1 00:00:00,000 --> 00:00:01,720 Welcome back to track one. 2 00:00:02,160 --> 00:00:08,440 Track one starting off great here with Angus, Angus Red, Angus Red Blue, however you want to call him, Charles Worth. 3 00:00:08,440 --> 00:00:10,080 Obviously, it's going to be a great talk. 4 00:00:10,080 --> 00:00:13,160 It's OSINT, the entry drug your mother never told you about. 5 00:00:13,240 --> 00:00:14,700 And I can 100% agree with that. 6 00:00:14,700 --> 00:00:16,600 It is becoming a drug very quickly. 7 00:00:16,600 --> 00:00:18,140 It's becoming an addiction of my own. 8 00:00:18,380 --> 00:00:21,960 And yeah, we're looking to get straight into this talk and have a great talk with Angus. 9 00:00:22,880 --> 00:00:24,860 Thanks, mate. 10 00:00:24,860 --> 00:00:25,160 Thanks. 11 00:00:25,160 --> 00:00:26,160 I'll take it from there. 12 00:00:26,160 --> 00:00:30,740 So thanks very much for welcoming me and thanks for the great keynote by Benjamin. 13 00:00:30,740 --> 00:00:33,180 I think it was absolutely fascinating. 14 00:00:33,280 --> 00:00:36,300 And hopefully I can keep you all entertained. 15 00:00:36,400 --> 00:00:37,860 So yeah, here's my talk. 16 00:00:37,860 --> 00:00:41,420 It's about OSINT, but it's gonna be a bit different, nothing technical. 17 00:00:41,480 --> 00:00:50,300 But it's about how I see it as a sort of a gateway into the information security industry and what you can learn along the way. 18 00:00:50,500 --> 00:00:52,700 So here we go. 19 00:00:54,860 --> 00:00:56,820 So outline of my talk. 20 00:00:56,820 --> 00:00:58,400 So basically, I'll do a brief introduction. 21 00:00:58,440 --> 00:01:01,280 We'll then talk about what OSINT is in a very basic fashion. 22 00:01:01,280 --> 00:01:04,980 I'm sure everyone will cover that in great detail today, but it's just a bit of an overview. 23 00:01:05,820 --> 00:01:07,940 Why we do OSINT and how it's used. 24 00:01:08,080 --> 00:01:09,640 Then we'll talk about sort of the drug. 25 00:01:09,640 --> 00:01:11,180 So why it's awesome. 26 00:01:11,180 --> 00:01:13,400 The result that comes from that. 27 00:01:13,740 --> 00:01:15,400 What can you gain directly? 28 00:01:15,420 --> 00:01:18,460 And then we'll sort of feed the supply of the security industry. 29 00:01:18,520 --> 00:01:21,580 And then hopefully there's some questions right after a summary. 30 00:01:22,580 --> 00:01:23,680 So who am I? 31 00:01:23,680 --> 00:01:28,320 So I'm obviously Charles Roth, with a silent W. 32 00:01:28,440 --> 00:01:30,000 I go by Angus Red. 33 00:01:30,660 --> 00:01:32,220 I'm former British military. 34 00:01:32,220 --> 00:01:36,980 I served six years in the British Airborne, four years of which was a signal attachment commander. 35 00:01:36,980 --> 00:01:44,140 I then did six years in high risk security consulting, normally in East and West Africa, and also some time in the Middle East and Southern Iraq as a bodyguard. 36 00:01:44,660 --> 00:01:54,320 And then for the last sort of three and a half, four years, I've been a lead technical security recruiter for a agency based out of the UK that also has an office up in the United States. 37 00:01:54,320 --> 00:01:55,680 Technical security recruiting. 38 00:01:55,680 --> 00:02:03,400 So pentesting, vetting, DFIL, threat intel, you know, interactive operations, that sort of stuff. 39 00:02:03,400 --> 00:02:05,780 I'm also co-organized with BSAT Cape Town. 40 00:02:05,780 --> 00:02:12,240 I started a small Discord community called HackSouth dedicated to African security professionals. 41 00:02:12,420 --> 00:02:16,120 And I'm also hoping to one day be a DFIL consultant. 42 00:02:16,220 --> 00:02:21,960 On the OSINT side, I've taken part in three OSINT, TraceLab, Missing Persons CTFs, which I really enjoy. 43 00:02:22,300 --> 00:02:25,580 First time, I finished 53rd with my team from HackSouth. 44 00:02:25,580 --> 00:02:27,720 And more recently, we finished 7th. 45 00:02:27,720 --> 00:02:30,540 But unfortunately, I won't be participating tomorrow. 46 00:02:30,580 --> 00:02:32,900 But I wish luck to everyone that does. 47 00:02:34,120 --> 00:02:36,180 Right, so what is OSINT? 48 00:02:36,700 --> 00:02:38,540 I took this directly from Wikipedia. 49 00:02:38,540 --> 00:02:53,020 So to keep it short, open source intelligence is a multi method qualitative and quantitative methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context. 50 00:02:53,360 --> 00:03:09,420 Right, so OSINT under one name or another has been around for hundreds of years with the advent of sort of instant communications and rapid information transfer, a great deal of actionable and predictive intelligence can now be obtained from the public and classified sources. 51 00:03:09,420 --> 00:03:15,220 So a lot of us will find that we've been doing OSINT for many, many, many years. 52 00:03:15,220 --> 00:03:16,860 We just didn't know it was called OSINT. 53 00:03:16,860 --> 00:03:19,020 We thought maybe perhaps we were just a bit creepy. 54 00:03:19,980 --> 00:03:38,620 So sources, so where people gather intelligence, so typically, media, so print media, newspapers online, the internet, which is typically, you know, social media, blogs, message boards, that tends to be the bulk of where you find a lot of information, 55 00:03:38,620 --> 00:03:43,300 public government data, which can be sort of government reports. 56 00:03:43,300 --> 00:03:47,060 Here in South Africa, we have something called the CIPC, Registered Companies. 57 00:03:47,460 --> 00:03:57,480 And on there, you can find, you know, someone's got a name or an ID number, you can find their company information, their ID numbers, their personal addresses, returns, all that sort of information. 58 00:03:58,080 --> 00:04:00,760 Next, we have professional and academic publications. 59 00:04:00,860 --> 00:04:05,140 So this is academic journals, academic papers, you know, talks. 60 00:04:05,260 --> 00:04:16,160 You know, if I want to do OSINT on someone in the community, and they've done a lot of talks, I'll typically watch the first five minutes of their talks, because that's where they do the intro, like I did, and you can usually gather a lot of information from that. 61 00:04:16,540 --> 00:04:30,660 Commercial data, you know, that's commercial imagery, financial industrial assessments, and databases, and then grey literature, which I'm not so sort of strong on, which is technical reports, preprints, patents, any of that sort of information. 62 00:04:30,660 --> 00:04:42,060 So OSINT is distinguished from research in that it applies to the process of intelligence to create tailored knowledge supportive of specific decision by a specific individual or group. 63 00:04:42,060 --> 00:04:48,480 So, you know, if you go to the definition of OSINT on Wikipedia, you'll find exactly this, but I thought I would just reiterate it. 64 00:04:49,540 --> 00:04:53,000 So why is OSINT, and sort of what do we use it for? 65 00:04:53,860 --> 00:04:57,060 So on the fun side, we have CTFs and challenges. 66 00:04:57,160 --> 00:05:01,960 So here we have a screenshot of the OSINT challenges on Hack the Box. 67 00:05:02,580 --> 00:05:11,580 So usually this is based on fake information, or fake accounts, or sock accounts, in order to test someone's ability to gather intelligence and piece it together to form a hypothesis. 