete or opt out nothing like family tree now calm excuse your complete genealogy and two or three degrees of contacts beyond that so it has your family and then their family and then people in their known addresses known addresses telephone numbers email addresses and that's a free site this isn't anything like urban investigator views like LexisNexis or anything like that but that's something where you can take a lunch break you like colleges you're welcome you dad is this America so there are opt outs of those things

but a lot of that sub isn't isn't as known so once you have an idea of what you want to do whether it be a red team investigation or a blue team defense stance you can take the information that you gathered and then you can apply rules of are see what your conduct for your employees are you can do advanced Google Dorking or google searching to go to and see what other opportunities are out there to go to block four to it but more data out there to go to and confuse the situation you can actually do disinformation campaigns to go through and actually puts more mixing out there that will say oh I actually check that

addresses both of this one so when you get that back in a marketing company for an attacker says okay well I'm contacting you to do it in this area you know at that point that are obviously think of that trail and they're trying to use it against you so in regards to other tools that we use in regards to mostly the breadth each side but this works for some of the blue team stuff as well there is a couple difference specific tools multigo is amazing I don't know if anybody has an opportunity work of Montego Levi's nope nothing who is so multi go is that open source or constants tool I should it is open source it has a community edition

that if you I think it's 12 lengths per search which is not a lot considering it can be not over 5,000 per search depending what you're doing the beautiful thing about multi go is if you have to present it to anybody it puts it in a very very visual form that's Ana grid that is very very pretty to look at and anybody can follow the through lot so get you this to a c-level person and you have to give this class if you're training the elderly in traverse the stuff I'm not being funny I regard that stuff because I think they suffer the most in rehearsal office there is the ocean frameworks it was created by

Justin or Dean and essentially it's a mind map with a lot of the leaf out there for public data it has some stuff for for malware analysis it has a lot of information in regards to personal detection not to what you reverse the business stuff but it does have some of the sudden business showed in did I ever heard of shown in short answer good tools a lot of plenty stuff on showed in so show Tim is a search engine essentially for web hands for anything that's attached to the internet it's not the Internet of Things there's another thing for that this this if you have a webcam or web service that's one of your

pets or something like that and it's not locked down it will be registers who showed it and they can view live at the time whatever Negresco faculty and you follow this at this or dan can link things online but he is up some amazing stuff showed in and it's very there's a couple of other things in regards to the base profiles so there's a two other called tender base scraper so it takes essentially anything that you put on tinder and it will map the base and then you can do facial recognition from there and regard to other things there's another tool called baseline or Pro which is a good open source tool they do I should say open source

it was a open source project and now there's part of the deaf community and they have a Pro Edition the proration is very nice because even if you get into it I have $50 free to try it out so it's kind of fun there's another tool that allow people use called stock scan which is specific for Facebook a lot of that maybe you thought was private photos and things like that this has the ability once you get the end of the Facebook user ID and put it in there it will pull all the concepts so it will pull all your life all your interests all your photos anything that's not expressly marked private regardless so that and

regards to profile and detailing for social engineering is there's a lot of money shouldn't say functions so if you are looking at a corporate environment does anyone ever heard of unlinked in there's someone who there's a group of people called lions you've ever heard of the LinkedIn lions just if it is the only person check is that outside so the lions and Lincoln open networkers essentially these are people that make most sense so much more interesting they take any requests or LinkedIn and they'll say oh they do termite Network and then that person has 500,000 10,000 different contacts inside so with a tool called the endorser you can actually get them to take their profile and it will

map out all of their contacts if you marry the endorser with another tool like Kingfisher or something else does efficient campaign it automates its you can get some real has engendered are cuts up and it's all from them wanting to go to them via this lion status and regards so it has a lot of attentions to do a lot of damage which again is what we are trying to - and make aware to people the more that you post on there without the regulation of certain information just as more surface or tack vector to social engineers and simply social image sharing the length of it and you have to data with the blue teen side you're

obviously going to make sure that every ounce of information that you can gather in regards to any instant response or any attack anything else is going on like the ruggedness and the kill chain earlier you can try to deny everything but placing it back to a source especially in the physical space makes it a little bit easier for regulators for government officials for law enforcement to go through and actually Paxton regards that red team place that red can just go in to deal with it and repair personal security and stuff I think a lot of people can take away a lot of value in regards to you know if you want to call it googling yourself

you call googling yourself but active research in regards to who you are online offline reverse your credit your banking I don't know if anyone else has ever used the site have I been home calm so I have several evil aggressors and I've been told at significant amounts in Arezzo but what my email just only has three three different of pwnage being above it but going in there and making sure that you know the data may be sure that you're aware of what's going on knowing when the breaches happen so that you can react because it's going to happen obviously we're at a conference in regards to security and we know security is not a closed system at this

