Threat Intelligence and OSINT

BT209

Table of Contents

Description

Open-source intelligence (OSINT) covers the techniques and procedures practiced to retrieve targeted information from open-source networks containing immense amounts of data. This course teaches participants how to collect and analyze information using various tools and unique methods and apply targeted cyber intelligence to defensive operations to act on threats proactively. Participants will collect information from the DarkNet, social networks, classifying diverse sources, and creating their automated tools for a more advanced data gathering process.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.

Target audience

The course targets participants with a foundation understanding of the internet, who wish to gain advanced capabilities in open-source intelligence. Primarily:

  • Threat intelligence analysts
  • Cybersecurity professionals
  • Law enforcement personnel
  • Private investigators

Objectives

  • Providing participants with the all-source methodology of employing open-source intelligence gathering
  • Discovering the tools, techniques, and technologies needed to generate highly relevant intelligence
  • Creating tools in Bash for precise and customized data gathering
  • Understanding how to collect information from various social networks
  • Exploring the Darknet for its “undercover” information bases

Pre-requisites

ThinkCyber Level-1 Courses

Syllabus

Description

During the first module, participants will learn the fundamental concepts of open-source intelligence and cover basic data collection techniques. Participants will set-up the virtual lab to serve them throughout the course for data collection, anonymous browsing, and more.

Technical content

  • Introduction to OSINT
    o Becoming Anonymous
    ▪ Building your Lab
    ▪ Setting Virtual Private Network (VPN)
    ▪ Proxy Layer
    ▪ Differences
    ▪ Working with VPS
    ▪ DNS Leakage Testing
    o Reconnaissance of an Organization
    o Open-source intelligence Terminology and Definitions
    o Gray Areas and Ethics in OSINT
    o Building an OSINT Plan
    ▪ Categorizing and Cataloging Information
    ▪ Organizing and Formatting Data

Description

In this module, participants will work with practical tools and search engines they will handle during the course for collecting data. Participants will deepen their understanding between various information sources, and will focus on gathering data from social networks. One of the key capabilities participants will gain during this part is the setting-up of search engines and OSINT tools to work more effectively using automation.

Technical content

  • Searching for OSINT information
    o Dive into Metadata
    ▪ Common Files Metadata
    ▪ Web Sites Metadata
    ▪ People Search Engines
    o Types of OSINT Sources
    o Reverse Image Search
  • OSINT Tools
    o Online Tools and Frameworks
    o Introduction to Basic Bash Scripting and Automation
    o Extracting Information From Major Social Networks
    ▪ Facebook
    o Facebook Search
    o The public and Private Profile
    o Undergoing Social Media
    ▪ LinkedIn Data
    ▪ Twitter Data
    ▪ Instagram
    ▪ Geolocation

Description

In this module, participants will become familiar with a broader and more advanced array of OSINT tools and search engines. Participants will understand how to use metadata and maximize the use of different filtering and customization options for searching. By the end of this session, participants will acquire advanced capabilities of locating and extracting much of the desired information.

Technical content

  • Mastering Google Search Engine
    o Google Search Engine Advanced Search
    o Geographic Information Gathering
    o Searching in Different Languages
    o Building a Google Custom Search Engine
    o Reverse Image Search
    o Legal Concerns and Privacy Issues
  • OSINT tools in-depth
    o Crawlers
    ▪ SpiderFoot
    ▪ Maltego
    ▪ Recon-NG
    o Mapping
    ▪ Openrefine
    ▪ Foca
    ▪ SearchCode
    o Passive Target Scanners
    ▪ Shodan
    ▪ Censys.io
    ▪ Metagoofil
    ▪ Creepy
    ▪ TinEye

Description

The Darknet is considered the most prominent source of vast amounts of relevant information that is not accessible through the usual network. During this module, participants will learn to use the Darknet, how to pinpoint the information they are looking for, collect it, use avatars, purchase databases with sensitive information, and activate different automated tools for browsing and extracting information from the Darknet.

Technical content

  • Darknet overview
    o Understanding Global Internet Layers
    o Surface Web and Deep Web
    o Installing and Configuration of the Tor Browser
    o Darknet Search Engines
    o Installation and Security Concerns
    o The Tor UI
    o Onion System
    o Find Hidden Services
    o How Crawlers Operate
    ▪ URLs Crawlers
    ▪ Darknet Crawlers
    ▪ Freenet
    o Understanding Cryptocurrency Marketing
    ▪ Bitcoin
    ▪ Wallets
    ▪ The Process
    ▪ Analyzing Databases from the Darknet
    o Using Leaked Password Databases

Description

The ability to create OSINT tools that will fill the needs for a specific task is precious. In this module, the participants will learn to create OSINT tools using APIs and getting familiar with information sources.

Technical content

  • Automated OSINT Tools
    o Collection Techniques
    ▪ Search Engines
    ▪ Social Network
    o Manual Website Scanning
    o Bash Scripting for OSINT
    ▪ Working with APIs
    o Passive Reconnaissance
    ▪ Static Analysis of HTML
    ▪ Google Custom Search Engine
    ▪ Social Monitoring

Labs

The following labs are part of the actual BT209 course:
  • Lab 1 Tracing Basic Information
  • Lab 2 Searching for Information
  • Lab 3 Using OSINT Tools
  • Lab 4 Mastering Google Search-Engine
  • Lab 5 Automated OSINT Tools
  • Lab 6 Searching the DarkNet
  • Lab 7 Identifying Avatars
  • Lab 8 Configuring OSINT Automations

Real Cases Studies

Case Study #1 (TOS001)
A group called "OurMine" took control of the HBO accounts, as well as those for the network's shows, including Game of Thrones. The hackers released episodes of the series before scheduled dates. The security team was able to trace some of the hackers by tracing one of the attackers' nicknames on Twitter. You are hired to track the group.
Reference
Case Study #2 (TOS002)
On May 10th, the Illinois Air National Guard was a victim of information exposure. Personal information of Air Force members was leaked through social media platforms due to a lack of security settings on these websites. An intelligence team was assigned to the case, and you are one of them. Use your OSINT skills and tools to find leads to the incident.
Reference
Previous
Next
BT209

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION

LEVEL
0%
1
HOURS

 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

1 %
Hands-on
1
Labs
1
Case Studies

Certification

This course prepares the participant to the following certification:

  • GOSI (SANS)
  • C|OSINT (McAfee)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details

Subscribe