68 00:05:11,920 --> 00:05:25,820 So with Hack the Box, you'll find a, you know, you'll go down a bit of a, you know, from one place to another, from one account to another, and then in the end you'll find like a tag, a Hack the Box tag, which is known as a flag, and you submit it and you get your points. 69 00:05:27,400 --> 00:05:31,080 I'll show you what one of those cases can look like very briefly, shortly. 70 00:05:31,080 --> 00:05:33,180 Next, you have personally developed challenges. 71 00:05:33,180 --> 00:05:41,540 So Bushido, Will, that's speaking later, he has one or two challenges that I've done which are really great, because it's like a storyline. 72 00:05:41,540 --> 00:05:45,060 So you get one information that leads to the next, that leads to the next, which is really fun. 73 00:05:45,500 --> 00:05:56,080 And then on Twitter you get, you know, hashtag OSINT challenge, where, you know, I did one recently, which I'll show you shortly, which is like, you'll take a picture of somewhere where you are, and you'll ask people to try to figure out where you are. 74 00:05:56,380 --> 00:06:00,860 I know RAG and Viking introduced me to that quite often, one another. 75 00:06:01,800 --> 00:06:05,100 Right, so here's one of the challenges on Hack the Box. 76 00:06:05,100 --> 00:06:14,360 So the typical setup, you'll have to, potentially you have to download something, and it says here, super-secure startups, private information is being leaked, can you find out how? 77 00:06:14,440 --> 00:06:21,800 So your only bit of information is the name super-secure startup, which is a company , and they leak information, and you need to find out how. 78 00:06:21,800 --> 00:06:35,060 So what you then do is you go, you go search on Google, and you find super-secure startup, you look at LinkedIn pages and Twitter, and you walk down a path, and that'll give you information to help you unlock the file that you've downloaded. 79 00:06:35,060 --> 00:06:35,980 And it's quite fun. 80 00:06:35,980 --> 00:06:37,500 Some of them are very challenging. 81 00:06:37,840 --> 00:06:44,980 I've had help from from RAG and Viking on this, but it's really, you know, it's interesting to do. 82 00:06:45,940 --> 00:06:47,980 All right, so hashtag ocean challenges. 83 00:06:48,060 --> 00:06:50,180 So recently, I went on holiday with a missus. 84 00:06:50,260 --> 00:06:53,180 So in the left, you can see a picture that I took. 85 00:06:53,700 --> 00:06:55,660 That's obviously, it didn't have all the squares on it. 86 00:06:55,660 --> 00:06:59,980 And then a friend of mine , Neon Pegasus, he then took on the challenge. 87 00:06:59,980 --> 00:07:02,340 He's been getting more involved with Ocean recently. 88 00:07:02,340 --> 00:07:05,860 He's also taken part in the Trace Labs with me before. 89 00:07:06,080 --> 00:07:10,580 So then he pretty much pinpointed within a couple of meters of where exactly I was. 90 00:07:10,800 --> 00:07:14,920 And you can see there his report that he drew up from Google. 91 00:07:14,940 --> 00:07:21,060 So, you know, these are really fun things to do on the weekends, and they're not too serious, and it's all semi-fake information. 92 00:07:21,060 --> 00:07:22,500 So it's quite safe. 93 00:07:23,480 --> 00:07:26,560 Right, so next is Trace Labs, which we'll know about quite a bit. 94 00:07:26,600 --> 00:07:31,560 They actually have a CTF going tomorrow, which unfortunately, I won't be attending, but I wish everyone best of luck. 95 00:07:31,560 --> 00:07:39,400 So typically, the Trace Labs CTF is, it's a CTF that has between about 8 to 12 missing persons cases. 96 00:07:39,400 --> 00:07:47,660 It's to challenge someone's ability, but it is based on real people and real cases, and so that has a real outcome. 97 00:07:47,660 --> 00:07:50,220 So the intelligence is passed to law enforcement. 98 00:07:50,220 --> 00:07:54,540 So, you know, afterwards, they take all the information, collate it, and flag. 99 00:07:54,680 --> 00:08:04,140 And then from there, a report is sent to law enforcement to help find the people represented in the missing persons cases. 100 00:08:04,520 --> 00:08:13,260 So it's really, really interesting and exciting to do, and you can learn a lot from it, and you learn how you can shrink pieces of information together and corroborate. 101 00:08:13,260 --> 00:08:15,520 So really, really worth considering. 102 00:08:15,520 --> 00:08:22,260 And part of my talk today is to try to get people interested in doing this kind of stuff, because it can lead you down a very interesting path. 103 00:08:23,460 --> 00:08:25,500 Right, next is in a professional sense. 104 00:08:25,500 --> 00:08:27,200 So, you know, Red Team and Social Engineering. 105 00:08:27,200 --> 00:08:36,240 So many Red Teamers will use open source intelligence to gather intel on proposed targets, typically during sort of like a recon phase. 106 00:08:36,540 --> 00:08:50,480 Okay, so they usually, they will use that information to build a picture on their clients in order to exploit vulnerabilities, usually a human factor, using techniques such as social engineering and other forms of exploitation tactics. 107 00:08:50,780 --> 00:08:56,800 As I said earlier, it's often part of the recon phase of a Red Team engagement. 108 00:08:57,500 --> 00:09:01,680 And it can sometimes be of massive, massive, massive value. 109 00:09:01,680 --> 00:09:11,780 You know, you can, you'll find, you know, that person in marketing or sales or HR recruiting that might not be so security inclined, and that can usually be your point of exploitation. 110 00:09:12,960 --> 00:09:21,560 Okay, so something I did recently, and this actually led me to want to do a different talk about sort of the different uses of OSINT, you know, outside of what we might think. 111 00:09:21,720 --> 00:09:24,160 So I've used OSINT for property investments. 112 00:09:24,160 --> 00:09:37,120 So, you know, I used OSINT to gain information about property, its owners, their situation, and gather intel on any unknowns about a property to make an informed decision about investment or purchase. 113 00:09:37,560 --> 00:09:43,340 So long story short, I looked at a very cheap house in a small farmer's town near me. 114 00:09:43,480 --> 00:09:47,900 The house was massively undervalued, and I want to understand why. 115 00:09:48,020 --> 00:09:52,820 So I did some research, I found the ERF number, or the ADF number as we call it in South Africa. 116 00:09:52,960 --> 00:10:00,240 From there, I got the owner's names, I found out the valuations that it had in the years past, which were a lot higher than what they were now. 117 00:10:00,680 --> 00:10:06,760 I also found various social media accounts showing what people are getting up to at the house. 118 00:10:06,940 --> 00:10:10,500 I quickly realized it's not something I want to purchase. 119 00:10:10,720 --> 00:10:18,280 I don't exactly want people knocking on my door looking for a fix at two in the morning with my missus and my family. 120 00:10:18,280 --> 00:10:21,760 So I made the conscious decision not to pursue it. 121 00:10:21,760 --> 00:10:26,020 But this is something that a lot of people don't think about and should be considered. 122 00:10:27,020 --> 00:10:27,880 Right, business development. 123 00:10:27,880 --> 00:10:36,500 So as I said in the beginning of the talk, I'm a lead security recruiter, and I'll often use OSINT in a very light manner to do some business development. 