1 00:00:08,639 --> 00:00:09,920 well uh hi 2 00:00:09,920 --> 00:00:12,240 everyone and thanks for tuning my talk 3 00:00:12,240 --> 00:00:13,040 my name is 4 00:00:13,040 --> 00:00:15,200 charles roth i go by angus reed and 5 00:00:15,200 --> 00:00:16,480 today we're talking about open source 6 00:00:16,480 --> 00:00:17,279 intelligence 7 00:00:17,279 --> 00:00:18,960 the gateway drug your mother never told 8 00:00:18,960 --> 00:00:21,359 you about 9 00:00:22,560 --> 00:00:24,000 right so the outline of my talk today 10 00:00:24,000 --> 00:00:26,000 i'll give a brief introduction to myself 11 00:00:26,000 --> 00:00:28,800 um we'll then talk about what is urcent 12 00:00:28,800 --> 00:00:30,320 why we do oceans 13 00:00:30,320 --> 00:00:33,520 sort of why it is awesome the highs we 14 00:00:33,520 --> 00:00:34,880 get from that 15 00:00:34,880 --> 00:00:36,640 the side effects you know what you can 16 00:00:36,640 --> 00:00:39,200 gain indirectly whether you 17 00:00:39,200 --> 00:00:41,840 continue down a sort of a professional 18 00:00:41,840 --> 00:00:43,680 line of oceans or just stop 19 00:00:43,680 --> 00:00:45,840 there and move on with your life and 20 00:00:45,840 --> 00:00:48,239 then we'll talk about feeding the supply 21 00:00:48,239 --> 00:00:50,000 and then uh we'll take some questions 22 00:00:50,000 --> 00:00:51,760 afterwards i'll be 23 00:00:51,760 --> 00:00:55,520 on the discord if you need me 24 00:00:55,520 --> 00:00:57,039 all right that's a brief introduction as 25 00:00:57,039 --> 00:00:58,399 i said my name is charles roth i'm a 26 00:00:58,399 --> 00:01:00,239 league technical security recruiter 27 00:01:00,239 --> 00:01:01,520 i recruit predominantly in the united 28 00:01:01,520 --> 00:01:03,359 states i do a little bit in the 29 00:01:03,359 --> 00:01:05,760 eu and the uk and then also double some 30 00:01:05,760 --> 00:01:07,680 some stuff here in south africa 31 00:01:07,680 --> 00:01:10,960 i'm a former british british airborne 32 00:01:10,960 --> 00:01:12,799 and i did about six years in higher 33 00:01:12,799 --> 00:01:14,640 security consulting predominantly in 34 00:01:14,640 --> 00:01:16,000 east and west africa 35 00:01:16,000 --> 00:01:17,520 and then also some time in the middle 36 00:01:17,520 --> 00:01:20,240 east locally and in the community i 37 00:01:20,240 --> 00:01:22,000 involved with fair amount of conferences 38 00:01:22,000 --> 00:01:24,640 i'm a co-organizer of b-sides cape town 39 00:01:24,640 --> 00:01:26,400 i'm the founder of hacksaws along with 40 00:01:26,400 --> 00:01:28,080 some very great people 41 00:01:28,080 --> 00:01:30,079 and i'm an avid open source intelligence 42 00:01:30,079 --> 00:01:32,159 analyst um 43 00:01:32,159 --> 00:01:34,479 shout out to cryptic monks and de vet 44 00:01:34,479 --> 00:01:35,200 for the 45 00:01:35,200 --> 00:01:36,960 third place in the recent trace labs 46 00:01:36,960 --> 00:01:38,840 which i'll discuss 47 00:01:38,840 --> 00:01:41,680 momentarily right so what is open source 48 00:01:41,680 --> 00:01:42,960 intelligence 49 00:01:42,960 --> 00:01:44,799 okay so take it from uh take it from 50 00:01:44,799 --> 00:01:46,399 wikipedia 51 00:01:46,399 --> 00:01:48,159 i read directly it says open source 52 00:01:48,159 --> 00:01:50,240 intelligence is a multi-method 53 00:01:50,240 --> 00:01:52,720 qualitative and quantitative methodology 54 00:01:52,720 --> 00:01:54,560 for collecting analyzing 55 00:01:54,560 --> 00:01:57,200 and making decisions about data 56 00:01:57,200 --> 00:01:58,880 accessible in publicly 57 00:01:58,880 --> 00:02:01,439 publicly available sources to be used in 58 00:02:01,439 --> 00:02:03,520 an intelligence context 59 00:02:03,520 --> 00:02:05,200 in the intelligence community the term 60 00:02:05,200 --> 00:02:07,200 open refers to 61 00:02:07,200 --> 00:02:09,598 overt publicly available sources as 62 00:02:09,598 --> 00:02:12,319 opposed to covert clandestine sources 63 00:02:12,319 --> 00:02:14,080 it is not related to open source 64 00:02:14,080 --> 00:02:17,920 software or collective intelligence 65 00:02:17,920 --> 00:02:20,239 okay so open source intelligence under 66 00:02:20,239 --> 00:02:21,440 one name or another 67 00:02:21,440 --> 00:02:23,760 has been around for hundreds of years 68 00:02:23,760 --> 00:02:25,200 with the advent of instant 69 00:02:25,200 --> 00:02:26,640 communications and rapid information 70 00:02:26,640 --> 00:02:27,599 transfer 71 00:02:27,599 --> 00:02:29,360 a great deal of actionable and 72 00:02:29,360 --> 00:02:30,800 predictive intelligence can now be 73 00:02:30,800 --> 00:02:32,560 obtained from public unclassified 74 00:02:32,560 --> 00:02:34,239 sources 75 00:02:34,239 --> 00:02:36,000 right so typically the sources will 76 00:02:36,000 --> 00:02:38,000 include media uh you know like print 77 00:02:38,000 --> 00:02:38,800 media 78 00:02:38,800 --> 00:02:41,280 magazines radio television uh the 79 00:02:41,280 --> 00:02:42,720 internet which is the predominance of 80 00:02:42,720 --> 00:02:43,760 what i do now 81 00:02:43,760 --> 00:02:46,080 will be you know your facebooks your 82 00:02:46,080 --> 00:02:47,440 linkedin twitters 83 00:02:47,440 --> 00:02:50,560 instagrams uh blogs uh 84 00:02:50,560 --> 00:02:53,680 message boards um anything sort of in 85 00:02:53,680 --> 00:02:54,800 that sphere 86 00:02:54,800 --> 00:02:56,720 uh public government data especially in 87 00:02:56,720 --> 00:02:59,280 south africa is quite rarely accessible 88 00:02:59,280 --> 00:03:02,159 uh you know looking at uh birth records 89 00:03:02,159 --> 00:03:03,120 death records 90 00:03:03,120 --> 00:03:05,519 property records that sort of stuff 91 00:03:05,519 --> 00:03:06,959 anything that the government will push 92 00:03:06,959 --> 00:03:07,280 out 93 00:03:07,280 --> 00:03:09,200 also crpc is quite helpful here in south 94 00:03:09,200 --> 00:03:10,480 africa 95 00:03:10,480 --> 00:03:13,360 uh professional academic publications 96 00:03:13,360 --> 00:03:13,920 which is 97 00:03:13,920 --> 00:03:17,120 not so widely used but it's still viable 98 00:03:17,120 --> 00:03:19,280 example i can use of that is if i 99 00:03:19,280 --> 00:03:21,040 typically want to know someone 100 00:03:21,040 --> 00:03:22,720 something about someone in this industry 101 00:03:22,720 --> 00:03:24,400 that's given a few talks i'll typically 102 00:03:24,400 --> 00:03:25,920 watch the first four or five minutes of 103 00:03:25,920 --> 00:03:26,720 their talk 104 00:03:26,720 --> 00:03:28,799 together introduction to see how they 105 00:03:28,799 --> 00:03:30,159 introduce themselves and i'll take 106 00:03:30,159 --> 00:03:32,319 information from that 107 00:03:32,319 --> 00:03:35,360 next up we have uh commercial data which 108 00:03:35,360 --> 00:03:35,680 i 109 00:03:35,680 --> 00:03:37,519 don't use that much which includes 110 00:03:37,519 --> 00:03:39,840 accession commercial imagery 111 00:03:39,840 --> 00:03:41,280 financial industrial assessments and 112 00:03:41,280 --> 00:03:42,959 databases 113 00:03:42,959 --> 00:03:46,319 hopefully legally acquired databases 114 00:03:46,319 --> 00:03:48,080 uh grey literature something i'm not 115 00:03:48,080 --> 00:03:50,080 very familiar with this includes things 116 00:03:50,080 --> 00:03:51,760 like sezio technical reports 117 00:03:51,760 --> 00:03:54,959 pre-prints patents that sort of stuff 118 00:03:54,959 --> 00:03:57,280 um and says at the end open source 119 00:03:57,280 --> 00:03:58,720 intelligence is distinguished from 120 00:03:58,720 --> 00:04:00,480 research in that it applies 121 00:04:00,480 --> 00:04:02,159 the process of intelligence to create 122 00:04:02,159 --> 00:04:04,000 tailored knowledge supportive 123 00:04:04,000 --> 00:04:06,000 of a specific decision by specific 124 00:04:06,000 --> 00:04:07,280 individual group 125 00:04:07,280 --> 00:04:09,680 right so this is directly pulled from 126 00:04:09,680 --> 00:04:12,319 from wikipedia 127 00:04:12,319 --> 00:04:14,560 okay so why isn't what what what do i 128 00:04:14,560 --> 00:04:17,839 and what do we use it for 129 00:04:19,120 --> 00:04:23,360 right so on the fun side ctfs so 130 00:04:23,360 --> 00:04:24,960 these are usually based on fake 131 00:04:24,960 --> 00:04:27,280 information with fake 132 00:04:27,280 --> 00:04:29,600 accounts in order to test someone's 133 00:04:29,600 --> 00:04:31,199 ability to gather intelligence and 134 00:04:31,199 --> 00:04:33,520 pieces together to form a hypothesis 135 00:04:33,520 --> 00:04:35,600 um examples of this such as hack the box 136 00:04:35,600 --> 00:04:38,720 challenges i've done a fair few of them 137 00:04:38,720 --> 00:04:41,680 a friend of mine bushido he also spoke 138 00:04:41,680 --> 00:04:44,080 at a recent con i was at conant 139 00:04:44,080 --> 00:04:45,680 he's got one or two really fun 140 00:04:45,680 --> 00:04:47,199 challenges to do that's called like a 141 00:04:47,199 --> 00:04:47,919 story 142 00:04:47,919 --> 00:04:50,400 line to it and then on twitter you also 143 00:04:50,400 --> 00:04:52,880 get things like 144 00:04:52,880 --> 00:04:54,960 ocean challenge which is trying to 145 00:04:54,960 --> 00:04:56,560 identify the location 146 00:04:56,560 --> 00:04:58,800 of where a photo was taken literally 147 00:04:58,800 --> 00:05:00,240 just from a picture 148 00:05:00,240 --> 00:05:04,080 or from a google maps uh um 149 00:05:04,080 --> 00:05:07,440 screenshot right so typically a 150 00:05:07,440 --> 00:05:08,639 challenge looks like this 151 00:05:08,639 --> 00:05:11,039 so this is on hack the box so you'll see 152 00:05:11,039 --> 00:05:12,960 here super secure startups 153 00:05:12,960 --> 00:05:14,479 our private information is leaked can 154 00:05:14,479 --> 00:05:16,320 you find out how there'll be a file to 155 00:05:16,320 --> 00:05:17,680 download 156 00:05:17,680 --> 00:05:19,440 now typically what you would do with 157 00:05:19,440 --> 00:05:21,360 this is you would look for information 158 00:05:21,360 --> 00:05:23,039 related to the company super secure 159 00:05:23,039 --> 00:05:24,000 startup 160 00:05:24,000 --> 00:05:25,759 you will try to find them on linkedin 161 00:05:25,759 --> 00:05:27,360 try to find them on twitter 162 00:05:27,360 --> 00:05:29,039 you'll see sort of where the path takes 163 00:05:29,039 --> 00:05:30,400 you you'll see it who's 164 00:05:30,400 --> 00:05:33,520 engaging with who who messages who 165 00:05:33,520 --> 00:05:36,240 um and from that you basically pull a 166 00:05:36,240 --> 00:05:38,080 password that unlocks this document 167 00:05:38,080 --> 00:05:40,000 and then gives you the flag it's quite 168 00:05:40,000 --> 00:05:41,680 fun but can be quite challenging on on 169 00:05:41,680 --> 00:05:44,320 hack the box 170 00:05:44,560 --> 00:05:45,919 right so the ocean challenge that i 171 00:05:45,919 --> 00:05:47,840 mentioned this is one example so you've 172 00:05:47,840 --> 00:05:48,240 got 173 00:05:48,240 --> 00:05:51,919 uh jocksmith here i will originally went 174 00:05:51,919 --> 00:05:53,280 on holiday about 175 00:05:53,280 --> 00:05:55,840 three four weeks ago uh on the way to 176 00:05:55,840 --> 00:05:56,960 pick a newscliff 177 00:05:56,960 --> 00:05:59,199 um so i took a photo while i was driving 178 00:05:59,199 --> 00:06:01,199 or while uh i was in the passenger seat 179 00:06:01,199 --> 00:06:02,000 of course 180 00:06:02,000 --> 00:06:04,639 uh took a photo and then i said you know 181 00:06:04,639 --> 00:06:06,000 try find me 182 00:06:06,000 --> 00:06:07,600 um and you see here he has the picture 183 00:06:07,600 --> 00:06:10,080 that i took on the left and on the right 184 00:06:10,080 --> 00:06:12,960 is a director paul from google uh where 185 00:06:12,960 --> 00:06:14,319 he'd use the 186 00:06:14,319 --> 00:06:17,520 mountains in the background uh 187 00:06:17,520 --> 00:06:19,440 route markers and then a house on the 188 00:06:19,440 --> 00:06:22,080 road to identify exactly where 189 00:06:22,080 --> 00:06:24,400 the photo was taken and he was pretty 190 00:06:24,400 --> 00:06:27,280 much bang on 191 00:06:27,280 --> 00:06:30,479 right so the next thing is trace labs 192 00:06:30,479 --> 00:06:34,160 so tracelabs is a ctf based on 2j812 it 193 00:06:34,160 --> 00:06:34,720 can be 194 00:06:34,720 --> 00:06:36,560 like the recent one five five to twelve 195 00:06:36,560 --> 00:06:38,240 missing persons cases 196 00:06:38,240 --> 00:06:40,639 it is the same as hack the box i seem to 197 00:06:40,639 --> 00:06:41,280 challenge 198 00:06:41,280 --> 00:06:44,080 your ability in open source intelligence 199 00:06:44,080 --> 00:06:46,240 but with trace labs it is based on real 200 00:06:46,240 --> 00:06:48,240 people and real cases and so it has a 201 00:06:48,240 --> 00:06:49,520 real outcome 202 00:06:49,520 --> 00:06:51,840 so with trace labs intelligence is 203 00:06:51,840 --> 00:06:53,919 sought on cases 204 00:06:53,919 --> 00:06:56,080 um we submit that we get points for the 205 00:06:56,080 --> 00:06:57,599 things if they're validated 206 00:06:57,599 --> 00:06:59,120 and then all that intelligence that we 207 00:06:59,120 --> 00:07:01,680 gather is then given to law enforcement 208 00:07:01,680 --> 00:07:04,000 i very often we do find the locations of 209 00:07:04,000 --> 00:07:06,319 people or find locations within 210 00:07:06,319 --> 00:07:08,080 the last couple of days or where someone 211 00:07:08,080 --> 00:07:09,680 was despite them being missing for 212 00:07:09,680 --> 00:07:12,319 hundreds even if not thousands of days 213 00:07:12,319 --> 00:07:14,880 right really fun really good to do and 214 00:07:14,880 --> 00:07:16,720 like i said it has a real 215 00:07:16,720 --> 00:07:19,919 outcome at the end of it 216 00:07:19,919 --> 00:07:20,880 all right so that's what it looks like 217 00:07:20,880 --> 00:07:22,880 when you do well so this is from our 218 00:07:22,880 --> 00:07:25,039 recent third place the trace labs 219 00:07:25,039 --> 00:07:27,440 and this is a meme that big ldp from 220 00:07:27,440 --> 00:07:29,280 tmhc made for us we became 221 00:07:29,280 --> 00:07:32,319 seventh and one before last 222 00:07:32,319 --> 00:07:36,479 was a very very very close competition 223 00:07:37,840 --> 00:07:41,599 right so another use for 224 00:07:41,599 --> 00:07:44,080 episode intelligence is red teaming and 225 00:07:44,080 --> 00:07:45,440 social engineering 226 00:07:45,440 --> 00:07:48,319 so many re-teamers will use open source 227 00:07:48,319 --> 00:07:50,240 intelligence to gather intel on proposed 228 00:07:50,240 --> 00:07:51,199 targets 229 00:07:51,199 --> 00:07:52,960 they'll use that information to build a 230 00:07:52,960 --> 00:07:54,879 picture of on their clients 231 00:07:54,879 --> 00:07:56,560 in order to exploit vulnerabilities such 232 00:07:56,560 --> 00:07:58,000 as the human factor using 233 00:07:58,000 --> 00:07:59,840 social engineering and other 234 00:07:59,840 --> 00:08:01,919 exploitation tactics 235 00:08:01,919 --> 00:08:04,479 okay so this usually is formed uh forms 236 00:08:04,479 --> 00:08:06,000 part of the recon phase 237 00:08:06,000 --> 00:08:08,160 so you get you know a big name a red 238 00:08:08,160 --> 00:08:10,000 teamer like jason e street 239 00:08:10,000 --> 00:08:11,759 uh he just talked one said i think at 240 00:08:11,759 --> 00:08:13,280 defcon or derbycon 241 00:08:13,280 --> 00:08:14,879 where he mentions that he would do open 242 00:08:14,879 --> 