Jane’s Advanced Open Source Intelligence Exploitation Workshop 8-10th November

alt text

Wednesday, Nov 08, 2017

    • 9:00 amDAY 1: Block One – Advanced Search and Retrieval Techniques
      • Introduction – Case study analysis: applying OSINT to investigations
        A series of threat and exploitation case studies will provide operationally- relevant examples of how a multitude of specialist OSINT methods and techniques can be employed to profile an investigative target from indirectly available information.
      • Internet Search Methodology
        A short but vital lecture summarizing the essentials of online investigatory practices, overcoming the common pitfalls of even seasoned investigators.
      • Google - Advanced parameters and “Google Hacking”
        A deeper examination of the uses and limitations of search engines such as Google, introducing trainees to less well known tools and search methods. Delegates will be shown how to uncover sensitive information on targets and their infrastructure, otherwise obfuscated by the wealth of data returned from a typical search results. Skills:
        • Advanced use of search engines, beyond normal keyword searches, to constrain returned data to relevant and sensitive material
        • Understanding of wide range of alternative and specialist search engines
        • Introduction to construction of highly detailed search criteria in order to locate and potentially access target infrastructure
      • Leaked data – the perils and the utility
        Students will be shown the use of a vast offline dataset of previously leaked corporate and personal data and walked through the methodology of an attacker as they use the data to target individuals and organisations for tracking, hacking, data theft and extortion.

        Skills:

        • Assessment of the usability of captured/lost data as part of an attack
        • Considerations of the value of database building for target correlation
      • Mapping tools - “Geo-reconnaissance”
        Exploring a range of web-based tools offering geographical information. Delegates will be introduced to a range of geographically-oriented data sources available online to assist in the tracking of targets.

        Skills:

        • Understanding of wide range of geographical data repositories and potential tactical application
        • Identifying individuals from mapped media
        • Identifying and tracking passenger transport
    • 9:00 amDAY 1: Block Two – Extracting Data from Web Sites and API
      • Metadata tools: getting behind websites
        Metadata is “data about data,” that which is not readily visible and the existence of which is unknown to most. Delegates are introduced to a number of open-source applications and means of obtaining information from ‘behind’ websites and within documents, uncovering key details about targets of interest.

        Skills:

        • Techniques in obtaining hidden ownership data from websites
        • Effective acquisition of documents from webservers
        • Analysis of seized documentation for targeting purposes
      • Social Media Exploitation (SMX) 1
        This module serves as a compendium of tools and methodologies usable in the investigation of social media channels where vendor compliance is not possible.

        Skills:

        • Summary of manual acquisition of data from social media
        • Investigator methodology and tradecraft – OpSec pitfalls in social media investigation
        • Target assessment from social media footprint
      • SMX2: Advanced extraction of data from social media,
        An introduction to the concept of the Application Programming Interface (API)and its use in obtaining otherwise invisible information from social media. Delegates are shown how to perform API exploitation against major forms of social media, extracting hidden details.

        Skills:

        • Application of API methodology in the extraction of ‘buried’ metadata such as physical co-ordinates not visible via ordinary online investigation
      • Leaked data – the perils and the utility
        Students will be shown the use of a vast offline dataset of previously leaked corporate and personal data and walked through the methodology of an attacker as they use the data to target individuals and organisations for tracking, hacking, data theft and extortion.

        Skills:

        • Assessment of the usability of captured/lost data as part of an attack
        • Considerations of the value of database building for target correlation

Thursday, Nov 09, 2017

    • 9:00 amDAY 2: Online Security / Expanding Online Investigative Skills and Toolsets
      • Covert activity and online tradecraft: your digital footprint
        What can the sites that you visit can see about you? More than most investigators realise. This module addresses aspects of maintaining anonymity online, from use of VPN and proxies through to more intricate considerations of a user’s pattern of activity online. The visibility of personal details to webmasters is demonstrated, and delegates are shown the power and security of virtual machines as vital investigator tools.

        Skills:

        • Developing strong tradecraft to espionage or ‘hacker’ standards
        • Multiple techniques in concealing location and unique ‘hardware fingerprinting’ threats which may reveal identities
        • Creating multiple online footprints
        • Understanding of how pattern of life threats undermine technical security
      • Introduction to Linux - broadening the investigator’s toolbox
        An accessible introduction to the Linux command line and the wealth of pre-loaded tools within free Linux distributions for harvesting target data and decompiling websites. Delegates unfamiliar with non-Windows operating systems are carefully walked through a range of tools which offer immediate investigatory value even to novices.

        Skills:

        • Basic familiarity with Linux, developing comfort with non-Windows applications
        • Discovery of advanced intelligence gathering tools under non-Windows OS
        • Appreciation of security benefits in the use of virtual machines to conduct operations
      • Infrastructure and organisational mapping
        Students will be introduced to combined OSINT data seizure and network mapping software in order to greatly enrich and accelerate their targeting of individuals and organisations. This module greatly increases the ability to exploit social media as covered the previous day.

        Skills:

        • Confidence and aptitude in the use of network mapping software to highlight connections between targets
      • Wi-Fi exploitation
        An illustration of a much-overlooked area of open source intelligence - wireless data. Delegates are guided through a hands-on practical, introducing the power of target geolocation along with demonstrations of vulnerability to decryption attacks - all achieved with open-source software. Underlining this module is the concept of fusion of allsource intelligence into a single OSINT framework.

        Skills:

        • Understanding of substantial OpSec threat against friendly forces from wi-fi, both in terms of pattern-of-life tracking and data seizure
        • First level hands-on experience of wi-fi exploitation to promote understanding
        • Broadening the concepts of what constitutes open source and its fusion to create powerful targeting capability
        • Consideration of tactical applications of wi-fi in tracking and exploiting targets
        • Consideration of denial of service (DOS) threat against friendly infrastructure

Friday, Nov 10, 2017

    • 9:00 amDAY 3: Capstone Exercises

      Consolidation exercises

      A series of final exercises combines and reviews skills adopted over the preceding days, based on the investigation of a specified target of interest. Within a simulated ‘ops room’ environment and starting with the most minimal of leads, trainees will work together to gradually build up an intelligence pack detailing the target’s activities from a range of OSINT sources.

      These will be challenging exercises that will demand team work and task splitting as the exercise tempo gets exponentially faster.

      Course Summary and Close

Filter Sort