124 00:10:36,700 --> 00:10:45,920 So as a recruiter, I do extensive OSINT to understand my clients or potential clients, what makes them tick and how to string pieces of information together to execute a better pitch to a client. 125 00:10:45,940 --> 00:10:55,460 So often to get a new client, I know once I get a client on the phone, I tend to land them because we've got that strong technical prowess when it comes to recruiting. 126 00:10:55,880 --> 00:10:57,920 But typically, you need an in. 127 00:10:58,200 --> 00:11:05,820 So to get an in with these companies, I'll find some people I can talk to at the company who are more susceptible to conversation. 128 00:11:06,080 --> 00:11:11,560 I'll conduct basic research on the, you know, let's call it a target and people I know and who know them. 129 00:11:11,640 --> 00:11:20,180 I'll build a picture of the company and the people I want to contact, and then I'll execute an outreach using some basic info to help break the ice and build familiarity. 130 00:11:20,560 --> 00:11:22,320 So for instance, I'm ex-military. 131 00:11:22,320 --> 00:11:32,320 If I find one of my targets at a company who is also ex-military, you know, and this is genuine, I would say like, hey, you know, I see you also serve, you know, thank you for your service. 132 00:11:32,480 --> 00:11:39,000 I served between the years of this and this and, you know, I'm sure we can find some common ground. 133 00:11:39,000 --> 00:11:41,940 So a lot of people do use this. 134 00:11:43,420 --> 00:11:44,680 Right, next is interview prep. 135 00:11:44,680 --> 00:11:49,580 This is actually where I found LinkedIn and where I started doing extensive OSINT without knowing it was OSINT. 136 00:11:49,580 --> 00:11:51,400 So this is back when I was leaving the military. 137 00:11:51,400 --> 00:11:57,780 So as an interviewee, when I was a contractor, I do extensive research into the company I'm interviewing with. 138 00:11:58,020 --> 00:12:01,840 So this is to obviously know who I'm going to potentially be joining. 139 00:12:02,860 --> 00:12:06,660 And it was also to build a picture of that company and who works there and how they operate. 140 00:12:06,880 --> 00:12:14,520 And the other big factor for an interview is to show that I have a big interest in that company and what they do and how they operate. 141 00:12:14,980 --> 00:12:19,100 So, you know, when that typical question comes on in the first interview, like, what do you know about us? 142 00:12:19,100 --> 00:12:24,180 I could say like, your company does this, they specialize in this, they operate here, here, here, here. 143 00:12:24,300 --> 00:12:30,160 I've seen some really good media reports on this and this, you know, in Forbes and in this publication. 144 00:12:30,680 --> 00:12:37,160 You know, you have six boards of directors, three of them went to Oxford, you know, and then they'll suddenly go like, whoa, okay, cool, that's enough. 145 00:12:37,580 --> 00:12:46,060 You're not going to say bad stuff like, you know, I know his missus loves wearing red dresses, because that does not help your interview. 146 00:12:46,100 --> 00:12:50,240 But it helps you show a company that you've done your research. 147 00:12:50,240 --> 00:13:00,480 A lot of people fail to do even the most basic research about a company and despite how good you are, companies will be less inclined to hire you if you haven't done your research. 148 00:13:02,540 --> 00:13:04,180 Right, so candidate vetting. 149 00:13:04,180 --> 00:13:06,940 So this is something that I don't have to do that often. 150 00:13:06,940 --> 00:13:15,720 But if I get... when I do calls with candidates, it's typically also to find out, like , are they, you know, are they compass mentors? 151 00:13:15,720 --> 00:13:20,700 Like, are they, you know, are they just standard, you know, semi-normal people? 152 00:13:20,700 --> 00:13:23,260 Or are they completely, you know, are they crazy? 153 00:13:23,260 --> 00:13:24,760 It doesn't happen very often. 154 00:13:24,800 --> 00:13:28,320 Every now and then you get something that it bugs me, I think there's something going on here. 155 00:13:28,320 --> 00:13:29,500 So then I'll do some OSINT. 156 00:13:29,500 --> 00:13:33,180 And that's basically just to understand who I'm potentially dealing with. 157 00:13:33,180 --> 00:13:44,340 You know, you might find someone has some, very right-wing or, you know, opinions on Facebook or something, and it helps you vet someone potentially joining a company. 158 00:13:44,340 --> 00:13:47,720 So it's really of value. 159 00:13:48,260 --> 00:13:51,520 You know, I don't really care what you do in your off time. 160 00:13:51,620 --> 00:14:01,020 But, you know, if it is... if I can get information that shows me that what you do when you're off time can negatively affect the company, that is some information I want to know. 161 00:14:01,020 --> 00:14:03,320 Or at least want to be pre-warned about it. 162 00:14:04,440 --> 00:14:05,280 Right. 163 00:14:05,960 --> 00:14:06,520 Okay. 164 00:14:06,520 --> 00:14:10,160 So why is OSINT so damn awesome? 165 00:14:10,160 --> 00:14:10,600 Right. 166 00:14:10,600 --> 00:14:12,560 So, okay. 167 00:14:12,560 --> 00:14:14,600 So this is all about the ease of entry. 168 00:14:14,600 --> 00:14:15,000 Right. 169 00:14:15,000 --> 00:14:21,500 So now we're going to go to the highly complex skills and tools required to do any form of OSINT. 170 00:14:21,500 --> 00:14:22,280 Right. 171 00:14:23,440 --> 00:14:25,560 So the prerequisites. 172 00:14:25,680 --> 00:14:26,240 Okay. 173 00:14:26,240 --> 00:14:28,960 You need a computer or a smartphone. 174 00:14:28,960 --> 00:14:34,900 It's to do any form of open source intelligence, you need some form of computer. 175 00:14:34,900 --> 00:14:36,760 So like I said, a computer or a smartphone. 176 00:14:37,300 --> 00:14:41,160 You need internet to get onto the internet, because that's where you're going to find a bulk of your information. 177 00:14:41,160 --> 00:14:47,180 You're not exactly going to go down to the library and conduct any sort of valuable OSINT from a library. 178 00:14:48,360 --> 00:14:48,840 Right. 179 00:14:48,900 --> 00:14:49,500 Curiosity. 180 00:14:49,500 --> 00:14:51,080 You have to have a sense of curiosity. 181 00:14:51,080 --> 00:15:05,040 If you're curious, if you like gossip, if you like watching, you know, murder mysteries and that kind of stuff, and you want to, you know, or you watch a show that, you know, you're constantly like, oh, I think he's the killer, or he did this, or she did that. 182 00:15:05,680 --> 00:15:09,640 You know, having that sense of curiosity helps your cause. 183 00:15:10,220 --> 00:15:10,660 Right. 184 00:15:10,660 --> 00:15:11,540 So this is a big one. 185 00:15:11,540 --> 00:15:13,220 So understanding the rules of engagement. 186 00:15:13,440 --> 00:15:20,620 So the typical rules of engagement are you ideally do not want to use a system that is linked to your work. 187 00:15:20,620 --> 00:15:23,820 You don't want to use a system that's linked to your personal life. 188 00:15:23,820 --> 00:15:24,920 You want to use something isolated. 189 00:15:24,920 --> 00:15:26,940 So a lot of people use virtual machines. 190 00:15:27,840 --> 00:15:29,440 I know TraceLabs has its own VM. 191 00:15:29,440 --> 00:15:31,200 There's some other stuff cooking as well. 192 00:15:32,120 --> 00:15:41,720 Or, you know, people don't want to use their own Facebook accounts or Instagram accounts or LinkedIn accounts, because then there's a sort of a data entry there that could lead back to you. 193 00:15:41,860 --> 00:15:43,940 So you always want to use isolated systems. 