00:08:16,720 source intelligence but 243 00:08:16,720 --> 00:08:19,280 to be fair to every client um he would 244 00:08:19,280 --> 00:08:21,039 only start scratching around 245 00:08:21,039 --> 00:08:24,240 to see who what and where people are 246 00:08:24,240 --> 00:08:26,879 um i think he said only an hour before 247 00:08:26,879 --> 00:08:28,800 an engagement or maybe the day before an 248 00:08:28,800 --> 00:08:29,840 engagement 249 00:08:29,840 --> 00:08:33,200 so you know so that everyone is given 250 00:08:33,200 --> 00:08:36,880 equal opportunity to get get owned um 251 00:08:36,880 --> 00:08:38,559 but yeah this forms part of the the 252 00:08:38,559 --> 00:08:41,838 recon phase 253 00:08:43,440 --> 00:08:46,160 okay so uh an indirect use and something 254 00:08:46,160 --> 00:08:47,440 that i actually want to do a talk about 255 00:08:47,440 --> 00:08:48,399 one day 256 00:08:48,399 --> 00:08:50,560 is the indirect use so things like 257 00:08:50,560 --> 00:08:51,920 property investment 258 00:08:51,920 --> 00:08:55,120 so a straight example uh i was looking 259 00:08:55,120 --> 00:08:57,279 at buying a property last year you know 260 00:08:57,279 --> 00:08:59,519 buying something that's low-bulled and 261 00:08:59,519 --> 00:09:00,959 then you know doing a fixed-wrapper 262 00:09:00,959 --> 00:09:02,000 project 263 00:09:02,000 --> 00:09:04,560 i found a a really nice house on a 2000 264 00:09:04,560 --> 00:09:05,519 square property 265 00:09:05,519 --> 00:09:09,519 in morisburg small farmers town 266 00:09:09,519 --> 00:09:11,839 i want to understand as to why the house 267 00:09:11,839 --> 00:09:14,240 was half a million rand 268 00:09:14,240 --> 00:09:15,519 but it was two and a half thousand 269 00:09:15,519 --> 00:09:17,519 square property 270 00:09:17,519 --> 00:09:20,160 i then did some intelligence i i looked 271 00:09:20,160 --> 00:09:20,800 up the 272 00:09:20,800 --> 00:09:22,720 i've learned now that i need to find the 273 00:09:22,720 --> 00:09:24,640 erf number the araf number 274 00:09:24,640 --> 00:09:26,800 once found the artif number i looked at 275 00:09:26,800 --> 00:09:28,640 uh 276 00:09:28,640 --> 00:09:31,600 swat line departments uh records that 277 00:09:31,600 --> 00:09:32,000 they 278 00:09:32,000 --> 00:09:34,240 post every two three years on property 279 00:09:34,240 --> 00:09:36,240 valuations so when they bring up their 280 00:09:36,240 --> 00:09:37,279 rates 281 00:09:37,279 --> 00:09:38,720 through that you i could find the the 282 00:09:38,720 --> 00:09:40,399 name of the owner i can then do some 283 00:09:40,399 --> 00:09:41,839 further intelligence 284 00:09:41,839 --> 00:09:44,160 um and i quickly find out what was going 285 00:09:44,160 --> 00:09:46,399 on at the house who owns a house 286 00:09:46,399 --> 00:09:48,399 what activities gone and i quickly 287 00:09:48,399 --> 00:09:49,680 realized you know 288 00:09:49,680 --> 00:09:51,279 if i buy this house i'm gonna have a lot 289 00:09:51,279 --> 00:09:53,200 of dramas probably a lot of debt 290 00:09:53,200 --> 00:09:54,560 collectors coming in 291 00:09:54,560 --> 00:09:56,399 and put a lot of people looking for some 292 00:09:56,399 --> 00:09:57,760 stuff they shouldn't at two in the 293 00:09:57,760 --> 00:09:58,560 morning 294 00:09:58,560 --> 00:10:01,360 so you know i made a uh adverse decision 295 00:10:01,360 --> 00:10:01,760 to 296 00:10:01,760 --> 00:10:05,279 not invest in that property 297 00:10:05,279 --> 00:10:07,040 okay so business development so you know 298 00:10:07,040 --> 00:10:08,480 as a recruiter are the extensive open 299 00:10:08,480 --> 00:10:10,000 source intelligence to understand my 300 00:10:10,000 --> 00:10:11,839 clients or potential clients 301 00:10:11,839 --> 00:10:13,519 what makes them tick and how to string 302 00:10:13,519 --> 00:10:15,040 piece of information together 303 00:10:15,040 --> 00:10:16,880 to execute a better pitch so support and 304 00:10:16,880 --> 00:10:19,040 understand if you are a 305 00:10:19,040 --> 00:10:21,440 you know a name brand company that most 306 00:10:21,440 --> 00:10:22,240 people know about 307 00:10:22,240 --> 00:10:23,519 i will know about it and i wouldn't 308 00:10:23,519 --> 00:10:25,600 really have to do that much scratching 309 00:10:25,600 --> 00:10:27,519 um it's all about you know just finding 310 00:10:27,519 --> 00:10:28,720 an n 311 00:10:28,720 --> 00:10:30,720 so um with companies that i don't know 312 00:10:30,720 --> 00:10:32,480 so well but i know potentially doing 313 00:10:32,480 --> 00:10:33,760 some interesting stuff 314 00:10:33,760 --> 00:10:36,480 um you know i will i will do some basic 315 00:10:36,480 --> 00:10:37,519 episodes intelligence 316 00:10:37,519 --> 00:10:39,120 you know i'll conduct basic research on 317 00:10:39,120 --> 00:10:40,800 the target and the people 318 00:10:40,800 --> 00:10:43,200 i know and know them i'll build a 319 00:10:43,200 --> 00:10:44,720 picture of the company and the people i 320 00:10:44,720 --> 00:10:46,000 want to contact um 321 00:10:46,000 --> 00:10:48,320 execute an outreach using some basic 322 00:10:48,320 --> 00:10:50,160 info to help break the ice 323 00:10:50,160 --> 00:10:52,640 and build familiarity you know i'm i'm 324 00:10:52,640 --> 00:10:53,839 ex british army 325 00:10:53,839 --> 00:10:55,839 so if i find someone in the company 326 00:10:55,839 --> 00:10:57,680 that's ex-army works british on me i 327 00:10:57,680 --> 00:10:58,160 will 328 00:10:58,160 --> 00:11:00,320 try and go down that avenue to try to 329 00:11:00,320 --> 00:11:01,360 break the ice 330 00:11:01,360 --> 00:11:03,600 trouble some familiarity and then from 331 00:11:03,600 --> 00:11:05,440 there i will attempt to 332 00:11:05,440 --> 00:11:07,519 do you know a sort of a soft proposal to 333 00:11:07,519 --> 00:11:09,360 see if i can work with that company 334 00:11:09,360 --> 00:11:10,959 um i think some people see this as 335 00:11:10,959 --> 00:11:12,480 business intelligence which it is to 336 00:11:12,480 --> 00:11:14,000 some extent but 337 00:11:14,000 --> 00:11:16,480 um it's just another useful for the for 338 00:11:16,480 --> 00:11:18,720 the skill set 339 00:11:18,720 --> 00:11:21,200 right interview prep this is actually i 340 00:11:21,200 --> 00:11:23,279 i i it turns out i was doing open sales 341 00:11:23,279 --> 00:11:24,800 intelligence a long time before 342 00:11:24,800 --> 00:11:28,160 i knew it was called ocean so um 343 00:11:28,160 --> 00:11:29,519 doing open source intelligence for an 344 00:11:29,519 --> 00:11:31,200 int for interview prep 345 00:11:31,200 --> 00:11:32,959 is really really valuable so as an 346 00:11:32,959 --> 00:11:34,320 interviewer 347 00:11:34,320 --> 00:11:37,440 and as an interviewee it's good to get 348 00:11:37,440 --> 00:11:38,959 information on the company that you're 349 00:11:38,959 --> 00:11:40,240 interviewing with 350 00:11:40,240 --> 00:11:42,399 so that you can show them that you have 351 00:11:42,399 --> 00:11:43,519 an interest and you have done your 352 00:11:43,519 --> 00:11:44,480 research 353 00:11:44,480 --> 00:11:46,000 so typically that'll be try 354 00:11:46,000 --> 00:11:48,399 understanding where the company operates 355 00:11:48,399 --> 00:11:51,040 um where the headquarters are what they 356 00:11:51,040 --> 00:11:52,079 do 357 00:11:52,079 --> 00:11:53,519 maybe understanding if there's any bad 358 00:11:53,519 --> 00:11:55,440 press involved with the company 359 00:11:55,440 --> 00:11:57,680 um what kind of people work there see if 360 00:11:57,680 --> 00:11:59,440 you know any people there 361 00:11:59,440 --> 00:12:01,360 um this kind of stuff will tend to help 362 00:12:01,360 --> 00:12:02,720 you get a job you know