Threat Intelligence and OSINT
BT209
Table of Contents
Description
Open-source intelligence (OSINT) covers the techniques and procedures practiced to retrieve targeted information from open-source networks containing immense amounts of data. This course teaches participants how to collect and analyze information using various tools and unique methods and apply targeted cyber intelligence to defensive operations to act on threats proactively. Participants will collect information from the DarkNet, social networks, classifying diverse sources, and creating their automated tools for a more advanced data gathering process.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.
Target audience
The course targets participants with a foundation understanding of the internet, who wish to gain advanced capabilities in open-source intelligence. Primarily:
- Threat intelligence analysts
- Cybersecurity professionals
- Law enforcement personnel
- Private investigators
Objectives
- Providing participants with the all-source methodology of employing open-source intelligence gathering
- Discovering the tools, techniques, and technologies needed to generate highly relevant intelligence
- Creating tools in Bash for precise and customized data gathering
- Understanding how to collect information from various social networks
- Exploring the Darknet for its “undercover” information bases
Pre-requisites
Syllabus
Description
During the first module, participants will learn the fundamental concepts of open-source intelligence and cover basic data collection techniques. Participants will set-up the virtual lab to serve them throughout the course for data collection, anonymous browsing, and more.
Technical content
- Introduction to OSINT
o Becoming Anonymous
▪ Building your Lab
▪ Setting Virtual Private Network (VPN)
▪ Proxy Layer
▪ Differences
▪ Working with VPS
▪ DNS Leakage Testing
o Reconnaissance of an Organization
o Open-source intelligence Terminology and Definitions
o Gray Areas and Ethics in OSINT
o Building an OSINT Plan
▪ Categorizing and Cataloging Information
▪ Organizing and Formatting Data
Description
In this module, participants will work with practical tools and search engines they will handle during the course for collecting data. Participants will deepen their understanding between various information sources, and will focus on gathering data from social networks. One of the key capabilities participants will gain during this part is the setting-up of search engines and OSINT tools to work more effectively using automation.
Technical content
- Searching for OSINT information
o Dive into Metadata
Common Files Metadata Web Sites Metadata People Search Engines
o Types of OSINT Sources
o Reverse Image Search - OSINT Tools
o Online Tools and Frameworks
o Introduction to Basic Bash Scripting and Automation
o Extracting Information From Major Social Networks Facebook
o Facebook Search
o The public and Private Profile
o Undergoing Social Media LinkedIn Data Twitter Data Instagram Geolocation
Description
In this module, participants will become familiar with a broader and more advanced array of OSINT tools and search engines. Participants will understand how to use metadata and maximize the use of different filtering and customization options for searching. By the end of this session, participants will acquire advanced capabilities of locating and extracting much of the desired information.
Technical content
- Mastering Google Search Engine
o Google Search Engine Advanced Search
o Geographic Information Gathering
o Searching in Different Languages
o Building a Google Custom Search Engine
o Reverse Image Search
o Legal Concerns and Privacy Issues - OSINT tools in-depth
o Crawlers SpiderFoot Maltego Recon-NG
o Mapping Openrefine Foca SearchCode
o Passive Target Scanners Shodan Censys.io Metagoofil Creepy TinEye
Description
The Darknet is considered the most prominent source of vast amounts of relevant information that is not accessible through the usual network. During this module, participants will learn to use the Darknet, how to pinpoint the information they are looking for, collect it, use avatars, purchase databases with sensitive information, and activate different automated tools for browsing and extracting information from the Darknet.
Technical content
- Darknet overview
o Understanding Global Internet Layers
o Surface Web and Deep Web
o Installing and Configuration of the Tor Browser
o Darknet Search Engines
o Installation and Security Concerns
o The Tor UI
o Onion System
o Find Hidden Services
o How Crawlers Operate
▪ URLs Crawlers
▪ Darknet Crawlers
▪ Freenet
o Understanding Cryptocurrency Marketing
▪ Bitcoin
▪ Wallets
▪ The Process
▪ Analyzing Databases from the Darknet
o Using Leaked Password Databases
Description
The ability to create OSINT tools that will fill the needs for a specific task is precious. In this module, the participants will learn to create OSINT tools using APIs and getting familiar with information sources.
Technical content
- Automated OSINT Tools
o Collection Techniques
▪ Search Engines
▪ Social Network
o Manual Website Scanning
o Bash Scripting for OSINT
▪ Working with APIs
o Passive Reconnaissance
▪ Static Analysis of HTML
▪ Google Custom Search Engine
▪ Social Monitoring
Labs
- Lab 1 Tracing Basic Information
- Lab 2 Searching for Information
- Lab 3 Using OSINT Tools
- Lab 4 Mastering Google Search-Engine
- Lab 5 Automated OSINT Tools
- Lab 6 Searching the DarkNet
- Lab 7 Identifying Avatars
- Lab 8 Configuring OSINT Automations
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- GOSI (SANS)
- C|OSINT (McAfee)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