194 00:15:43,940 --> 00:15:50,220 And the biggest things you want to understand about rules of engagement, right, is zero touch. 195 00:15:50,340 --> 00:15:53,480 It is the most simple thing, but a lot of people forget about it. 196 00:15:53,480 --> 00:16:04,080 So zero touch literally means to not engage or interact with a target or people connected to the target, anything related to investigation. 197 00:16:04,080 --> 00:16:05,660 So not liking anything. 198 00:16:05,660 --> 00:16:10,520 If someone has their Instagram account as private, you don't follow them. 199 00:16:10,520 --> 00:16:13,840 You know, it can go very wrong very quickly. 200 00:16:13,840 --> 00:16:17,080 And then you are tagged in that person's life. 201 00:16:17,080 --> 00:16:20,340 And if something goes wrong with that person, they're going to come looking at you. 202 00:16:20,340 --> 00:16:20,800 Right. 203 00:16:20,800 --> 00:16:23,300 So the main thing is zero touch. 204 00:16:25,300 --> 00:16:25,900 Right. 205 00:16:25,960 --> 00:16:27,780 Understanding what you want as an outcome. 206 00:16:27,780 --> 00:16:32,320 So it's important to remind yourself of what you want to finish with. 207 00:16:32,320 --> 00:16:35,100 What is the end result? 208 00:16:35,140 --> 00:16:37,180 What the end result should look like? 209 00:16:37,500 --> 00:16:39,520 Why are we doing what we're doing? 210 00:16:39,820 --> 00:16:41,680 By doing that, you can stay on track. 211 00:16:41,680 --> 00:16:58,060 So what I do, what I sometimes do is if I have a target, sorry I got a bit of a cold, but if I have a target, I will look at every bit of information I can find about that person, their Facebook, their LinkedIn, their Twitter, their Instagram, anything I can find. 212 00:16:58,060 --> 00:16:58,580 Right. 213 00:16:58,580 --> 00:17:04,220 Once I've kind of burnt up that source, I need to start looking elsewhere. 214 00:17:04,380 --> 00:17:04,600 Right. 215 00:17:04,600 --> 00:17:12,800 So looking at spouses, girlfriends, boyfriends, partners, you know, very close friends or family. 216 00:17:12,920 --> 00:17:21,480 So you'll start branching out, but you always have to remind yourself of who the target is, because you might branch out to a mother and from a mother, you go to a boyfriend. 217 00:17:21,480 --> 00:17:23,440 From the boyfriend, you go to an ex-wife. 218 00:17:23,540 --> 00:17:28,140 Now you're about four degrees from that person and you're not sticking to what you're looking at. 219 00:17:28,140 --> 00:17:28,620 Right. 220 00:17:28,620 --> 00:17:34,840 So you'll always go down those paths, but if it's leading anywhere, you just come back to the target and follow the next route. 221 00:17:34,980 --> 00:17:35,540 Right. 222 00:17:37,300 --> 00:17:38,160 Right. 223 00:17:38,160 --> 00:17:41,440 And the last thing is understanding what you might find. 224 00:17:41,660 --> 00:17:47,220 So if you're doing things like TraceLabs, you might come across some hairy stuff. 225 00:17:47,280 --> 00:17:52,220 You might come across some things of violent nature, some things of sexual nature. 226 00:17:53,260 --> 00:18:02,740 You know, a lot of the cases are also, what you might find. 227 00:18:03,320 --> 00:18:07,080 Typically, you'll kind of know where you're going to find the rough stuff and where you're not. 228 00:18:07,500 --> 00:18:10,040 It is important to be mentally prepared for that. 229 00:18:10,040 --> 00:18:10,840 I'm ex-military. 230 00:18:10,840 --> 00:18:13,460 I've seen some pretty interesting stuff in my life. 231 00:18:13,540 --> 00:18:19,500 So I know what my level of appetite for that thing is or that kind of stuff is. 232 00:18:19,500 --> 00:18:23,460 So as long as you know what you're potentially in for, you're good to go. 233 00:18:23,580 --> 00:18:31,960 So going through all these steps, you know, what you need, the internet, understanding ROE, what your outcome is and what you might find. 234 00:18:32,080 --> 00:18:36,440 You can see that it is actually quite, quite, quite simple. 235 00:18:36,440 --> 00:18:36,620 Right. 236 00:18:36,620 --> 00:18:41,020 So this is literally the ease of entry and how easy it is to get into this stuff. 237 00:18:41,020 --> 00:18:43,220 It does not take much to get involved. 238 00:18:45,120 --> 00:18:45,680 Right. 239 00:18:45,680 --> 00:18:48,100 So, you know, what is the result of this? 240 00:18:49,980 --> 00:18:51,640 Sorry, that GIF caught me there. 241 00:18:51,640 --> 00:18:52,340 Right. 242 00:18:52,740 --> 00:18:53,840 So the satisfaction. 243 00:18:53,840 --> 00:18:56,380 What do you, you know, what are you getting out of this? 244 00:18:56,380 --> 00:18:56,740 Right. 245 00:18:56,740 --> 00:18:58,760 So the big thing for me is the find. 246 00:18:58,820 --> 00:19:10,020 So finding that last known location of a missing person and reading an article, you know, subsequently and finding out the person was found and they're okay and that they're in a bad situation. 247 00:19:10,360 --> 00:19:12,920 There is a big sense of satisfaction to me. 248 00:19:13,180 --> 00:19:14,520 Also with small things. 249 00:19:14,520 --> 00:19:25,200 When I find an insignificant piece of intelligence that I think is insignificant and I then corroborate it and then I realize that small information is massive. 250 00:19:25,280 --> 00:19:38,700 So, for instance, we once ran a case and we were looking for a young girl that went missing and we found a picture on some guy's Facebook of her in a backseat and we did not think much of it. 251 00:19:38,760 --> 00:19:48,300 Then we found another photo in another place of that car and we could manage to link her to that specific car and we knew who the owner of that car was and the photo had been taken very recently. 252 00:19:48,300 --> 00:19:55,760 So we could say, like, with a strong, you know, level of certainty, this is a license plate of the car, this is where it was and this is where that potential person is. 253 00:19:55,820 --> 00:19:59,720 So when you start stringing that information together, it gets really interesting and really exciting. 254 00:20:01,500 --> 00:20:04,840 All right, so on the commercial side, so getting that new client, again, that new job. 255 00:20:04,840 --> 00:20:13,840 So when your your efforts have led you to signing a new potential client or getting a new job, there is, you know, definite satisfaction in that. 256 00:20:13,840 --> 00:20:18,000 So, you know, it's something to keep in mind. 257 00:20:18,760 --> 00:20:20,360 Okay, when you know, you know. 258 00:20:20,360 --> 00:20:32,100 So when you sharpen your abilities and you know what you are able to find, what help you can provide and how to protect yourself, your friends and your family, there is massive value there, right? 259 00:20:32,400 --> 00:20:50,780 If I see one of my cousins or one of my, you know, one of my mothers, my mother or, you know, any other family or colleagues posting something that they shouldn't be posting, you know, posting a picture of a kid going to school and he has his uniform and this is where he goes to school and that's how old it is and this is his teacher is, 260 00:20:50,780 --> 00:20:56,240 you know, then I will alert them and say, hey, you know, in a very nice way, I'll say, hey, like, you need to think about what you're posting yet. 261 00:20:56,240 --> 00:21:01,120 You know, this is, you're adding risk to your life and it's, this is not safe. 262 00:21:01,500 --> 00:21:03,900 And then people go, oh, but that information means nothing. 