when that 363 00:12:02,720 --> 00:12:05,360 company will always ask you you know so 364 00:12:05,360 --> 00:12:06,160 what do you 365 00:12:06,160 --> 00:12:08,480 what do you know about us right and 366 00:12:08,480 --> 00:12:10,240 that's your chance to say you know i 367 00:12:10,240 --> 00:12:12,160 know you folks operate here here here 368 00:12:12,160 --> 00:12:14,000 you do this that and the other 369 00:12:14,000 --> 00:12:15,440 um i actually realized i have two 370 00:12:15,440 --> 00:12:17,279 friends that work for you folks down in 371 00:12:17,279 --> 00:12:20,800 you know joberg and durbin um 372 00:12:20,800 --> 00:12:22,639 so you'll kind of give that information 373 00:12:22,639 --> 00:12:24,000 until the company says like hey 374 00:12:24,000 --> 00:12:25,680 you know that's that's cool thanks we 375 00:12:25,680 --> 00:12:27,680 know we appreciate you did your research 376 00:12:27,680 --> 00:12:30,160 but it takes that that that big box that 377 00:12:30,160 --> 00:12:31,360 shows that you have an interest in the 378 00:12:31,360 --> 00:12:33,519 company 379 00:12:33,519 --> 00:12:36,639 and hopefully you get a job from that 380 00:12:36,639 --> 00:12:38,160 right so canada vetting this is 381 00:12:38,160 --> 00:12:39,839 something um i was asked in the lost 382 00:12:39,839 --> 00:12:40,720 conference like 383 00:12:40,720 --> 00:12:44,320 how deep will i do this so when i would 384 00:12:44,320 --> 00:12:45,600 use open source televisions to do 385 00:12:45,600 --> 00:12:47,440 candidate vetting it happens on a very 386 00:12:47,440 --> 00:12:48,560 rare occasion 387 00:12:48,560 --> 00:12:52,399 it is only if i have a sixth sense about 388 00:12:52,399 --> 00:12:52,800 them 389 00:12:52,800 --> 00:12:56,399 or a strange inkling as to them 390 00:12:56,399 --> 00:12:58,399 there being a risk involved with this 391 00:12:58,399 --> 00:13:00,240 candidate and their background 392 00:13:00,240 --> 00:13:01,920 and their history and maybe trouble with 393 00:13:01,920 --> 00:13:03,440 the law um 394 00:13:03,440 --> 00:13:04,720 it's happened a few times i've spoken to 395 00:13:04,720 --> 00:13:06,720 people in the us and it turns out they 396 00:13:06,720 --> 00:13:08,399 have federal indictments 397 00:13:08,399 --> 00:13:10,079 um you know we all make mistakes but 398 00:13:10,079 --> 00:13:11,680 it's important to have that information 399 00:13:11,680 --> 00:13:15,040 before you send someone to a company so 400 00:13:15,040 --> 00:13:17,600 um you know also if you think someone's 401 00:13:17,600 --> 00:13:18,480 you know 402 00:13:18,480 --> 00:13:20,480 you can't not hire someone based on 403 00:13:20,480 --> 00:13:21,839 their beliefs or what they do on the 404 00:13:21,839 --> 00:13:22,800 weekend 405 00:13:22,800 --> 00:13:24,560 but it's good to have that kind of 406 00:13:24,560 --> 00:13:26,320 information uh 407 00:13:26,320 --> 00:13:28,560 before the time uh it's important to 408 00:13:28,560 --> 00:13:30,480 reiterate me in recruiting i have done 409 00:13:30,480 --> 00:13:31,360 this 410 00:13:31,360 --> 00:13:34,000 literally a handful of times it's not 411 00:13:34,000 --> 00:13:37,360 something i have to do very often 412 00:13:37,360 --> 00:13:39,680 okay so the drugs so why is it so 413 00:13:39,680 --> 00:13:42,000 awesome 414 00:13:42,000 --> 00:13:43,360 right so it's important to understand 415 00:13:43,360 --> 00:13:45,360 the ease of entry so what it takes 416 00:13:45,360 --> 00:13:48,079 to to do open source intelligence or to 417 00:13:48,079 --> 00:13:49,360 be able to conduct it 418 00:13:49,360 --> 00:13:51,839 effectively right so let's look at what 419 00:13:51,839 --> 00:13:54,720 we require 420 00:13:54,880 --> 00:13:56,880 okay so these are the the prerequisites 421 00:13:56,880 --> 00:13:58,639 right 422 00:13:58,639 --> 00:14:00,000 so ideally you need a computer or 423 00:14:00,000 --> 00:14:02,720 smartphone if you're smart you can use 424 00:14:02,720 --> 00:14:04,720 your computer with a vm 425 00:14:04,720 --> 00:14:07,519 as i typically use but you know if you 426 00:14:07,519 --> 00:14:08,959 needed some basic stuff 427 00:14:08,959 --> 00:14:11,519 a standard computer or a smartphone will 428 00:14:11,519 --> 00:14:12,639 do 429 00:14:12,639 --> 00:14:14,399 okay you needed access to the internet 430 00:14:14,399 --> 00:14:16,240 as that's going to be where you find 431 00:14:16,240 --> 00:14:19,760 the majority of your information 432 00:14:19,760 --> 00:14:21,600 okay curiosity you have to have some 433 00:14:21,600 --> 00:14:23,040 sense of curiosity 434 00:14:23,040 --> 00:14:24,959 if you like watching murder mysteries on 435 00:14:24,959 --> 00:14:26,320 netflix and 436 00:14:26,320 --> 00:14:29,120 you know stuff like that it means you 437 00:14:29,120 --> 00:14:30,079 have that curiosity 438 00:14:30,079 --> 00:14:34,079 to go go out and find stuff 439 00:14:34,240 --> 00:14:36,480 next is understanding uh the rules of 440 00:14:36,480 --> 00:14:37,760 engagement 441 00:14:37,760 --> 00:14:40,560 so the typical rules engagement to keep 442 00:14:40,560 --> 00:14:41,519 safe 443 00:14:41,519 --> 00:14:45,839 is what we call zero touch so it means 444 00:14:45,839 --> 00:14:48,560 you will never engage or interact with 445 00:14:48,560 --> 00:14:50,639 any form of intelligence that you find 446 00:14:50,639 --> 00:14:54,160 if you find an instagram uh profile 447 00:14:54,160 --> 00:14:56,079 you will not follow that profile even if 448 00:14:56,079 --> 00:14:58,720 you have a sock account um 449 00:14:58,720 --> 00:15:00,880 you never want that to come back to you 450 00:15:00,880 --> 00:15:02,399 and your sort of 451 00:15:02,399 --> 00:15:04,560 your data being tagged to that person's 452 00:15:04,560 --> 00:15:06,079 profile and then they end up being 453 00:15:06,079 --> 00:15:06,639 murdered 454 00:15:06,639 --> 00:15:09,920 you know so the rule is always zero 455 00:15:09,920 --> 00:15:11,279 touch 456 00:15:11,279 --> 00:15:13,040 never get involved and never use your 457 00:15:13,040 --> 00:15:14,720 own personal profiles 458 00:15:14,720 --> 00:15:18,000 in order to do intelligence 459 00:15:19,279 --> 00:15:20,880 okay understanding what you want as an 460 00:15:20,880 --> 00:15:22,320 outcome so it's important in 461 00:15:22,320 --> 00:15:23,440 intelligence and 462 00:15:23,440 --> 00:15:24,720 you know i guess with most things in 463 00:15:24,720 --> 00:15:26,560 life it's important to understand 464 00:15:26,560 --> 00:15:28,079 what you're trying to get out of this 465 00:15:28,079 --> 00:15:30,560 like what what needs to be the end 466 00:15:30,560 --> 00:15:31,360 result 467 00:15:31,360 --> 00:15:33,040 like with the property stuff i want to 468 00:15:33,040 --> 00:15:35,040 find out uh 469 00:15:35,040 --> 00:15:36,880 honestly i wanted to find out what the 470 00:15:36,880 --> 00:15:39,680 circumstances were with that house 471 00:15:39,680 --> 00:15:41,360 to see if i could make a lower offer the 472 00:15:41,360 --> 00:15:42,560 house was actually on the market for 473 00:15:42,560 --> 00:15:44,240 9.50 474 00:15:44,240 --> 00:15:46,399 and i want to see if i can offer 500. 