Business OSINT & OPSEC/Privacy Crash Course — Joe Gray
SINCON 2020 Conference Workshop Track
Day 2 (3 Jan 2021)
@ Workshop Room
In this 4-hour training session, students will be exposed to concepts of Open Source Intelligence (OSINT) collection targeting businesses in addition a baseline of methods to improve one’s own privacy and Operations Security (OPSEC). Topics surveyed will include domain enumeration using DNS and “Email Security”, proactive OSINT, the use of D&D (Disinformation and Deception), and social media from both the OSINT and OPSEC perspectives.
The course will consist of lectures and demonstrations with handouts, access to The OSINTion Discord community (https://discord.gg/p78TTGa) and student access to The OSINTion Wiki. This course requires no specific prerequisite knowledge for this course. Access to popular OSINT tools like Recon-ng is not discouraged, but everything taught in this course can be completed using a browser.
Getting started & Intro
DNS and “Email Security”
Search Engines (not Google Dorking)
Social Media OSINT targeting Businesses
Social Media OPSEC and Privacy
VPNs and other technical measures for OPSEC
Disinformation & Deception
Rule #1 of Improv
Final Questions and Closing
About Joe Gray
JOE GRAY, a veteran of the U.S. Navy Submarine Force, is currently a Senior OSINT Specialist at QOMPLX. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge.
As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28. Independently, Joe placed 4th in the DerbyCon OSINT CTF and 3rd in the National Child Protection Task Force Missing Persons CTF.
Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to the forthcoming book, Practical Social Engineering, due in February 2021 via NoStarch Press.