263 00:21:03,900 --> 00:21:12,260 But when you string that with other information you can find, suddenly, you know, you've got a whole target package on someone that means, you know, is dear to you. 264 00:21:12,560 --> 00:21:16,340 So having that knowledge is, you know , very helpful . 265 00:21:17,380 --> 00:21:18,100 Okay. 266 00:21:18,100 --> 00:21:20,920 Many pieces make one pretty puzzle. 267 00:21:20,920 --> 00:21:25,300 So OSINT is interesting in that it's all open source. 268 00:21:25,300 --> 00:21:32,740 So you find small little bits of information and as a singular piece of information, it's not much. 269 00:21:32,740 --> 00:21:34,020 It doesn't lead anywhere. 270 00:21:34,020 --> 00:21:36,620 It doesn't tell much of a story sometimes. 271 00:21:36,620 --> 00:21:56,700 But when you piece all those things together and you build a massive puzzle or a massive picture and you realize, like, what puzzle is going down or, you know, what they portray on Instagram versus what they portray on Facebook or Twitter, I get a strong sense of satisfaction in knowing that information and relying, 272 00:21:56,700 --> 00:21:59,600 like, I know the big picture here. 273 00:21:59,820 --> 00:22:10,480 So with OSINT, one will find small pieces of insignificant information and when you get all those small pieces and you build it into an instant picture, that is of great value. 274 00:22:10,520 --> 00:22:12,800 And then it becomes something that is actionable. 275 00:22:13,720 --> 00:22:16,160 So yeah, that's something that brings a lot to me. 276 00:22:16,740 --> 00:22:18,940 And I think the last piece is the knowledge. 277 00:22:18,940 --> 00:22:20,300 So the knowledge of knowing. 278 00:22:20,300 --> 00:22:24,580 So when you have the skill set, you know what you're able to find and how to achieve something. 279 00:22:24,620 --> 00:22:38,840 You'll be surprised that when you've done this a bit and you've done some CTFs, you've taken that chance, taken a swing at doing a CTF, which I highly suggest people do, you'll find that you can use OSINT in some very interesting ways to achieve things. 280 00:22:38,840 --> 00:22:48,200 Recently, I helped a guy here in South Africa that sold his Xbox on a Facebook group that was dedicated to gamers here in South Africa. 281 00:22:48,500 --> 00:22:52,860 And all he had was an ID photo or ID, a copy of someone's ID. 282 00:22:52,860 --> 00:22:55,640 And from that, I built a massive picture. 283 00:22:55,640 --> 00:23:04,020 And I could measure the guy and say, hey, I first checked beforehand to make sure that the Xbox, in fact, was stolen and it all looked legit. 284 00:23:04,060 --> 00:23:05,140 And then I sent the information. 285 00:23:05,140 --> 00:23:09,420 I said, look, look, this is where you can go to the guy to get your money or get your Xbox back. 286 00:23:09,420 --> 00:23:13,160 So having that knowledge brings satisfaction to me. 287 00:23:13,160 --> 00:23:25,800 You know, when you're scrolling through Facebook and you've got a lot of people of varying age groups and varying backgrounds, and when you see someone post, you think to yourself, like, I know how valuable that is as intelligence, piece of intelligence. 288 00:23:26,040 --> 00:23:28,540 So, you know, the knowledge brings a lot of satisfaction. 289 00:23:29,520 --> 00:23:30,100 Right. 290 00:23:30,100 --> 00:23:31,120 So what are the side effects? 291 00:23:31,120 --> 00:23:35,580 So what can come indirectly from getting involved with OSINT? 292 00:23:39,270 --> 00:23:39,830 Right. 293 00:23:39,830 --> 00:23:43,010 So being a champion of operational security or personal security. 294 00:23:43,010 --> 00:23:48,910 So being a champion of OPSEC and being a champion of personal security or PERSEC, right? 295 00:23:49,550 --> 00:23:55,250 It allows you to stay safe and stay more protected and be more guarded about what you post. 296 00:23:55,250 --> 00:24:04,450 And knowing that when you post this one thing, how that can be strung together with another piece of information to affect you in an adverse way. 297 00:24:04,570 --> 00:24:06,990 So that's always of value. 298 00:24:07,490 --> 00:24:08,490 But the hunger. 299 00:24:08,490 --> 00:24:14,270 So, you know, you had a taste of OSINT and you, you know, you enjoyed it. 300 00:24:14,270 --> 00:24:20,910 So due to that ease of entry into OSINT and then achieving some success, it is only natural to want more. 301 00:24:20,910 --> 00:24:24,510 Whether it is more OSINT challenges or whether it's other challenges. 302 00:24:24,510 --> 00:24:25,950 So something more technical. 303 00:24:25,950 --> 00:24:26,290 Right. 304 00:24:26,290 --> 00:24:30,770 So that typically leads us down to something called the intent. 305 00:24:30,770 --> 00:24:44,430 So once achieving the above, one starts to learn more about security and how to find other information by various techniques, whether that be hacking or, you know, there's various ways to get information. 306 00:24:44,430 --> 00:24:45,210 Right. 307 00:24:45,470 --> 00:24:53,010 Although the next step is more technically challenging, the hunger and the intent is enough to push someone into that direction. 308 00:24:53,010 --> 00:24:53,490 Right. 309 00:24:53,570 --> 00:24:55,010 And then we get the path. 310 00:24:55,010 --> 00:24:59,210 So once you had the drug, you built the hunger and have the intent. 311 00:24:59,210 --> 00:25:02,370 People tend to build a path in line with security. 312 00:25:02,370 --> 00:25:04,190 Not always, but it often happens. 313 00:25:04,190 --> 00:25:05,670 And it happened with me. 314 00:25:05,670 --> 00:25:06,410 Right. 315 00:25:06,530 --> 00:25:16,270 So I evolved from OSINT into forensics challenges, into more sort of hacking CTFs or, you know, like CTFs you typically get where it's got different types of challenges. 316 00:25:16,270 --> 00:25:17,690 So that led me down that path. 317 00:25:17,690 --> 00:25:21,270 And from there, it led me to steganography and doing offensive security. 318 00:25:21,270 --> 00:25:22,290 So popping boxes. 319 00:25:22,290 --> 00:25:28,790 I am extremely novice at doing offensive security, but there is an element of huge excitement. 320 00:25:28,790 --> 00:25:34,050 And those messing around on the weekend CTFs with your buddies can lead into a career. 321 00:25:34,250 --> 00:25:37,550 So all by at a slow pace, you know, me personally. 322 00:25:37,850 --> 00:25:45,370 From there, more formal plans evolve into things like pen testing, red teaming, social engineering, and forensics. 323 00:25:45,370 --> 00:25:49,390 Like me, I want to do digital forensics and initial response one day. 324 00:25:49,550 --> 00:25:59,250 Probably with my background in the military and high-risk security, you know, counterinsurgency, all that stuff, I should go into offensive security because I'll be really good at physical stuff. 325 00:25:59,250 --> 00:26:01,150 I'll be really good at social engineering. 326 00:26:01,650 --> 00:26:08,090 And I probably will pick up that skill set more, but I believe I'd like to go more into digital forensics. 327 00:26:08,470 --> 00:26:09,090 Right. 328 00:26:09,470 --> 00:26:11,970 And from the path comes the career. 