475 00:15:46,399 --> 00:15:48,880 turns out the mortgage wasn't duress 476 00:15:48,880 --> 00:15:51,360 right so um it's important to understand 477 00:15:51,360 --> 00:15:52,720 what you're trying to get out of it so 478 00:15:52,720 --> 00:15:53,120 you 479 00:15:53,120 --> 00:15:55,839 know as you go down your path with open 480 00:15:55,839 --> 00:15:57,360 source intelligence 481 00:15:57,360 --> 00:15:59,120 um and you find a bit of interior in 482 00:15:59,120 --> 00:16:00,800 there and you branch off 483 00:16:00,800 --> 00:16:03,920 from that central line i.e away from the 484 00:16:03,920 --> 00:16:04,880 target into 485 00:16:04,880 --> 00:16:08,079 family and friends if it's not taking 486 00:16:08,079 --> 00:16:10,000 you towards that end result 487 00:16:10,000 --> 00:16:11,839 then you kind of will shut down that 488 00:16:11,839 --> 00:16:13,199 branch and come back to 489 00:16:13,199 --> 00:16:16,399 to to your main line 490 00:16:17,519 --> 00:16:20,000 okay and understanding what you might 491 00:16:20,000 --> 00:16:21,040 find 492 00:16:21,040 --> 00:16:23,440 so this can include things of sexual or 493 00:16:23,440 --> 00:16:24,959 graphic nature it can include 494 00:16:24,959 --> 00:16:27,199 violence um you know if you're 495 00:16:27,199 --> 00:16:28,639 investigating 496 00:16:28,639 --> 00:16:32,720 you know underage children 497 00:16:32,720 --> 00:16:34,399 you you have to mentally prepare 498 00:16:34,399 --> 00:16:36,480 yourself for what you might find 499 00:16:36,480 --> 00:16:37,839 typically you're going to find the edgy 500 00:16:37,839 --> 00:16:39,600 stuff on the dark web 501 00:16:39,600 --> 00:16:41,360 i have zero experience working on the 502 00:16:41,360 --> 00:16:43,920 dark web um 503 00:16:43,920 --> 00:16:47,040 but you have to you have to be prepared 504 00:16:47,040 --> 00:16:48,839 for what you might find 505 00:16:48,839 --> 00:16:52,079 um having all these in place 506 00:16:52,079 --> 00:16:53,839 means you know you're pretty much good 507 00:16:53,839 --> 00:16:55,759 to go 508 00:16:55,759 --> 00:16:58,560 you see not like this that's not you 509 00:16:58,560 --> 00:17:00,160 know you think it's complex but it's 510 00:17:00,160 --> 00:17:01,040 actually 511 00:17:01,040 --> 00:17:03,120 you could see how simple it is right and 512 00:17:03,120 --> 00:17:05,439 that is it's open to anyone and part of 513 00:17:05,439 --> 00:17:07,679 this talk in this journey is 514 00:17:07,679 --> 00:17:08,799 getting people that might not be 515 00:17:08,799 --> 00:17:11,199 involved in infosec or even technology 516 00:17:11,199 --> 00:17:12,240 to see how 517 00:17:12,240 --> 00:17:15,039 easy something like this is as as a 518 00:17:15,039 --> 00:17:17,039 start to you know a journey towards 519 00:17:17,039 --> 00:17:20,799 information security okay so what is the 520 00:17:20,799 --> 00:17:23,199 result 521 00:17:23,679 --> 00:17:26,000 okay so this is this is now the the 522 00:17:26,000 --> 00:17:27,520 satisfaction that comes from doing good 523 00:17:27,520 --> 00:17:29,520 open source intelligence right 524 00:17:29,520 --> 00:17:32,000 okay so the fine so finding that last 525 00:17:32,000 --> 00:17:33,440 loan location 526 00:17:33,440 --> 00:17:35,120 of a missing person and reading an 527 00:17:35,120 --> 00:17:36,559 article knowing that 528 00:17:36,559 --> 00:17:38,160 you were perhaps part of finding that 529 00:17:38,160 --> 00:17:40,640 person there's there's a lot of 530 00:17:40,640 --> 00:17:42,160 good vibes that come from that you know 531 00:17:42,160 --> 00:17:43,840 it's like popping a box on something you 532 00:17:43,840 --> 00:17:44,640 know it 533 00:17:44,640 --> 00:17:47,200 it brings a sense of joy and excitement 534 00:17:47,200 --> 00:17:48,400 and and 535 00:17:48,400 --> 00:17:52,240 satisfaction to you okay so getting that 536 00:17:52,240 --> 00:17:53,840 new client and getting their new job so 537 00:17:53,840 --> 00:17:55,360 you did your research you got to get in 538 00:17:55,360 --> 00:17:56,559 with the company 539 00:17:56,559 --> 00:17:58,400 and you managed to land them that's 540 00:17:58,400 --> 00:18:00,240 always going to be good fives and good 541 00:18:00,240 --> 00:18:01,440 feelings right 542 00:18:01,440 --> 00:18:03,200 um or if you're researching to a company 543 00:18:03,200 --> 00:18:05,360 you impress a company maybe the 544 00:18:05,360 --> 00:18:07,360 president well on the technical side 545 00:18:07,360 --> 00:18:09,280 um quite as much as they expected but 546 00:18:09,280 --> 00:18:10,559 you smash them 547 00:18:10,559 --> 00:18:12,720 knowing so much about their company and 548 00:18:12,720 --> 00:18:15,840 what that company does 549 00:18:16,480 --> 00:18:19,440 okay so when you know you know when you 550 00:18:19,440 --> 00:18:20,000 know 551 00:18:20,000 --> 00:18:23,039 you know when you sharpen your 552 00:18:23,039 --> 00:18:25,360 abilities you know what you're able to 553 00:18:25,360 --> 00:18:27,600 find and what help you can provide 554 00:18:27,600 --> 00:18:29,520 and how to protect yourself your friends 555 00:18:29,520 --> 00:18:30,880 and your family 556 00:18:30,880 --> 00:18:33,200 by having a deeper level level 557 00:18:33,200 --> 00:18:34,960 understanding of how open source 558 00:18:34,960 --> 00:18:36,880 intelligence work and how you take small 559 00:18:36,880 --> 00:18:39,120 piece of information stringing together 560 00:18:39,120 --> 00:18:41,120 equips you better for making better 561 00:18:41,120 --> 00:18:43,200 decisions and helping protect your 562 00:18:43,200 --> 00:18:44,880 family and your friends when posting 563 00:18:44,880 --> 00:18:46,720 stupid stuff on things like facebook and 564 00:18:46,720 --> 00:18:48,960 instagram 565 00:18:48,960 --> 00:18:50,400 there's a there's a there's a sense of 566 00:18:50,400 --> 00:18:52,640 satisfaction in having that 567 00:18:52,640 --> 00:18:56,640 understanding and many pieces 568 00:18:56,640 --> 00:18:58,320 make one pretty puzzle so with open 569 00:18:58,320 --> 00:19:00,320 source intelligence you'll find a bunch 570 00:19:00,320 --> 00:19:00,640 of 571 00:19:00,640 --> 00:19:02,559 small pieces of insignificant 572 00:19:02,559 --> 00:19:04,320 intelligence right 573 00:19:04,320 --> 00:19:06,080 when you get all those small pieces 574 00:19:06,080 --> 00:19:07,520 together you can build an interesting 575 00:19:07,520 --> 00:19:09,360 picture and you can understand 576 00:19:09,360 --> 00:19:11,280 what was going on you know with with 577 00:19:11,280 --> 00:19:12,559 trace labs we'll look at 578 00:19:12,559 --> 00:19:15,200 an underage girl say no she's 16 and be 579 00:19:15,200 --> 00:19:16,320 missing for 580 00:19:16,320 --> 00:19:18,960 400 days you'll look and you'll find her 581 00:19:18,960 --> 00:19:20,720 facebook profile where she's connected 582 00:19:20,720 --> 00:19:22,880 with all her friends and family and 583 00:19:22,880 --> 00:19:24,480 everything looks fine and there's a lot 584 00:19:24,480 --> 00:19:26,400 of smiles a lot of happiness 585 00:19:26,400 --> 00:19:28,000 and then you find their sock account so 586 00:19:28,000 --> 00:19:29,520 they're alternative accounts 587 00:19:29,520 --> 00:19:31,200 sometimes i'll have more than one i've 588 00:19:31,200 --> 00:19:32,720 found people that have 10 589 00:19:32,720 --> 00:19:35,600 alternate facebook accounts and then you 590 00:19:35,600 --> 00:19:36,160 see the 591 00:19:36,160 --> 00:19:39,679 the the the beast within you see the 592 00:19:39,679 --> 00:19:41,840 the drugs you see the gang affiliations 593 00:19:41,840 --> 00:19:43,039 you see the 594 00:19:43,039 --> 00:19:45,520 the the tragic circumstances at the 595 00:19:45,520 --> 00:19:46,400 house 596 00:19:46,400 --> 00:19:49,120 you you you quickly get a better 597 00:19:49,120 --> 00:19:50,960 understanding of what potentially led up 598 00:19:50,960 --> 00:19:51,440 to this 599 00:19:51,440 --> 00:19:54,559 this person going missing or what led to 600 00:19:54,559 --> 00:19:55,919 the situation 601 00:19:55,919 --> 00:19:57,039 so yeah those small pieces of 602 00:19:57,039 --> 00:19:59,200 information they mean nothing but when 603 00:19:59,200 --> 00:19:59,440 you 604 00:19:59,440 --> 00:20:01,520 when you put