Open Source Intelligence Boot Camp

This Open Source Intelligence (OSINT) & Dark Web boot camp will provide delegates with skills to become efficient and effective at finding those key pieces of intelligence on the Internet and Dark Web. Dark Web allows criminals and human rights activists alike to avoid the people hunting them. There are a number of key technologies that have allowed The Dark Web to flourish, from cryptocurrency Bitcoin to software that allows anonymity such as Tor. The Dark Web is at the fore-front of criminal innovation and understanding how it works is the first step in being able to combat the illegal activities that go on there. This boot camp is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.

This course will be suitable for delegates interested in the SANS Institute course FOR578: Cyber Threat Intelligence.

There are no prerequisites for this course, however, participants are expected to have a basic understanding of computers and the internet.

Day 1 Objectives

• Learn advanced search engine techniques and features
• Identify websites for finding information on people and companies
• Analyse website source code for investigative purposes
• Use deep web sites and directories
• Use social media for investigation, intelligence and geolocation
• Describe the best open source software to use for investigations
• Access influential internet communities

Day 2 & 3 Objectives

• Advanced search engine techniques and Google hacking
• Describe the ways mobile devices can cause and opportunity and risk
• Tracking users with GPRS and SSID
• Advanced software required for safe internet investigations
• Explain the digital footprint is left when online and the dangers associated
• Understand anonymity and encryption applications

Day 4 Objectives

• Understand the history of illegal activities on the internet
• Advanced knowledge needed when capturing digital evidence for court
• Familiarity with use of Tor and accessing Tor Hidden Services (THS) and other Dark Webs
• Use and describe how Bitcoin works
• Understand other Virtual currencies
• Understand the attacks against Tor

Day 5 Objectives

• Use and describe how Tor works in depth
• Understand the Tor Protocol and Network
• Access Tor Hidden Services (THS)
• Use Tor on mobile devices, understand the leaky devices
• Understand advanced Dark webs features

Where applicable our QA OSINT instructors have a law enforcement, internet investigations and digital forensics practitioner experience aligned to the best practice standards, including ISO17025.

Day 1

• Module 1 - Search engines. There are over 6000 search engines, some of the alternatives to Google will be looked at. Google has useful enforced term operators and advanced features that are essential for finding difficult information.
• Module 2 - Finding People and Company information. There are hundreds of online tools for information gathering and data aggregation on people and companies. The most effective ones are explored.
• Module 3 - The Deep Web. The majority of information is not indexed by standard search engines. This module explores the Deep Web websites and directories
• Module 4 - Digital footprint. Understanding the digital footprint left when using any device is very important, particularly for investigators. Explore what both mobile and desktop devices give away about you, how it could put you and your investigation at risk and how to minimise it.
• Module 5 - Social Media. Social media has very rapidly changed the world and as an intelligence source it is arguably unmatched. There are many tools and 3rd party websites that make analysis of this data even easier.
• Module 6 - Software for investigators. Install and use a number of software applications that help with OSINT research and investigations. Install and use software such as Maltego, Tails, Portable Apps & Pendrive Linux.

Day 2 & 3

• Module 1 - History of the Dark Web. Illegal activities on the internet have been taking place long before the development of the 'Dark Web'. Notable cases are important for understanding the underground world of the Dark Web.
• Module 2 - Internet communities and forums. Online communities and forums from Usenet to 4Chan have always been a vital source of intelligence. This module explores these forums as well as ways to search and find others.
• Module 3 - Legislation. Important legislation that investigators should be aware of including RIPA, CPIA, CMA, DPA.
• Module 4 - Advanced search and Google hacking. Find important information that may pose a risk to an organisation using Google hacking and advanced search
• Module 5 - Advanced searching and source code analysis. Understanding how data is displayed and indexed on the Internet and Web is vital. HTML, Email headers, Robots.txt, Analytics, AdSense and website ranking tools are some techniques covered.
• Module 6 - Mobile devices; threats and opportunities. The ubiquity of mobile devices in our modern lives and the data they are constantly transmitting represents both a threat and an opportunity to investigations. Tracking can also be done using Wifi, GPRS, MAC, SSID.
• Module 7 - Advanced software. Using Virtual Machines, Sandboxing, and other software tools such as Tails, Kali Linux and Wireshark to ensure safety while investigating.
• Module 8 - Hacking forums and dumping websites. Finding and using intelligence exposed by hackers and criminals online.
• Module 9 - Encryption and anonymity tools. Use open source software for encrypted communications such as PGP and GPG. Understand how to verify and certify files and downloads.

Day 4

• Module 1 - Advanced evidential capture. Hashing of evidence for future use in court and forensic tools required. Capturing live RAM. Dealing with encryption.
• Module 2 - Tor, Dark Web and Tor Hidden Services (THS). Install, use and understand how Tor works. Accessing THS and how to do it safely and legally. Introducing the Dark Web of markets and underground criminal forums.
• Module 3 - Bitcoin and Virtual Currencies. How bitcoin and virtual currencies work, and how payments can be tracked. The other technologies being built around virtual currencies will also be covered.

Day 5

• Module 1 - Tor (Advanced) Understand how Tor works and install and use it. Cover the Tor protocol in depth, including Tor circuits, cypher suites, Tor metrics.
• Module 2 - Tor Hidden Services (THS). How THS work, accessing them and how to do it safely and legally. Learn how to create a THS. Attacks against Tor.
• Module 3 - Tor apps. Look at Tor in other instances, including Tails, Tor Messenger and Tor on mobile devices. Discover how leaky some Tor applications can be.
• Module 4 - Advanced Dark Webs. There are many other Dark Webs. This module will look at the advanced features on the Dark Web.