329 00:26:11,970 --> 00:26:27,670 So now with everything you have learned, you have added many other skills and you are doing more technical work, but all the while you are using OSINT in its many, many forms to add value to your new and evolved career. 330 00:26:27,670 --> 00:26:36,430 So I'm not saying everyone that does OSINT is going to get into InfoSec, but it is a great place to start. 331 00:26:36,430 --> 00:26:39,150 You know, I don't know, it does something to you. 332 00:26:39,150 --> 00:26:47,490 That's why I call these, I'm using the drug references because really for me, I like, I've become addicted to it and I love it and I want to learn more from it. 333 00:26:48,590 --> 00:26:49,070 All right. 334 00:26:49,070 --> 00:26:49,830 So what now? 335 00:26:49,830 --> 00:26:53,550 So let's feed the supply. 336 00:26:53,570 --> 00:26:56,170 So going clean. 337 00:26:56,170 --> 00:26:58,310 So you, you know, at least you try. 338 00:26:58,310 --> 00:27:05,150 You did an OSINT challenge, you did a trace lab and you didn't do well, or that's not the problem. 339 00:27:05,150 --> 00:27:06,850 Maybe you just didn't enjoy it. 340 00:27:06,850 --> 00:27:07,410 Right. 341 00:27:07,670 --> 00:27:12,190 So, you know, at least you gave it a shot, you tried and perhaps it was just not for you. 342 00:27:12,190 --> 00:27:13,170 And that's cool. 343 00:27:13,170 --> 00:27:13,850 Right. 344 00:27:14,110 --> 00:27:15,450 But what can you still take from it? 345 00:27:15,450 --> 00:27:18,090 So you still have that OPSEC awareness. 346 00:27:18,090 --> 00:27:21,630 So no matter how in-depth you got, you learn something. 347 00:27:21,630 --> 00:27:24,930 You learn to help others take the OPSEC and PERSEC. 348 00:27:25,130 --> 00:27:29,490 So you've still got that understanding of, you know, maybe you've got like a hundred points on trace labs. 349 00:27:29,490 --> 00:27:35,290 You learned that stringing that little piece of information to this information can mean you're vulnerable. 350 00:27:35,290 --> 00:27:35,570 Right. 351 00:27:35,570 --> 00:27:41,510 So at least you have that knowledge and you can protect yourselves, your friends, your colleagues and family better. 352 00:27:42,250 --> 00:27:42,890 Right. 353 00:27:42,890 --> 00:27:43,830 Mindfulness. 354 00:27:43,830 --> 00:27:53,170 So by understanding the risks and how info can be strung together, you'll be better equipped to make better decisions related to what you post and push out on the internet. 355 00:27:53,330 --> 00:27:53,870 Right. 356 00:27:53,870 --> 00:27:54,650 That's, that's big. 357 00:27:54,650 --> 00:27:57,050 You've, you're always going to be aware of that. 358 00:27:57,050 --> 00:27:57,410 Right. 359 00:27:57,490 --> 00:28:00,290 And the last part is, you know, remember the good old days. 360 00:28:00,290 --> 00:28:07,250 So despite maybe taking a swing at it and not being for you, you're still going to remember certain things from it. 361 00:28:07,350 --> 00:28:15,430 You know, if you did a trace labs, you always remember that one case where you found, you know, the six Facebook accounts of the certain, of the, of the, of the target. 362 00:28:15,890 --> 00:28:20,370 You'll, you'll, you'll still be able to reminisce about that in a, in a positive way, hopefully. 363 00:28:20,370 --> 00:28:22,270 So at least you take that away. 364 00:28:24,130 --> 00:28:24,630 Right. 365 00:28:24,630 --> 00:28:30,450 So you've gone down this ocean path, you've taken a few CTFs and now the bug has bit you. 366 00:28:30,450 --> 00:28:30,650 Right. 367 00:28:30,650 --> 00:28:31,610 So what do you do with it? 368 00:28:31,610 --> 00:28:34,050 So what I did was show and tell. 369 00:28:34,050 --> 00:28:40,870 So I showed my friends, I showed my family what OSINT is, what you are able to do and how that makes them vulnerable. 370 00:28:41,110 --> 00:28:51,030 I've shown my mother, my father, my, you know, my cousins, you know, friends like, Hey, you know, with this little information, I can do this. 371 00:28:51,030 --> 00:28:51,810 And then I get this. 372 00:28:51,810 --> 00:28:57,310 And then I get that next, you know, you know, someone could be in your iCloud account, what's in your iCloud account. 373 00:28:57,310 --> 00:28:59,430 And then we'll go, Oh, you know, this, that, and the other. 374 00:29:01,210 --> 00:29:02,410 That helps protect them. 375 00:29:02,410 --> 00:29:06,530 And also, you know, it feels cool to show someone that you've learned something new. 376 00:29:06,850 --> 00:29:07,570 Right. 377 00:29:07,910 --> 00:29:10,930 Next is understand the ease of entry and get involved. 378 00:29:10,930 --> 00:29:18,230 So get involved with Trace Labs, get involved with other organizations, take a swing. 379 00:29:18,230 --> 00:29:22,990 It can lead to new avenues of interest and potentially a new career in information security. 380 00:29:23,190 --> 00:29:28,370 So whether that be through Hack the Box, Hashtag Ocean Challenges and all that kind of stuff. 381 00:29:28,370 --> 00:29:28,530 Right. 382 00:29:28,530 --> 00:29:30,090 Once again, I keep reiterating this. 383 00:29:30,090 --> 00:29:36,810 By understanding the ease of entry, you may be more inclined to take your first shot or challenge or a CTF. 384 00:29:36,890 --> 00:29:38,350 I started Hack the Box. 385 00:29:38,350 --> 00:29:39,470 It was kind of fun. 386 00:29:39,550 --> 00:29:42,850 And then I saw TMHC do so well at Trace Labs. 387 00:29:42,850 --> 00:29:44,970 I thought, screw it, I'm just going to give it a shot . 388 00:29:45,090 --> 00:29:46,630 And that's led me down this path. 389 00:29:46,630 --> 00:29:49,350 So I'm grateful that I took that first shot. 390 00:29:49,470 --> 00:29:58,430 Even if you come , you know, last on a CTF, at least you learn something, at least you tried and you know what, what , what's coming for you and how you can learn from that. 391 00:29:58,430 --> 00:30:00,950 I went to one CTF, my first CTF at Ocean Challenges. 392 00:30:00,950 --> 00:30:02,970 I did, I did all the Ocean Challenges. 393 00:30:03,150 --> 00:30:04,130 I was like, what do I do now? 394 00:30:04,130 --> 00:30:04,690 I can't anymore. 395 00:30:04,690 --> 00:30:07,010 And I was like, forensic, let's look at forensics. 396 00:30:07,130 --> 00:30:10,690 And I managed to solve two challenges with, I think it was with DERPCON. 397 00:30:10,910 --> 00:30:12,030 And I was hooked. 398 00:30:12,030 --> 00:30:14,030 I did something I'd never done before. 399 00:30:14,030 --> 00:30:15,830 And I learned a lot out of it, right? 400 00:30:16,250 --> 00:30:18,950 So the last part here is evolving to a new career. 401 00:30:18,950 --> 00:30:23,150 So walk the path that Ocean takes you and learn and grow, right? 402 00:30:24,570 --> 00:30:32,730 It might lead to something as simple as, I said, more mindfulness or an awareness, or it could lead down a path into information security. 403 00:30:33,390 --> 00:30:37,650 If I get someone, I've got someone now that is a, you know, a chauffeur, which is great. 404 00:30:37,650 --> 00:30:40,710 I used to do something similar, you know, in high-risk stuff. 405 00:30:41,030 --> 00:30:43,490 And the first thing I told them is get involved at Ocean. 406 00:30:43,490 --> 00:30:52,930 Like it's, it's, it's a great start, you know, and it's the one thing you can get really good at with little to no training, um, and, and the right research, right? 407 00:30:52,930 --> 00:30:57,910 It's something you can really add value to when you sort of transition into InfoSec. 