Introduction to Open Source Intelligence (OSINT)
– Introduction to the Training Lab Environment
– Attack/Defense Methodology
– Red/Blue Team Operations
Scoping and Mapping your Attack Surface – Know your Infrastructure
– ASN ID, IP Lookups, Allocated IP Range Extraction, Domain IP History
– Subdomain Enumeration (WhiteBox and BlackBox)
– Certificate Transparency, Brute Forcing, LDNS Walking
– Scoping the Perimeter (WhiteBox)
– Identifying Organizations Associations
– Cloud Recon
– Cloud Storage Object Enumeration and Scoping
– Art of Making Notes
Organization Data Exposure
– Employee(s) Profiling and Monitoring
– Identifying leaked information on Code Repositories, Dark Web, Paste Sites and Leaked – Data
– Collecting and Querying Internet-wide survey data
– Tech Stack Profiling
– Capturing Screenshots of External Services
– Port Scanning Detection (Active/Passive)
– Listing SSO/Login/Admin/VPN Portal(s)
– Metadata Extraction
– Automating CSE for Dork Matching
Active Monitoring and Alerting
– Employee Profile Monitoring
– Social Media Monitoring
– Writing custom Python tools for monitoring.
– Paste Alert, Google Alerts, etc.
– Monitoring Job Openings/Forums Discussion
– OSINT Data Aggregating OSINT
– Data Analytics and Visualisation using ELK Setup
– Custom Alerting using Elastalert
– Organization Reputation – Data Leakage
– Monitoring Source Code Aggregators
– Explore Breached Password Databases
– Domain Typosquatting
– CertStream
– Periodic Intelligent Scans
– Identifying Indicators of Compromise (IoCs)
– Tracking IoCs
Defensive OSINT
– Network Monitoring with Threat Intel Feeds
– Data Loss Prevention (DLP)
– MetaData Filtering
– Investigating Attackers
– Custom Module for Datasploit
– Info Gathering using custom Maltego Transforms and Machines
– Continuous Monitoring/Alerting for Organization Breached Passwords
