• Infosec In the City (IIC)

Business OSINT & OPSEC/Privacy Crash Course — Joe Gray

SINCON 2020 Conference Workshop Track


Day 2 (3 Jan 2021)

9am—1pm

@ Workshop Room


[SINCON 2020 Conference Full Schedule]


Abstract

In this 4-hour training session, students will be exposed to concepts of Open Source Intelligence (OSINT) collection targeting businesses in addition a baseline of methods to improve one’s own privacy and Operations Security (OPSEC). Topics surveyed will include domain enumeration using DNS and “Email Security”, proactive OSINT, the use of D&D (Disinformation and Deception), and social media from both the OSINT and OPSEC perspectives.


The course will consist of lectures and demonstrations with handouts, access to The OSINTion Discord community (https://discord.gg/p78TTGa) and student access to The OSINTion Wiki. This course requires no specific prerequisite knowledge for this course. Access to popular OSINT tools like Recon-ng is not discouraged, but everything taught in this course can be completed using a browser.


Course Layout

Hour 1

  1. Getting started & Intro

  2. DNS and “Email Security”

Hour 2

  1. Search Engines (not Google Dorking)

  2. Social Media OSINT targeting Businesses

Hour 3

  1. Social Media OPSEC and Privacy

  2. VPNs and other technical measures for OPSEC

Hour 4

  1. Disinformation & Deception

  2. Rule #1 of Improv

  3. Final Questions and Closing

About Joe Gray

JOE GRAY, a veteran of the U.S. Navy Submarine Force, is currently a Senior OSINT Specialist at QOMPLX. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge.


As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28. Independently, Joe placed 4th in the DerbyCon OSINT CTF and 3rd in the National Child Protection Task Force Missing Persons CTF.


Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to the forthcoming book, Practical Social Engineering, due in February 2021 via NoStarch Press.

183 views0 comments