408 00:30:59,350 --> 00:30:59,870 All right. 409 00:30:59,870 --> 00:31:04,330 So summary and takeaways, or takeaway, as I'm going to have shortly. 410 00:31:05,330 --> 00:31:06,050 Right. 411 00:31:07,190 --> 00:31:11,750 So there's a lot of reiteration here, but that's what a summary is, right? 412 00:31:11,750 --> 00:31:14,890 So get involved with Ocean in whatever form. 413 00:31:14,890 --> 00:31:17,330 You are probably doing it already. 414 00:31:17,950 --> 00:31:20,170 Take a, take a swing, take a stab. 415 00:31:20,310 --> 00:31:23,310 Um, if you, if you, if you're too scared, ask. 416 00:31:23,310 --> 00:31:24,230 You can DM me. 417 00:31:24,230 --> 00:31:26,290 My DMs are open on Twitter, right? 418 00:31:26,590 --> 00:31:28,710 If you want to know something, message me. 419 00:31:28,790 --> 00:31:32,810 So you can message Rag, you can message, you know, Cyber Viking, you can message Stu. 420 00:31:32,810 --> 00:31:35,370 He's a busy guy, but he makes time for everyone, right? 421 00:31:35,750 --> 00:31:39,630 Ask us about this and say, Hey, I want to do Trace Labs or whatever. 422 00:31:39,770 --> 00:31:42,010 Um, I don't know if I can do it. 423 00:31:42,070 --> 00:31:48,250 Most of the people I've had on my team that I did Trace Labs with, have had little to no experience in Ocean. 424 00:31:48,390 --> 00:31:52,510 I think when we came seventh, two of the guys in there had never done Ocean, right? 425 00:31:52,530 --> 00:31:54,330 It is, they had that curious nature. 426 00:31:54,330 --> 00:31:58,110 They had that basic level of understanding that I mentioned earlier, and we did well. 427 00:31:58,110 --> 00:32:02,950 We came, we came seventh, you know, and that's why, that's my claim to fame in Ocean, right? 428 00:32:03,210 --> 00:32:04,130 Right, scared? 429 00:32:04,390 --> 00:32:07,650 Remind yourself of the ease of entry and take a swing. 430 00:32:07,650 --> 00:32:15,510 I know I am like beating on this drum, but it, I remember how anxious I was to take part in my first CTF. 431 00:32:15,510 --> 00:32:21,870 And after I'd done that, I was so happy because it led me like, what, you know, what CTFs coming up this week? 432 00:32:21,870 --> 00:32:22,910 What's going on there? 433 00:32:22,910 --> 00:32:24,070 You know, I want to try this. 434 00:32:24,070 --> 00:32:26,090 Ooh, Stego, you know, Forensics. 435 00:32:26,090 --> 00:32:28,550 It can really lead you down an interesting path. 436 00:32:29,310 --> 00:32:31,950 Right, remember the rules of engagement. 437 00:32:32,230 --> 00:32:36,950 If anything, just remember, don't get involved with the targets. 438 00:32:37,490 --> 00:32:39,950 Don't touch anything, right? 439 00:32:39,950 --> 00:32:41,250 It'll keep you safe. 440 00:32:43,050 --> 00:32:46,470 Right, tell your friends, your family, your colleagues about Ocean. 441 00:32:46,470 --> 00:32:48,850 Show them how you find information. 442 00:32:48,930 --> 00:32:50,630 Do Ocean challenges on them. 443 00:32:50,630 --> 00:32:53,670 We do a lot on Hack South, the server that I run. 444 00:32:53,790 --> 00:32:57,490 And it quickly shows you how vulnerable you can be. 445 00:32:57,890 --> 00:33:05,470 And by doing this, you can help your family, you can help your colleagues, and it can really hold you in good stead. 446 00:33:08,700 --> 00:33:11,100 Right, and follow the path where Ocean takes you. 447 00:33:11,100 --> 00:33:15,060 And I've said this a few times, but, you know, I wanted to drum on this. 448 00:33:16,340 --> 00:33:19,200 If you like it, keep learning, involve your skills. 449 00:33:19,220 --> 00:33:26,780 Something that I did recently, it's fair enough, I can find Facebook accounts, I can find, you know, all sorts of different accounts of someone. 450 00:33:26,780 --> 00:33:30,220 But then something I wanted to work on was geolocation. 451 00:33:30,640 --> 00:33:41,700 And me and some friends of mine, a friend of mine showed me what he was doing as far as geolocation goes, and I found it interesting, and I started doing my own things. 452 00:33:41,720 --> 00:33:55,240 You know, getting a random photo of a website, and then trying to geolocate where that place is, and trying to find tactics that usually work, it can help you find stuff. 453 00:33:55,240 --> 00:33:58,780 Now my skills with geolocation have become better. 454 00:33:58,820 --> 00:34:08,960 You know, if you look at Benjamin's talk earlier, I'm not good with mountain ranges, because I'm thinking like, damn, like there's a lot of mountain ranges, how am I going to know where to look? 455 00:34:08,960 --> 00:34:19,000 But building up that skill set, I know will help me in the future, and it will lead me to you know, new paths. 456 00:34:21,020 --> 00:34:22,560 I learn new things. 457 00:34:22,560 --> 00:34:36,480 So, you know, I don't think you truly ever know everything there is to know about OSINT, and the cool thing is in OSINT these days, there are actually professional paid commercial jobs that are dedicated to OSINT, or some new ones about OSINT. 458 00:34:36,480 --> 00:34:45,840 You know, in recruiting, I've spoken to a few Intel analysts that do open source intelligence for, you know, law enforcement, or for defense, or whatever. 459 00:34:48,120 --> 00:34:50,340 Don't be afraid to learn new things. 460 00:34:50,340 --> 00:34:58,120 Like I said, I've evolved into Stego, I've evolved into forensics, you know, I've signed up for a few courses. 461 00:34:58,120 --> 00:35:03,740 All those other things can add value to you as well. 462 00:35:03,840 --> 00:35:15,620 So consider that, you know, if the bug is buggy, as I mentioned, you know, look what else is out there, speak to the people in the community, tweet something out, say, hey, I've done this, I love that, what else is there? 463 00:35:15,760 --> 00:35:19,400 You'd be shocked with how much out there is out there to learn. 464 00:35:22,220 --> 00:35:28,100 All right, links to attribution, I just pulled something directly off Wikipedia, there it is, open source intelligence. 465 00:35:30,080 --> 00:35:34,540 Okay, I think that's me done. 466 00:35:34,680 --> 00:35:36,580 I'll take any questions if there are any. 467 00:35:36,580 --> 00:35:44,600 And I just wanted to give a special shout out to Stu, Greg, and Viking, and Alan as well, Alan LeBlanc. 468 00:35:44,840 --> 00:35:47,940 They sort of, they helped me, they led me down this path of OSINT. 469 00:35:47,940 --> 00:35:51,540 And it's taken me down a very interesting path. 470 00:35:51,760 --> 00:35:53,940 I'm excited to see where it goes. 471 00:35:54,000 --> 00:36:01,260 And I'm very, I'm very thankful and appreciative for what they've brought to me and how helpful they've been. 472 00:36:01,260 --> 00:36:07,400 And I hope that one day I can help other people and inspire other people down this path. 473 00:36:07,500 --> 00:36:09,900 But that's me, I'm out. 474 00:36:10,080 --> 00:36:12,220 Great talk, absolutely great talk. 475 00:36:12,360 --> 00:36:14,240 Yeah, I agree. 476 00:36:14,480 --> 00:36:16,300 We're both jumping into talks here to see how great it was. 477 00:36:16,300 --> 00:36:17,040 It was amazing, right? 478 00:36:17,040 --> 00:36:19,080 It was absolutely fantastic. 479 00:36:19,220 --> 00:36:28,120 I guess from my side, you know, it was really good to hear, you know, how you went about kind of getting into OSINT. 