Tactical OSINT for Pentesters

Our Advanced Training, Focused on Pentesters, RedTeams and & Offensive Security Professionals.


  • 1 Month Cloud Based Lab Access
  • Custom Student Machine
  • Slide Deck
  • Recon/OSINT and Pentest CHeat Sheets
  • Custom Scripts
  • Answers to Lab Exercises

Who Should Attend?

  • Penetration Testers
  • Social Engineers
  • Red-Teamers
  • Bug Bounty Hunters
  • OSINT Researchers
  • Risk Management Professionals


2 Days


Information Gathering, the very first phase of any Risk Assessment Exercise, is often underestimated by many security professionals. Every pentester’s arsenal should, however, include Open Source Intelligence (OSINT) and active reconnaissance for an effective assessment and measure the security posture against real-world adversaries. This training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly enriched and used offensively for attacking and compromising Modern Digital Infrastructures.

The training will cover topics like Mapping the Attack Surface, Enriching Collected Data, Tech Stack Enumeration, Cloud Recon, Processing and Querying Mass Data, Employee Profiling, Identifying Hidden Injection Points, Credential Spraying, Compromising Federation Server, Exploiting Domain Trust, Social Engineering, and much more. Participants will perform real-life attack scenarios in our lab having a Forest Environment expanding over segregated Domains to compromise various services. Also, using the Social Engineering and Human aspect of OSINT, students will be guided to compromise the segregated domain environment which otherwise is unreachable through the previously compromised domain. The training will not only cover these topics but will also go in-depth on how OSINT techniques can be chained together and even a small piece of information can lead to catastrophic damage to an organization.

The ultimate objective of this 2 Days Hands-On training program is to bring together the mindset and the artillery of a modern adversary to ultimately make the organization resilient. The students will be provided with a framework to manage and prioritize all the data collected during the course. A 100% Hybrid-Cloud Based Private ONE MONTH LAB ACCESS will also be provided to each participant where they can practice the skills learned during the course.

Course Content

Day 1

– Target Scoping and Mapping the Attack Surface
– ASN ID, IP Lookups, Allocated IP Range Extraction, IP History
– Subdomain Enumeration
– Organization’s Social Media
– Employee(s) Profiling
– Identifying Organizations Associations
– Acquisitions, Mergers, Vendors, Customers etc.
– Hunting Code Repositories, Dark Web, Paste(s) and Leaked Data
– Cloud Recon
– Art of Making Notes

– Enriching OSINT Data
– Generating Username/Password Patterns
– Bucket/Spaces Pattern Generation
– Tech Stack Profiling
– Capturing Screenshots of Exposed Services
– Port Scanning (Active/Passive)
– Identifying SSO/Login/Admin/VPN Portal(s)
– Breached Databases
– Metadata Extraction
– Automating CSE for Dork Matching
– Identifying and Prioritizing Targets

– Attacking and Exploitation
– Targeted Credential Spraying 
– Compromising (BCI)

Day 2

– Attacking and Exploitation Continued…
– Attacking Network Services using collated data
– Stealing information from Buckets/Blobs
– Compromising Cloud Server Instances
– Discovering and Exploiting Hidden Injection Points
– Compromising Federation Servers/Domain Controller Servers
– Mapping Forest Environment
– Exploiting Domain Trust to Identify New Input Vector (Users) for Further OSINT
– Exploring Human Attack Surface
– Attack Planning: Compromise the Unreachable Domain

– Practical Social Engineering
– User Profiling
– Watering Hole Attack
– Spear Phishing and Targeted Client Side Exploitation
– Dropping Payloads using BCI

– Post Exploitation & Persistence
– Privilege Escalation in Windows Environment
– Dumping Privileged User Credentials
– Compromising AD and Network Persistence

Upcoming Training Sessions

Nolacon 2020

Offensive Recon - OSINT and Attack Methodologies

Date: 13th – 14th May, 2020
2 Days
Venue: 800, Iberville St, New Orleans, LA 70113

HackMiami 2020


Offensive Recon - OSINT and Attack Methodologies

Date: 13th – 14th May, 2020
1 Day
Venue: Fluaderdale, USA

BlackHat USA (Online) 2020


Tactical OSINT for Pentesters - 2020 Edition

Date: 1st-2nd August, 2020 / 3rd-4th August, 2020
2 Days (Twice)
Venue: Mandalay Bay, Las Vegas, USA

Get in touch.

contact image