them all together it it 605 00:20:01,520 --> 00:20:05,200 pulls a fascinating picture 606 00:20:05,360 --> 00:20:06,880 that's all knowledge so the knowledge of 607 00:20:06,880 --> 00:20:09,120 knowing when you have a skill set 608 00:20:09,120 --> 00:20:11,280 you know what you're able to find and 609 00:20:11,280 --> 00:20:12,880 how to achieve something 610 00:20:12,880 --> 00:20:14,080 right it's not with anything in life 611 00:20:14,080 --> 00:20:16,559 when you have that understanding 612 00:20:16,559 --> 00:20:18,159 you you know what you can achieve with 613 00:20:18,159 --> 00:20:20,000 it you know 614 00:20:20,000 --> 00:20:23,200 how you can use that skill set to 615 00:20:23,200 --> 00:20:25,520 uh bring goodness into life or achieve 616 00:20:25,520 --> 00:20:26,720 something in life it's 617 00:20:26,720 --> 00:20:30,320 this there's great value in that 618 00:20:30,480 --> 00:20:32,400 okay so side effects so what what can 619 00:20:32,400 --> 00:20:33,840 you gain indirectly 620 00:20:33,840 --> 00:20:36,000 from having a skills in open source 621 00:20:36,000 --> 00:20:38,640 intelligence 622 00:20:38,960 --> 00:20:41,520 okay so side effects okay so being a 623 00:20:41,520 --> 00:20:43,360 champion of opinions uh 624 00:20:43,360 --> 00:20:45,760 of opsec right operational security or 625 00:20:45,760 --> 00:20:46,480 per se 626 00:20:46,480 --> 00:20:48,480 personal security right so being a 627 00:20:48,480 --> 00:20:50,240 champion of our operational security and 628 00:20:50,240 --> 00:20:51,200 being 629 00:20:51,200 --> 00:20:54,720 you know the family opsec troll you know 630 00:20:54,720 --> 00:20:56,960 typically people in our industry have a 631 00:20:56,960 --> 00:20:58,960 very good awareness and understanding 632 00:20:58,960 --> 00:21:00,720 and we tend to be trolls with our 633 00:21:00,720 --> 00:21:02,000 friends and family and say hey 634 00:21:02,000 --> 00:21:03,840 like be careful posting this and this is 635 00:21:03,840 --> 00:21:05,600 why you shouldn't post that and 636 00:21:05,600 --> 00:21:09,200 stop doing those surveys on facebook um 637 00:21:09,200 --> 00:21:11,520 having this understanding will help you 638 00:21:11,520 --> 00:21:12,799 you know 639 00:21:12,799 --> 00:21:14,640 protect your your friends and family 640 00:21:14,640 --> 00:21:16,400 more and you know being like i said 641 00:21:16,400 --> 00:21:17,120 you're the 642 00:21:17,120 --> 00:21:20,158 champion of opsec 643 00:21:20,960 --> 00:21:22,799 okay so the hunger so you had a taste 644 00:21:22,799 --> 00:21:24,640 and you want more due to the ease of 645 00:21:24,640 --> 00:21:26,480 entry of open source intelligence 646 00:21:26,480 --> 00:21:28,480 and then achieving some success it is 647 00:21:28,480 --> 00:21:30,240 only natural to one more 648 00:21:30,240 --> 00:21:32,559 whether it is more ocean whether it is 649 00:21:32,559 --> 00:21:33,440 more or 650 00:21:33,440 --> 00:21:35,200 more ascent or whether it is just more 651 00:21:35,200 --> 00:21:37,919 challenges right 652 00:21:37,919 --> 00:21:40,400 so from the hunger you might fall into 653 00:21:40,400 --> 00:21:42,320 the the part where you have you build 654 00:21:42,320 --> 00:21:44,080 some form of intent 655 00:21:44,080 --> 00:21:46,240 so once achieving the above one starts 656 00:21:46,240 --> 00:21:48,320 to learn more about security and how to 657 00:21:48,320 --> 00:21:48,799 find 658 00:21:48,799 --> 00:21:51,440 other information on hacking right so 659 00:21:51,440 --> 00:21:52,640 although the next step is more 660 00:21:52,640 --> 00:21:54,159 technically challenging the hunger and 661 00:21:54,159 --> 00:21:54,960 the intent 662 00:21:54,960 --> 00:21:56,840 is enough to push people into this 663 00:21:56,840 --> 00:21:58,799 direction right so that's what happened 664 00:21:58,799 --> 00:22:00,559 with me when i started 665 00:22:00,559 --> 00:22:03,200 um when i started exploring this 666 00:22:03,200 --> 00:22:04,640 industry more from a personal 667 00:22:04,640 --> 00:22:05,600 perspective 668 00:22:05,600 --> 00:22:08,320 i started with oceans and i loved it and 669 00:22:08,320 --> 00:22:09,919 from ostent i started 670 00:22:09,919 --> 00:22:11,760 looking i started doing cts and i 671 00:22:11,760 --> 00:22:13,120 thought hang on let me try something 672 00:22:13,120 --> 00:22:14,880 else and i did forensics 673 00:22:14,880 --> 00:22:17,760 and i enjoyed that so it's it's that's 674 00:22:17,760 --> 00:22:19,360 why i said it's like a gateway drug it 675 00:22:19,360 --> 00:22:20,400 starts you off down and 676 00:22:20,400 --> 00:22:26,080 done a vicious path 677 00:22:26,080 --> 00:22:28,080 okay so the past so once you've had the 678 00:22:28,080 --> 00:22:30,080 drug you built the hunger and have the 679 00:22:30,080 --> 00:22:30,880 intent 680 00:22:30,880 --> 00:22:33,200 people tend to build a path in line with 681 00:22:33,200 --> 00:22:34,320 security 682 00:22:34,320 --> 00:22:38,240 right not everyone but some people right 683 00:22:38,240 --> 00:22:39,840 i evolved from open source intelligence 684 00:22:39,840 --> 00:22:41,679 into forensics challenges 685 00:22:41,679 --> 00:22:46,240 uh and from their deputy style ctfs 686 00:22:46,240 --> 00:22:48,720 um and then i got into stego and some 687 00:22:48,720 --> 00:22:49,919 offensive stuff at 688 00:22:49,919 --> 00:22:53,520 obviously an extremely basic level 689 00:22:53,520 --> 00:22:56,559 and at a very slow pace from there you 690 00:22:56,559 --> 00:22:56,880 know 691 00:22:56,880 --> 00:22:59,039 formal plans evolve into things like 692 00:22:59,039 --> 00:23:00,720 pain testing re-teaming social 693 00:23:00,720 --> 00:23:02,640 engineering and forensics like i did 694 00:23:02,640 --> 00:23:03,679 with me 695 00:23:03,679 --> 00:23:06,720 right so this can lead down to 696 00:23:06,720 --> 00:23:08,720 you know potentially a changing career 697 00:23:08,720 --> 00:23:10,400 you know you're that i.t person or that 698 00:23:10,400 --> 00:23:11,200 dev 699 00:23:11,200 --> 00:23:12,559 that suddenly had an interest in this 700 00:23:12,559 --> 00:23:14,240 you took a swing at 701 00:23:14,240 --> 00:23:16,240 at trace labs or had some challenges and 702 00:23:16,240 --> 00:23:18,000 you enjoyed what you did there 703 00:23:18,000 --> 00:23:20,559 and then you evolved into something new 704 00:23:20,559 --> 00:23:22,000 so now with with everything 705 00:23:22,000 --> 00:23:24,799 you've learned you have added so uh you 706 00:23:24,799 --> 00:23:26,240 have added many other skills 707 00:23:26,240 --> 00:23:29,200 um and you are doing more technical work 708 00:23:29,200 --> 00:23:31,600 but all the while you're using osint in 709 00:23:31,600 --> 00:23:34,000 its many forms to add value to your new 710 00:23:34,000 --> 00:23:37,679 and evolved career 711 00:23:37,679 --> 00:23:40,880 okay so feed the supply 712 00:23:40,880 --> 00:23:44,000 this will make sense shortly 713 00:23:44,000 --> 00:23:46,799 right so going clean so you know this is 714 00:23:46,799 --> 00:23:48,400 now you know you tried ocean 715 00:23:48,400 --> 00:23:49,679 maybe the trace labs you did some 716 00:23:49,679 --> 00:23:51,360 challenges and you just like well you 717 00:23:51,360 --> 00:23:52,960 know this is dull this is boring 718 00:23:52,960 --> 00:23:54,320 you know if you're an offensive security 719 00:23:54,320 --> 00:23:56,720 specialist it's in probably not going to 720 00:23:56,720 --> 00:23:58,559 be as exciting for you right you prefer 721 00:23:58,559 --> 00:24:00,640 to you know sit behind a come online and 722 00:24:00,640 --> 00:24:03,440 and do all your gucci stuff right but 723 00:24:03,440 --> 00:24:04,640 you know at least there's