480 00:36:28,120 --> 00:36:30,680 Also, we know this story because we hang out on TMHC quite a lot. 481 00:36:30,680 --> 00:36:34,680 And it was really good to hear firsthand the kind of your learning experience and learning curve. 482 00:36:34,760 --> 00:36:38,500 And this takes us into a couple of questions as well we've got. 483 00:36:39,940 --> 00:36:45,480 So Matthew Taylor asks, candidate vetting, how far is too far? 484 00:36:46,980 --> 00:36:51,740 Okay, so we, you have to remember the legalities of what you're doing. 485 00:36:51,740 --> 00:36:57,200 Like, you can't not hire someone because of their political opinion, right? 486 00:36:57,340 --> 00:37:04,080 But you get a funny feeling about someone and you do a bit of search and you find out they have a federal indictment. 487 00:37:04,360 --> 00:37:04,880 Right? 488 00:37:05,040 --> 00:37:16,520 Some companies, you know, if it's an old federal indictment, we know some big people in this industry that are federal indictments that have spent time in prison that have managed to to do big things in infosec, right? 489 00:37:16,540 --> 00:37:21,560 So it's, one needs to know where the line is. 490 00:37:21,560 --> 00:37:28,340 I'm not going to, you know, go into someone's, you know, naughty habits on the weekend. 491 00:37:28,340 --> 00:37:33,480 I just want to know, like, is this person going to be chaos in the workplace? 492 00:37:33,600 --> 00:37:39,300 Or are they able to keep their stuff to what, you know, the crazy stuff they do to the weekends? 493 00:37:40,880 --> 00:37:42,060 It's important. 494 00:37:42,060 --> 00:37:46,200 But yeah, I mean, you intrinsically need to know where the where the line is. 495 00:37:46,320 --> 00:37:48,280 Like I said, I will very rarely do it. 496 00:37:48,500 --> 00:37:51,440 But if I suddenly get a funny feeling about someone, I'll look into it. 497 00:37:51,440 --> 00:37:57,240 I'm like, oh, you know, this, this person is homophobic, or they're misogynistic, or they sound like that. 498 00:37:57,240 --> 00:38:00,300 Then I'm like, is this really someone I want to work with? 499 00:38:00,300 --> 00:38:02,620 And is this someone I really want to send to a company? 500 00:38:02,900 --> 00:38:08,640 But like I said, it happens really, it's only when, you know, there's some red flag in a call. 501 00:38:09,020 --> 00:38:09,760 Yeah. 502 00:38:15,440 --> 00:38:22,460 Okay, next question is by Nettles123. 503 00:38:22,460 --> 00:38:29,600 Can you recommend some templates, apps that you use to help keep information organized and make it easier to summarize and present later? 504 00:38:30,120 --> 00:38:34,600 I am pretty terrible at keeping organized. 505 00:38:34,860 --> 00:38:42,570 One thing I know there's this, Hunchly is something that a lot of people use that I think I believe was sponsoring the event. 506 00:38:42,750 --> 00:38:45,950 I myself have not used Hunchly before, but I'd like to. 507 00:38:46,850 --> 00:38:49,230 Some people use, I think it's called Cherrytree. 508 00:38:49,230 --> 00:38:52,670 It's like Notepad, but it's, you know, you can have like different tabs. 509 00:38:53,110 --> 00:38:58,970 So with us, Hacksouth, when we do TraceLabs, we'll run a Trello. 510 00:38:59,030 --> 00:39:04,390 And we'll have the 10 point systems, you know, down a board. 511 00:39:04,390 --> 00:39:06,290 Typically, I think how it is on TraceLabs. 512 00:39:06,290 --> 00:39:11,090 And then as we will dump information into the CTF, we'll keep a record there. 513 00:39:11,790 --> 00:39:15,110 You've just got to find what works best for you. 514 00:39:15,110 --> 00:39:18,810 But I think Cherrytree and Trello is a great place to start. 515 00:39:18,810 --> 00:39:29,150 But I believe you, Stu and Rag and Viking have set up actually like a, not a platform, but you guys have set up something where you've put all these kind of resources together. 516 00:39:29,150 --> 00:39:31,110 And that's probably a good place to start. 517 00:39:32,030 --> 00:39:35,630 Yeah, we typically use like Discord, is the honest answer, what we use. 518 00:39:35,930 --> 00:39:36,990 Yeah, it's pretty good. 519 00:39:36,990 --> 00:39:42,970 Yeah, we also set up our own Discord setup just for TraceLabs. 520 00:39:43,190 --> 00:39:45,950 And, you know, we'll have different categories for each case. 521 00:39:46,090 --> 00:39:50,030 And we'll dump information in there and keep resources and keep things ticking over. 522 00:39:50,030 --> 00:39:51,830 So yeah, that's a good reminder. 523 00:39:52,450 --> 00:39:53,290 Yeah, it's really good. 524 00:39:53,290 --> 00:39:54,550 And you've got one more question. 525 00:39:54,550 --> 00:39:55,610 Actually, that's a couple more. 526 00:39:55,610 --> 00:39:57,430 So hopefully we'll get a few more. 527 00:39:58,190 --> 00:40:00,250 Actually, we're actually pretty much out of time almost. 528 00:40:00,250 --> 00:40:02,950 But last very, very quick question before we get kicked off. 529 00:40:03,190 --> 00:40:07,330 Do you feel that cyber threat intel jobs require prior military background? 530 00:40:09,310 --> 00:40:11,710 Require prior military experience? 531 00:40:11,710 --> 00:40:12,630 Yeah, yeah, yeah. 532 00:40:12,630 --> 00:40:14,010 No, not really. 533 00:40:14,010 --> 00:40:14,590 No. 534 00:40:15,470 --> 00:40:17,310 I've worked some threat intel. 535 00:40:17,310 --> 00:40:19,730 I wish I had more threat intel roles to recruit. 536 00:40:19,730 --> 00:40:21,910 I find it a very interesting place. 537 00:40:21,910 --> 00:40:25,410 Someone actually recently told me when I told them I want to go into digital forensics. 538 00:40:25,490 --> 00:40:28,250 I told them what I want to do and attach a bit of offensive stuff. 539 00:40:28,250 --> 00:40:31,270 And they're like, Charlie, you know, you actually want to go into threat intel. 540 00:40:31,270 --> 00:40:32,630 That's what you're looking at. 541 00:40:32,930 --> 00:40:37,470 But no, I don't think having a prior military background is a necessity. 542 00:40:37,710 --> 00:40:44,430 Depending on what the org is, what the clearance requirements are, sure, there might be a necessity for having that military background. 543 00:40:44,730 --> 00:40:56,270 But no, I think each, you know, whether you're military or not military, you're going to bring a background, you're going to bring a level of experience and different people will tackle problems in different ways. 544 00:40:56,330 --> 00:40:58,770 So, you know, from the military, great. 545 00:40:58,770 --> 00:41:00,690 If you're not, that's also fine. 546 00:41:00,990 --> 00:41:01,250 All right. 547 00:41:01,250 --> 00:41:03,350 Well, sadly, we've run out of time for this talk. 548 00:41:04,130 --> 00:41:05,250 Amazing talk, Angus. 549 00:41:05,250 --> 00:41:06,810 Always good hanging out with you anyway. 550 00:41:06,870 --> 00:41:09,070 But that was a really, really good talk. 551 00:41:09,650 --> 00:41:11,330 Thank you for sharing everything. 552 00:41:11,470 --> 00:41:13,290 And thank you, everyone, for listening. 553 00:41:13,290 --> 00:41:16,410 And we'll have our next talk in approximately five minutes. 554 00:41:16,410 --> 00:41:18,090 So thank you very much, everyone. 555 00:41:18,610 --> 00:41:18,930 No problem. 556 00:41:18,930 --> 00:41:22,830 I'll drop this all on GitHub and I'll be on Discord for any questions if need be. 557 00:41:22,870 --> 00:41:23,630 All right. 558 00:41:23,630 --> 00:41:24,270 Brilliant. 559 00:41:24,270 --> 00:41:25,390 Thank you.