time so things are going to happen dad is going to leave breaches are going to be happening every one to fifteen twenty seconds or something like that it's more important to go through and give that information and act then has to impress Isaac and not go to disclose us so also introverted the corporate environment if it's something where you can go through and you can test or monitor or just make sure that you are not releasing since their information reverse of what your badge looks like in regards to security for the doors so if I the social engineer is trying to get on site for impersonation I don't know what the layout is because that makes it more a lot easier for

someone to get inside and be like I'm go to another breaker or I'm going to go to the bathroom or I'm going to set up this harp just be Skinner here and get everybody past devil totally so some people that have been doing some amazing amazing through truly amazing things in her Somoza and when ever heard of Bella cats they call themselves a toast at research they're essentially investigative journalists that operate out of England and they do a lot of real-time investigation be able to sense with very heavy stuff war crimes Syria they may be bumped the the North Korea nuclear missile thing just by looking at photo of it and comparing it to other

other informations that have the slack channels open ocean right here has some awesome awesome resources and very very big heavy hitters and regards to assess do what ever heard of Michael basil because open source until techniques he trains government people how them do not be stupid online he's got a podcast go privacy and food security it's really good eating a book yeah it is he's come out with its fifth edition so it his stuff is really good just incites automating go CENTCOM he is he also broke grey hat hacker and black eye hacker for Python very very good he's also on their fatal [Music] if it was Oscar sorry Babel is on there as well look it

up because I know he said about me especially I see this talk of seizing something but he's the reason we made some of Facebook and actually working back in regards to what's groups of people who have been signed up for what universities and what your actual Facebook ID is so if it starts with one zero zero two zero zone he can tell you specifically what college we were you logged in from then like that is open ocean add dot slack everybody else will to go through and check that out it's a good group there's a ton of people like that Justin or Dino SIA the Opus of the open source framework Dutch Olson guy is

also on Twitter there's a ton of people on there I didn't listen to step up to anyone anybody else just go through and take a photo of it if you guys look at these people I feel like you should have to do the research so but also sexy sing this vocal group out here if you have any questions or maybe I want to attend too many or anything I'd like that obviously we have information monthly in regards to a wide range of topics in just one minute talk this is very very difficult to get into specifics with a lot of stuff but I hope that at least some of the stuff that you guys didn't

know about maybe you have a little more clarity regards to if there's something that you have any questions about you're always welcome to come ask me and have all the time the world sucks automated searches there are our tools a recon ng in Cali Montego the harvester some of the other stuff out there so a lot of people are producing tools for constant work a lot of us has more based in the corporate side and it's usually doing overlay for like pipe off instructions up at that but there will be both tools a lot of Python a lot of go automating the searches and stuff like that especially with all the API ropes and things that

we're getting with Twitter social media with all these other sites that is just dumping information out there so a basic accommodation with the searches would be will be ubiquitous and it won't be something where you going to Google everybody or white pagelets that's that's that's something that will happen the future I believe MaxLite is one of these I did one put up here back slate is a service that actually if you sign up for will go through a monitor the dark web in Traverse City hits for your stuff so if there is any breaches or anything that's out there there's a forums or anything there using your personal identification max life is a free service and they will going to

monitor you then I don't think they give you a lot of where the information is back but they will tell you what was compromised so that you can take the appropriate forces and you've got pivots in regards Edison and then I kind of want to leave you in reverse to these last couple of statements here you know what is the true cost of a data breach I don't think England's really found out what the true cost of all the stuff is because you have my email because you have my address because you have all that stuff people may just put that off and say you know what it's already out there no big deal if you don't change

your password shame on you but eventually with these data breaches it's going to become something that will catch you down the line either to identity theft or inability was going to log into something or eventually something to where you're not trusted and if you're not trusted online and you can log into something that may have a future cost so think about the ripple effects in regards to the crew calls that that reaches an office how do we protect it owes it that they buy this in the future it really takes consideration from you what you post online and what you put out there regards to your own privacy concerns is something that can come back

to bite you in the ass but at the same time we are human and we like to go to insurance we like to go to inflation there's there's there's a good feeling you get when something's like you're going to park or something else like that I can post pictures all day from you know be sad Spacey whatever but if you go back to my stuff I'm not telling you you know personal details to Garcia I am I still want to share socially but that's one who ever look you're going to difference the math to the metadata and try to find out like exactly what type of phones I have where the geolocation thing is which is turned off or all my other

stuff you know it's one of the things you have to be kind of cognizant of how you approach the web in reverse trees trading is one of those things that like Dickerson says like anyone else has said is really the only way that we kind of fight these things because we don't have the education then you can't really stop it and eventually like I said all of our phones dad's together grow up and they're all going to become seniors and the technology in ten years is going to be way different from it is now they won't be able to note how to use their Y phones will be high so many more and they're going to be the ones who are

looking at the other side of a phone call from NIS or an IRS scam or something like that if we can go through and help trade them now we can print line stuff maybe in the future but that's really what this talk is kind of all done I will leave you this

Oh [Applause]