HackMiami Conference 6 Training Classes

(Training includes general admission admissioin to Hackmiami Conference)

Offensive Open Source Intelligence

By Shubham Mittal

Overview of the Course:

Reconnaissance is the very first phase of any Risk Assessment Exercise, which is often underrated by many security professionals and investigators. Every pentester’s arsenal should, therefore, include Open Source Intelligence (OSINT) and active reconnaissance for effective assessments.

This research-backed training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly used in offensive security. This instructor-led fast-paced covers a wide range of OSINT techniques for finding,collecting and correlating publicly available information related to the target, be it a person, company, email, domain or an IP Address.This Extracted information will be further used for launching targeted and effective attacks.

The training will cover topics like unconventional search engines,Social Media Intelligence (SOCMINT), automated data mining, metadata extraction, data-dump harvesting, breach monitoring, Tor and much more. Utilizing a variety of such techniques along with freely available tools and services like DataSploit, Maltego, Foca, etc. as well as tailored scripts, participants will perform real-life attack scenarios. Training will not only cover these topics but will also go in-depth on how OSINT techniques can be chained together and even a small piece of information can lead to the catastrophic results for an organization.

Free 1 Month Private Lab Access will also be provided to each participant where they can practice the skills learned during the course.

The training program will cover the following topics:

Organization Profiling and Scoping

Mapping the Exhaustive Attack Surface

Whois & Reverse Whois, ASN ID, IP Lookups, Allocated IP Range Extraction

Advance Subdomain Enumeration

Custom Search Engines (beyond Google)

Identifying Sensitive information from Code Aggregators and Public

Disclosures/Forums

Spraying OSINT data over Organization Assets

Attacking Assets with Spidering and Metadata Extraction

Email correlation Account identification and User Profiling

Intelligent and Comprehensive Brute Force Attacks

Writing custom Module for DATASPLOIT

Automating Dorking and Pattern Matching

Attacking Domain IP History

Automating the ‘Walkthrough Public Dumps’.

Monitoring and Alerting for Attacks / Competitive Espionage

Online Anonymity

What Students Will Be Provided With:

Student Pack which contains

Slide deck and OSINT CheatSheet

Important Tools and custom Scripts

Code Skeletons

Custom OSINT Browser

Vagrant Configs - To create instant OSINT Machine(s).

Answers to challenges (covered during the training program)

1 Month Free Lab Access.

Register for training 
Shubham Mittal

Shubham Mittal is an active Information Security researcher with 6+
years of experience in offensive/defensive security, with interests in
OSINT. He has spoken/trained/presented at multiple conferences
including Black Hat, DEFCON, NullCon, c0c0n, and IETF. He is the
author of OSINT Framework - DataSploit (listed in Top Ten Security
Tools of 2016) and is core organizer of @Recon Village which runs
@DEFCON and other security conferences. He works from the command
line, uses vi and loves beer.
Register for training