4
Index: CS400 Threat Intelligence and OSINT 64 Hours
Index: CS400
Threat Intelligence and OSINT
64Hours
Threat Intelligence and OSINTDescriptionOpen-source intelligence (OSINT) covers the techniques and procedures practiced to retrieve targeted information from open-source networks containing immense amounts of data. This course teaches participants how to collect and analyze information using various tools and unique methods, and apply targeted cyber intelligence to defensive operations in order to proactively act on threats. Students will be further exposed to collecting information from the Darknet, social networks, classifying diverse sources, and creating their own automated tools for a more advanced data gathering process.
Objectives
Target Audience
Prerequisites
Providing students with all-source methodology of employing open-source intelligence gathering.Discovering the tools, techniques and technologies needed to generate highly relevant intelligence.Creating tools in Python for precise and customized data gathering.Understanding how to collect information from various social networks.Exploring the Darknet for its “undercover” information bases.
The course targets participants with a foundation understanding of the internet, who wish to gain advanced capabilities in open-source intelligence. Primarily:
Linux basicsPython basics
Note:The course includes a module dealing with accessing and obtaining information from the Darknet, which might require some additional funding for purchasing databases.
Threat intelligence analysts Cyber security professionals Law enforcement personnel Lawers Private investigators
Introduction to OSINT
Tools and Search Engines
Tools and Search Engines
Advanced OSINT Tools & Search Engines
Becoming anonymous - Building your own lab - Using a VPN and VPS to stay anonymousReconnaissance basics: collecting informationOpen-source intelligence terminology & definitionsGray areas and ethics in OSINTCategorizing and cataloging information
Metadata basicsTypes of OSINT sources - Top websites for OSINT - Mastering Google - Google dorks for OSINTIntroduction to basic bash automationExtracting information from major social networks: - Facebook - Facebook search - The public an private profile - Multiple profiles - LinkedIn - Twitter - Instagram
Advanced metadataMastering Google search engine: - Robots.txt - Google advanced search - Geographic information gathering - Seacrhing in different langauges - Building a Google custom search engine - Reverse image search - Legal concerns and privacy issuesOSINT tools + exercisises:Openrefine - Maltego - SpiderFoot - Foca - Maltego - Creepy - TinEye - Recon-NG - EXIF - Passive Recon
Storing data: introduction to Big Data Numpy basicsIndexingFunctionsPanda basicsPanda bperationsPanda data framesPanda filteringBuilding your own OSINT tools: - Crawlers - Scanners - Databases - Alerting systems - IRC channels
01
02
03
04
6Hours
8Hours
20Hours
12Hours
The first module will introduce participants to fundamental concepts of open-source intelligence and cover the very basic data collection techniques. Students will set-up the virtual lab that will serve them throughout the course for data collection, anonymous browsing and more. During this module, some ethical and legal aspects of OSINT will also be mentioned.
Throughout this module, students will get to know some practical tools and search engines they will handle during the course for collecting data. They will deepen their understanding between various information sources, and will focus on gathering data from social networks. One of the key capabilities participants will gain during this part, is setting-up search engines and OSINT tools to work more effectively using automation.
During this module, students will take what they have learnt so far one step ahead, and learn to construct their own tools, to be used for collecting open-source intelligence. This will give them advanced capabilities of
In this module, students will become familiar with a wider and more advanced array of OSINT tools and search engines. They will understand how to use metadata, and maximize the use of different filtering and customization options for searching. This will give them capabilities of identifying further information that may not be disclosed in a standard Google search. During this stage, participants will practice each tool and test its capabilities. By the end of this session, they will acquire advanced capabilities of locating and extracting information, and getting as quickly as possible to as much of the desired information.
handling Big Data and filtering through huge amounts of information to quickly and accurately reach their target. Participants will write their tools in Python, using various advanced modules. By the end of this stage, students will have a significant added-value in conserving and analyzing data using tools they have created themselves.
The Darknet Threat Intelligence
DarkNet overviewThe Tor browser - Installation - The UI - Onion websites - Hidden servicesURLs crawlersDarkNet crawlers DarkNet search enginesBuying and analyzing databases from the DarkNetLab: buy a darknet databse and create your own tool to parse through it and extract sensitive information about the target.
Introduction to ShodanGathering intelligence about an organizationDetermining the risk levelIndicators of compromiseAdvanced Nmap scanning: - Flags and capabilities - NSE vulnerability scanThe power of misinformationCreating honeypotsOSINT and threat intelligence products
05 06
10Hours
8Hours
The Darknet is considered the most prominent source of huge amounts of relevant information that is not accessible through the usual network. During this module, participants will learn to use the Darknet, how to pinpoint to the information they are looking for, collect it, use avatars, purchase databases with sensitive information, and activate different automated tools for browsing and extracting information from the Darknet.Note: some funds are required for purchasing databases and other information on the Darknet.
The final module will focus on understanding the landscape of threats and how what defense mechanisms against them are needed. Students will learn how to identify when their organization is the target of an attack, and be able to assess the risk level according to different parameters. They will also study the different products and platforms available on the market to assist the threat intelligence process.
