Outline
Slides used: osint.pdf
What is OSINT?
- Gathering of Information from publicly available sources
- Using that information to make further inferences and create findings
Reference Sheet for Resources: https://github.com/jivoi/awesome-osint
How To Do web research?
- AI is a great tool for aggregating information now!
- If you need to do “a specific, well-defined task,” yeah AI works pretty well
- Reading documentation and generating specific instructions? Sure!
- If you want information specific to a time or a keyword…
Basic OSINT Techniques
- Username tracking
- People reuse usernames…so there’s are tools to check hundreds of websites if you have an account on there
- Sometimes these accounts unintentionally leak more info…
- Website / File Info
- Websites: Hidden Directories & robots.txt, Domain Info
- Files: Metadata
- Deleted Information?
- Internet Archive to find both websites AND archived media!
- Public Databases
- Geolocation stuff: Maps, the scourge of public records, etc
- Shodan: Port scans of IPs
- WiGLE: Wi-Fi networks and MAC addresses
- Password Breach Data
Basic OPSEC Protections
- LIMIT INTERACTION WITH THE TARGET!!
- Websites do tell targets who is watching them…
- When interacting with “real targets,” don’t use a real account!
- Don’t mix real personas with online personas!
- Your “real data” is likely to be out there already, so don’t allow your online identities to be traced in!
- Be wary of what is being posted (if possible, post less or limit who can see it)
- At the end of the day, once it’s released, it’s hard to take it back!
Case Studies
Live Demos Used
Recording
Recording got scuffed b/c my laptop has a resolution of 3072x1920, apologies for only capturing the upper left corner -JH