some stuff you 724 00:24:04,640 --> 00:24:05,520 can take from it 725 00:24:05,520 --> 00:24:07,520 right so you gave it a shot you tried 726 00:24:07,520 --> 00:24:09,200 and perhaps it's just it's just not for 727 00:24:09,200 --> 00:24:09,679 you 728 00:24:09,679 --> 00:24:12,480 and that's cool right you still gained 729 00:24:12,480 --> 00:24:13,039 you know 730 00:24:13,039 --> 00:24:15,440 no matter how in-depth you went you 731 00:24:15,440 --> 00:24:16,400 still gained 732 00:24:16,400 --> 00:24:18,080 a lot of experience and understanding 733 00:24:18,080 --> 00:24:19,520 and operational security and personal 734 00:24:19,520 --> 00:24:20,480 security 735 00:24:20,480 --> 00:24:23,200 and that's always a value you've gained 736 00:24:23,200 --> 00:24:23,919 a 737 00:24:23,919 --> 00:24:25,679 different level of mindfulness by 738 00:24:25,679 --> 00:24:27,600 understanding the risks and how 739 00:24:27,600 --> 00:24:29,840 information can be strung together you 740 00:24:29,840 --> 00:24:30,799 know it'll help you 741 00:24:30,799 --> 00:24:32,559 be better equipped to make better 742 00:24:32,559 --> 00:24:34,640 decisions related to what you post and 743 00:24:34,640 --> 00:24:36,640 push out on the internet 744 00:24:36,640 --> 00:24:40,480 ideally and you know if not any of that 745 00:24:40,480 --> 00:24:41,919 you can just remember the good old days 746 00:24:41,919 --> 00:24:44,400 you know i if i stop doing ocean now i 747 00:24:44,400 --> 00:24:45,600 would always think about it i was 748 00:24:45,600 --> 00:24:47,360 thinking about that one case 749 00:24:47,360 --> 00:24:49,919 where we found this and we found that i 750 00:24:49,919 --> 00:24:51,520 have some very fond memories from the 751 00:24:51,520 --> 00:24:52,799 recent ctf 752 00:24:52,799 --> 00:24:55,360 we did where we managed to track down 753 00:24:55,360 --> 00:24:57,600 very 754 00:24:57,600 --> 00:24:59,600 chance tracked on a location of someone 755 00:24:59,600 --> 00:25:00,799 they've been missing for almost a year 756 00:25:00,799 --> 00:25:02,000 and a half 757 00:25:02,000 --> 00:25:04,799 um and you know those those bold 758 00:25:04,799 --> 00:25:06,400 memories and i was like you know get 759 00:25:06,400 --> 00:25:08,400 your first shell one day you know you 760 00:25:08,400 --> 00:25:10,480 you tend to remember that shout out i 761 00:25:10,480 --> 00:25:12,159 got my first shell thanks to toko that's 762 00:25:12,159 --> 00:25:12,840 on on 763 00:25:12,840 --> 00:25:15,840 axles 764 00:25:16,240 --> 00:25:19,200 okay so you know you you you decided to 765 00:25:19,200 --> 00:25:20,880 continue down your path with icing so 766 00:25:20,880 --> 00:25:22,080 you didn't give up like the previous 767 00:25:22,080 --> 00:25:23,279 slide you decided you know 768 00:25:23,279 --> 00:25:25,840 where else can this go right so you can 769 00:25:25,840 --> 00:25:27,679 go show and tell right tell your friends 770 00:25:27,679 --> 00:25:28,000 and tell 771 00:25:28,000 --> 00:25:31,120 your family about what you do and how 772 00:25:31,120 --> 00:25:33,760 it will help them take better care when 773 00:25:33,760 --> 00:25:35,279 they're posting information 774 00:25:35,279 --> 00:25:37,919 right so my missus this talk somehow 775 00:25:37,919 --> 00:25:39,760 inspired her and she's not starting to 776 00:25:39,760 --> 00:25:40,640 learn more about 777 00:25:40,640 --> 00:25:43,120 open intelligence right by telling your 778 00:25:43,120 --> 00:25:44,559 friends and family you not only make 779 00:25:44,559 --> 00:25:46,080 them aware but who knows maybe some of 780 00:25:46,080 --> 00:25:47,679 them might have an interest in doing 781 00:25:47,679 --> 00:25:49,840 this because of its ease of entry 782 00:25:49,840 --> 00:25:52,240 right so keep that in mind right 783 00:25:52,240 --> 00:25:54,480 understanding the entry 784 00:25:54,480 --> 00:25:57,279 is now you know getting involved uh you 785 00:25:57,279 --> 00:25:58,159 know it took a 786 00:25:58,159 --> 00:26:00,799 it took a lot from me to take on an 787 00:26:00,799 --> 00:26:03,120 ocean challenge and hacked the box 788 00:26:03,120 --> 00:26:04,880 which then led me to trace labs which 789 00:26:04,880 --> 00:26:07,360 led me on to more diverse etfs 790 00:26:07,360 --> 00:26:10,080 all this has led me in a direction of a 791 00:26:10,080 --> 00:26:12,159 career change so i hope yes i'm a 792 00:26:12,159 --> 00:26:13,360 recruiting now 793 00:26:13,360 --> 00:26:15,760 but i hope to be a digital forensics 794 00:26:15,760 --> 00:26:17,840 consultant one day or you know do cyber 795 00:26:17,840 --> 00:26:19,279 threat intelligence or something down 796 00:26:19,279 --> 00:26:20,559 that line 797 00:26:20,559 --> 00:26:22,400 right by understanding the ease of entry 798 00:26:22,400 --> 00:26:24,320 you may be more inclined to take your 799 00:26:24,320 --> 00:26:25,120 first shot 800 00:26:25,120 --> 00:26:28,159 or challenge uh a ctf 801 00:26:28,159 --> 00:26:32,080 right so it took me 802 00:26:32,080 --> 00:26:35,440 touching ocean to want to dub my toes 803 00:26:35,440 --> 00:26:37,679 into things like jpd style cts 804 00:26:37,679 --> 00:26:38,960 because everyone else is doing stuff i 805 00:26:38,960 --> 00:26:40,480 smashed all the ocean challenges and i 806 00:26:40,480 --> 00:26:41,679 was like you know what 807 00:26:41,679 --> 00:26:43,440 let's look at forensics and once i sold 808 00:26:43,440 --> 00:26:44,880 one forensics challenge 809 00:26:44,880 --> 00:26:47,120 thanks to google you know i was like you 810 00:26:47,120 --> 00:26:48,720 know i can do forensics and let me let 811 00:26:48,720 --> 00:26:50,480 me learn more about this 812 00:26:50,480 --> 00:26:52,320 let me take it and that's now evolved 813 00:26:52,320 --> 00:26:54,960 into a complete career change 814 00:26:54,960 --> 00:26:57,520 right so the evolution so walk the path 815 00:26:57,520 --> 00:27:00,000 that ocean takes you it might lead you 816 00:27:00,000 --> 00:27:02,080 uh to just being more mindful and more 817 00:27:02,080 --> 00:27:04,320 aware it could lead you down a path into 818 00:27:04,320 --> 00:27:07,840 information security 819 00:27:10,240 --> 00:27:14,320 right so take away and and summary 820 00:27:15,520 --> 00:27:17,120 right get involved with open source 821 00:27:17,120 --> 00:27:18,880 intelligence in whatever form 822 00:27:18,880 --> 00:27:22,000 you're probably doing it already if we 823 00:27:22,000 --> 00:27:23,440 know it's like you know if you 824 00:27:23,440 --> 00:27:26,159 dating online you're always going to try 825 00:27:26,159 --> 00:27:27,120 fine 826 00:27:27,120 --> 00:27:28,640 but inflation to find out if they're 827 00:27:28,640 --> 00:27:30,559 crazy or not right 828 00:27:30,559 --> 00:27:32,480 a lot of us are doing it without being 829 00:27:32,480 --> 00:27:35,120 away um maybe this talk just helps you 830 00:27:35,120 --> 00:27:36,000 label that and 831 00:27:36,000 --> 00:27:39,360 that's fine but you know see where it 832 00:27:39,360 --> 00:27:41,440 takes you and and try it out come 833 00:27:41,440 --> 00:27:43,600 come join us on on hacksaws and do some 834 00:27:43,600 --> 00:27:45,520 challenges on on act the box 835 00:27:45,520 --> 00:27:47,200 come join us for chase labs you know 836 00:27:47,200 --> 00:27:49,039 there's no more challenges this year 837 00:27:49,039 --> 00:27:51,120 but this but next year i plan to win it 838 00:27:51,120 --> 00:27:53,200 and i will win it right so come join us 839 00:27:53,200 --> 00:27:55,840 um i know like the vet that's on here he 840 00:27:55,840 --> 00:27:57,360 works in the legal space he has 841 00:27:57,360 --> 00:27:58,480 very little understanding about 842 00:27:58,480 --> 00:28:01,200 information security but 843 00:28:01,200 --> 00:28:04,159 he he had he built an interest in osint 844 00:28:04,159 --> 00:28:04,640 and 845 00:28:04,640 --> 00:28:06,799 he took part with us and me and him have 846 00:28:06,799 --> 00:28:08,240 done well with that you know with him 847 00:28:08,240 --> 00:28:09,679 and the rest of the teammates 848 00:28:09,679 --> 00:28:11,600 with him i've come seventh and and 849 00:28:11,600 --> 00:28:13,600 seventh and third globally with trace 850 00:28:13,600 --> 00:28:16,480 lab so don't be 851 00:28:16,480 --> 00:28:18,399 don't be adverse to to to walking down 852 00:28:18,399 --> 00:28:20,959 that path 853 00:28:21,039 --> 00:28:23,039 right if you're scared remind yourself 854 00:28:23,039 --> 00:28:25,360 of the ease of entry and take a swing 855 00:28:25,360 --> 00:28:27,200 so this talk might necessarily be that 856 00:28:27,200 --> 00:28:28,480 well catered to 857 00:28:28,480 --> 00:28:30,559 you know advanced offset or offensive 858 00:28:30,559 --> 00:28:31,760 security people 859 00:28:31,760 --> 00:28:35,039 but it's there to help inspire everyone 860 00:28:35,039 --> 00:28:37,679 and and and have a try at it like we try 861 00:28:37,679 --> 00:28:38,880 other challenges 862 00:28:38,880 --> 00:28:41,120 on a ctf that we have no understanding 863 00:28:41,120 --> 00:28:42,640 of right it's 864 00:28:42,640 --> 00:28:45,840 it's it's it's a new skill to learn okay 865 00:28:45,840 --> 00:28:46,799 remember the rule 866 00:28:46,799 --> 00:28:49,360 uh the rules of engagement remember zero 867 00:28:49,360 --> 00:28:50,159 touch 868 00:28:50,159 --> 00:28:51,840 try use stock accounts or alternative 869 00:28:51,840 --> 00:28:53,760 accounts um 870 00:28:53,760 --> 00:28:57,120 use a vpn uh try stay as as secure as 871 00:28:57,120 --> 00:28:58,000 you can and be 872 00:28:58,000 --> 00:28:59,520 mindful of that which you might find 873 00:28:59,520 --> 00:29:02,320 along the path 874 00:29:02,480 --> 00:29:04,320 as i said earlier tell your friends tell 875 00:29:04,320 --> 00:29:05,520 your family and tell your colleagues 876 00:29:05,520 --> 00:29:07,600 about open source intelligence 877 00:29:07,600 --> 00:29:09,919 some people love it it's good sometimes 878 00:29:09,919 --> 00:29:11,039 that are bright it's pretty good 879 00:29:11,039 --> 00:29:13,440 conversation starter in showing people 880 00:29:13,440 --> 00:29:14,720 what you can find with them you know 881 00:29:14,720 --> 00:29:16,880 doing a typical thing like asking 882 00:29:16,880 --> 00:29:18,640 someone's email address or scratching 883 00:29:18,640 --> 00:29:20,000 around trying to find the emojis you 884 00:29:20,000 --> 00:29:21,279 find the email address 885 00:29:21,279 --> 00:29:23,120 you put in have i been phoned and then 886 00:29:23,120 --> 00:29:24,559 you explain to them you know 887 00:29:24,559 --> 00:29:26,000 what it means when the email address has 888 00:29:26,000 --> 00:29:27,679 been in like four different breaches 889 00:29:27,679 --> 00:29:28,559 which is something i 890 00:29:28,559 --> 00:29:32,320 i had recently happened at a bride um 891 00:29:32,320 --> 00:29:34,000 taking all that can show people how 892 00:29:34,000 --> 00:29:35,440 vulnerable they are and will make them 893 00:29:35,440 --> 00:29:36,559 more mindful 894 00:29:36,559 --> 00:29:38,320 and also might interest them and you 895 00:29:38,320 --> 00:29:40,000 know what better way to defend 896 00:29:40,000 --> 00:29:42,960 yourself and then up skill and and and 897 00:29:42,960 --> 00:29:45,760 learn from the best 898 00:29:45,919 --> 00:29:47,840 okay follow the path that ocean takes 899 00:29:47,840 --> 00:29:49,279 you whether 900 00:29:49,279 --> 00:29:50,960 whether it takes you down just a simple 901 00:29:50,960 --> 00:29:52,399 doing the ctf side 902 00:29:52,399 --> 00:29:53,840 or whether it takes you on a path into 903 00:29:53,840 --> 00:29:55,760 information security 904 00:29:55,760 --> 00:29:57,520 see where it takes you and and and 905 00:29:57,520 --> 00:30:00,320 follow that road 906 00:30:01,279 --> 00:30:03,279 right if you like it keep learning and 907 00:30:03,279 --> 00:30:04,880 evolve your skills 908 00:30:04,880 --> 00:30:07,600 i i am very good at basic oceans i don't 909 00:30:07,600 --> 00:30:08,080 use 910 00:30:08,080 --> 00:30:11,039 any tools really um you know and that's 911 00:30:11,039 --> 00:30:12,559 this kind of thing is like a vm and 912 00:30:12,559 --> 00:30:13,919 stock accounts 913 00:30:13,919 --> 00:30:15,279 there's a lot of good tools out there 914 00:30:15,279 --> 00:30:17,039 and that's what i plan to use to sharpen 915 00:30:17,039 --> 00:30:18,159 my skills 916 00:30:18,159 --> 00:30:20,559 but it's pretty straightforward stuff 917 00:30:20,559 --> 00:30:22,080 you just gotta understand what to look 918 00:30:22,080 --> 00:30:22,720 at 919 00:30:22,720 --> 00:30:26,080 and what pause to walk down right and 920 00:30:26,080 --> 00:30:28,559 if you if you evolve with that you can 921 00:30:28,559 --> 00:30:30,320 get better and you can evolve into other 922 00:30:30,320 --> 00:30:32,879 new things 923 00:30:33,440 --> 00:30:35,840 yeah and i'll say yeah learn new things 924 00:30:35,840 --> 00:30:37,039 so 925 00:30:37,039 --> 00:30:39,679 i am trying to work i am i'm not very 926 00:30:39,679 --> 00:30:42,559 good at geospatial intelligence so 927 00:30:42,559 --> 00:30:45,200 finding places on a map i'm really bad 928 00:30:45,200 --> 00:30:45,840 at that 929 00:30:45,840 --> 00:30:47,919 um but i'm trying to work on that so one 930 00:30:47,919 --> 00:30:49,360 thing i'm focusing on now 931 00:30:49,360 --> 00:30:51,279 is getting better at triangulating where 932 00:30:51,279 --> 00:30:53,120 a photo is taken 933 00:30:53,120 --> 00:30:55,039 and trying to identify where a location 934 00:30:55,039 --> 00:30:56,240 is purely based on 935 00:30:56,240 --> 00:30:59,679 a photo so yeah learn new things and 936 00:30:59,679 --> 00:31:02,080 this is typical of of this industry 937 00:31:02,080 --> 00:31:04,080 we're always required to learn learn fun 938 00:31:04,080 --> 00:31:05,200 and interesting 939 00:31:05,200 --> 00:31:08,880 new things my links attributions are the 940 00:31:08,880 --> 00:31:10,159 only thing i took idea was from 941 00:31:10,159 --> 00:31:12,480 wikipedia and obviously there's a lot of 942 00:31:12,480 --> 00:31:15,679 giffy gifts on here 943 00:31:17,279 --> 00:31:20,399 right so a quick one about hack south 944 00:31:20,399 --> 00:31:21,840 obviously it's a server that we're 945 00:31:21,840 --> 00:31:24,720 hosting the con on this year um please 946 00:31:24,720 --> 00:31:26,880 be sure to follow us on twitter 947 00:31:26,880 --> 00:31:30,559 we're on linkedin as well uh 948 00:31:30,559 --> 00:31:32,080 if you want any cool roles we've got a 949 00:31:32,080 --> 00:31:34,159 bunch of reaction roles 950 00:31:34,159 --> 00:31:35,360 if you've got a role assignment you can 951 00:31:35,360 --> 00:31:37,519 get some new stuff there 952 00:31:37,519 --> 00:31:40,559 and come join our team on ctf time uh 953 00:31:40,559 --> 00:31:41,919 this is actually the list of the cts 954 00:31:41,919 --> 00:31:43,440 we've done so far this year 955 00:31:43,440 --> 00:31:45,440 so as you can see we're quite active 956 00:31:45,440 --> 00:31:48,080 it's usually the usual faces in the cts 957 00:31:48,080 --> 00:31:49,760 but we'll have to have more people join 958 00:31:49,760 --> 00:31:51,760 us 959 00:31:51,760 --> 00:31:52,960 thanks i'll take some questions on 960 00:31:52,960 --> 00:31:54,799 discord 961 00:31:54,799 --> 00:31:58,760 and here are my socials thank you very 962 00:31:58,760 --> 00:32:01,760 much