Our Open Source Intelligence (OSINT) Course is a comprehensive training package aimed at researchers, investigators, law enforcement, government, military & decision support personnel. We teach you how to use advanced methods & techniques to collect, analyze & produce high-quality open-source intelligence & support your mission.Quote a Price
In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. You will get equipped with various tools and techniques and learn how to set up a virtual lab and protect yourself. This is a comprehensive course that will be using free open source tools to investigate people and companies. No matter if you are totally new to the fascinating world of OSINT and hacking or have some experience, this course will walk you through how both hackers and investigators use these tools and why.
By the end of this course, you will have a good understanding of OSINT, how to perform it, the tools necessary, and how your own information online could be used against you. You will learn Linux basics and how-to setup your own virtual lab.
This course will teach you techniques to help your work whether you are trying to find suspects for a legal investigation, identify candidates to fill a job position, gather hosts for a penetration test, or search for honey tokens as a defender.
While this list is far from complete, the OSINT topics will be helpful to:
Cyber Incident Responders
Digital Forensics (DFIR) analysts
Human Resources Personnel
Whether you are in cyber network defense, an intelligence analyst, corporate investigator, or law enforcement personnel, we have the curriculum and qualified instructors to enhance your capabilities.
From tracking the digital exhaust from a target on the dark web to uncovering a source looking to disrupt your brand reputation by stealing your intellectual property – organizations must be equipped with defenses to prevent critical disruption in their company’s operations.
Module 1 – OSINT for data collection – start-up
Starting with DNS enumeration, getting useful URLs, IP and host finder, we will dive into harvesting email addresses anonymously and finding information about an email. Google dork or Google hacking database will play a crucial role in finding the complete information about anything deeply. Netcraft, web archives, and cached data will complete this module with outstanding command over all the topics discussed. You can start OSINT straight from here.
IP, Host automater
Harvesting email addresses
Email information gathering
Multiple Website Archives
Harvesting email addresses
Using Google dorks to find hidden data
Searching for cached data
Gathering DNS records
Module 2 – Company, Social Networks and file metadata OSINT
This module consists of several such tools that are capable of doing anything from extracting information or data from the file’s metadata, insights of a company’s details that will be beneficial while conducting attack for pentesting. We will dig into databases of job site postings to figure out the servers and databases used inside a company. Further, we will find people, their details, phone numbers, and social profiles will be gathered in order to perform social engineering. Maltego-CE will be investigating domains, people, email and so on. We will get details about a picture, from date and time, pixel, focal length, geo-location and much more.
FOCA – Extract information from metadata
Opanda PowerExif – Data viewer
EDGAR – Accessing company insights
Company search database
Get database/server used in a company with job site
Twofi – Twitter data
Peekyou – people search
Maltego-CE – finding links and details with investigation
Reddit, Tinder, eBay, Craigslist (Classifieds)
Database server of a company from job site
Information about a picture (Metadata)
Module 3 – Databases and records
This module will make you think of yourself like an investigator or something like a crime scene investigator. Getting data leaks of someone’s email record, information about terrorist’s groups strength, blasts weapons, etc., feeling like James Bond will be when you get someone’s flight details. Vehicle records, wireless networks around you, cell phone tower locations worldwide, employee records, important documents with a whole database, default passwords, live cameras, finding geo-location details over a live map and, most importantly, government’s data that is top secret. All of these are key information that needs someone to hack into or penetrate networks for security testing. We will collect data even from the Darknet (Dark web).
Exploit DB and search sploit
Terrorism record database
Hunting criminal records
Default passwords DB and lists
Juicy information from Dark web
Data Leaks hunt
Air traffic live database
Mapping the fence like intruders
Vehicle records and database
Live cameras in the world
Wireless network mapping
Cell phone tower mapping
Important Documents search database
Investigate leaked data
Get the flight data on and before time of landing
Map the fence of a location
Find employees of an organization
Module 4 – Threat Intelligence – Automating the whole thing
The last module of this course will remind you how the black hat hackers work without leaving a trace of presence. From GUI tools to CLI, the first three lessons dive in with multiple format information gathering. Recon-ng alone is powerful enough to get each piece of information, from internal IP addresses to the geo-location of stand-alone servers around the globe and that makes us think about how many load balancers may be there. And yes, threat intelligence will prove to be a backbone for security guys who think about protection from Zero-day attacks. We will get cell phone numbers and details about that from a social profile. Web information leakage about the servers, misconfigurations, developer’s comments in the source code will leave a web application open to attack. And finally, the SHODAN HQ, that is called a search engine for hackers, will be playing a great role in hunting vulnerable servers, databases, routers, cameras and so on.
Spider foot – Extracting information in a GUI
Discover script – multi specialty hunter
Recon-ng – Complete info data
Search engine for Ethical hackers
Accidental leakage data web leak
Mobile phone number details
Exploits and advisories
Bonus – Godfather of every OSINT
Search for vulnerable or outdated servers of Microsoft
Perform the recon-ng on target site
Collect geo-location IP addresses of target
CPU: 64-bit 2.0+ GHz processor or higher based system is mandatory for this course (Important – Please Read: a 64-bit system processor is mandatory)
BIOS/UEFI: VT-x, AMD-V, or the equivalent must be enabled in the BIOS/UEFI
RAM: 8 GB (gigabytes) of RAM or higher is mandatory for this course (Important – Please Read: 8 GB of RAM or higher is mandatory)
Wireless Ethernet 802.11 G/N/AC
USB 3.0 port (courseware provided via USB)
Disk: 30 gigabytes of free disk space
VMware Workstation Pro 15.5.X+, VMware Player 15.5.X+ or Fusion 11.5+
Privileged access to the host operating system with the ability to disable security tools
A Linux virtual machine will be provided in class