SEC497: Cyber Security Training at SANS Nashville Winter 2025
Provided by SANS
What You Will Learn
The Gateway to OSINT Mastery
SEC497 is a comprehensive training course on Open-Source Intelligence (OSINT) written by an industry professional with over two decades of experience. The course is designed to teach you the most important skills, tools, and methods needed to launch or further refine your investigation skills. SEC497 will provide actionable information to students throughout the OSINT world, including intelligence analysts, law enforcement officials, cyber threat intelligence and cyber defenders, pen testers, investigators, and anyone else who wants to improve their OSINT skills. There is something for everyone, from newcomers to experienced practitioners.
SEC497 focuses on practical techniques that are useful day in and day out. This course is constructed to be accessible for those new to OSINT while providing experienced practitioners with tried-and-true tools that they can add to their arsenal to solve real-world problems. The course has a strong focus on understanding how systems work to facilitate informed decisions, and includes hands-on exercises based on actual scenarios from the government and private sectors. We will discuss cutting-edge research and outlier techniques and not only talk about what is possible, we will practice doing it! Dive into the course syllabus below for a detailed breakdown of the topics covered.
"[SEC497 is] exactly what I wanted-a hands on, real-world deep dive into OSINT challenges, techniques, strategies and actual tools to use." - Mattie Swain, 10a Labs
What Is Open-Source Intelligence?
Open-Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available data from various sources such as websites, social media, and public records to gather actionable information. OSINT is widely used in cybersecurity, law enforcement, and competitive intelligence to enhance decision-making and threat assessment. By leveraging freely accessible information, organizations can gain critical insights without the need for intrusive measures.
Business Takeaways
29 Unique, Immersive Hands-On Labs
SEC497: Advanced Incident Response Techniques offers a unique and immersive learning experience, combining theoretical knowledge with extensive hands-on practice. The course covers essential topics for modern incident response, including managing attribution, dealing with potential malware, and utilizing canary tokens. Students will gain proficiency with tools like Hunchly, Obsidian, Instant Data Scraper, and various search techniques. Labs delve into metadata analysis, reverse image searches, facial recognition, translation services, and researching usernames. Keybase, email analysis, Twitter bot analysis, IP address research, WHOIS, DNS investigations, Amass, Eyewitness, Censys, and Shodan are also integral parts of the curriculum. Additional labs include cloud storage assessments, business intelligence, wireless network security, bulk data triage, and using Tor and PGP for secure communications. The course addresses breach data analysis, preparing students to handle real-world cybersecurity challenges.
The capstone for SEC497 is a multi-hour capture the flag event, where students work in small groups to create a threat assessment for a fictional client. This culminating exercise requires applying the skills learned throughout the course across various real-world sites. The final assessment is presented to the instructor, who acts as the client, and provides feedback to each group, ensuring that students are ready to implement their advanced incident response techniques in real-world scenarios.
"The hands-on labs helped refine my toolbox." - Jason K, Oracle
"Being able to run things hands-on right after learning about it makes the concepts stick better." - Elizabeth Beattie, Domino's Pizza
Syllabus Summary
Depending on your current role or future plans, one of these courses is a great next step in your OSINT journey:
The Gateway to OSINT Mastery
SEC497 is a comprehensive training course on Open-Source Intelligence (OSINT) written by an industry professional with over two decades of experience. The course is designed to teach you the most important skills, tools, and methods needed to launch or further refine your investigation skills. SEC497 will provide actionable information to students throughout the OSINT world, including intelligence analysts, law enforcement officials, cyber threat intelligence and cyber defenders, pen testers, investigators, and anyone else who wants to improve their OSINT skills. There is something for everyone, from newcomers to experienced practitioners.
SEC497 focuses on practical techniques that are useful day in and day out. This course is constructed to be accessible for those new to OSINT while providing experienced practitioners with tried-and-true tools that they can add to their arsenal to solve real-world problems. The course has a strong focus on understanding how systems work to facilitate informed decisions, and includes hands-on exercises based on actual scenarios from the government and private sectors. We will discuss cutting-edge research and outlier techniques and not only talk about what is possible, we will practice doing it! Dive into the course syllabus below for a detailed breakdown of the topics covered.
"[SEC497 is] exactly what I wanted-a hands on, real-world deep dive into OSINT challenges, techniques, strategies and actual tools to use." - Mattie Swain, 10a Labs
What Is Open-Source Intelligence?
Open-Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available data from various sources such as websites, social media, and public records to gather actionable information. OSINT is widely used in cybersecurity, law enforcement, and competitive intelligence to enhance decision-making and threat assessment. By leveraging freely accessible information, organizations can gain critical insights without the need for intrusive measures.
Business Takeaways
- This course will help your organization:
- Enhance competitive intelligence through OSINT techniques
- Improve risk management by identifying vulnerabilities
- Strengthen incident response with rapid information gathering
- Identify and mitigate potential threats from publicly available data
- Streamline data collection and analysis processes for operational efficiency
- Perform a variety of OSINT investigations while practicing good OPSEC
- Create sock puppet accounts
- Locate information on the internet, including some hard-to-find and deleted information
- Locate individuals online and examine their online presence
- Understand and effectively search the dark web
- Create an accurate report of the online infrastructure for cyber defense, merger and acquisition analysis, pen testing, and other critical areas for an organization.
- Use methods that can often reveal who owns a website as well as the other websites that they own or operate
- Understand the different types of breach data available and how they can be used for offensive and defensive purposes
- Effectively gather and utilize social media data
- Understand and use facial recognition and facial comparison engines
- Quickly and easily triage large datasets to learn what they contain
- Identify malicious documents and documents designed to give away your location
29 Unique, Immersive Hands-On Labs
SEC497: Advanced Incident Response Techniques offers a unique and immersive learning experience, combining theoretical knowledge with extensive hands-on practice. The course covers essential topics for modern incident response, including managing attribution, dealing with potential malware, and utilizing canary tokens. Students will gain proficiency with tools like Hunchly, Obsidian, Instant Data Scraper, and various search techniques. Labs delve into metadata analysis, reverse image searches, facial recognition, translation services, and researching usernames. Keybase, email analysis, Twitter bot analysis, IP address research, WHOIS, DNS investigations, Amass, Eyewitness, Censys, and Shodan are also integral parts of the curriculum. Additional labs include cloud storage assessments, business intelligence, wireless network security, bulk data triage, and using Tor and PGP for secure communications. The course addresses breach data analysis, preparing students to handle real-world cybersecurity challenges.
The capstone for SEC497 is a multi-hour capture the flag event, where students work in small groups to create a threat assessment for a fictional client. This culminating exercise requires applying the skills learned throughout the course across various real-world sites. The final assessment is presented to the instructor, who acts as the client, and provides feedback to each group, ensuring that students are ready to implement their advanced incident response techniques in real-world scenarios.
- Section 1: Managing Your Attribution; Dealing with Potential Malware; Canary Tokens; Hunchly; Obisidan; Linux Command Line Practice (Optional)
- Section 2: Search; Instant Data Scraper; Metadata; Reverse Image Search; Facial Recognition; Translation
- Section 3: Researching Usernames; Keybase; Email; Twitter; Twitter Bot Analysis
- Section 4: IP Address Research; WHOIS; DNS; Amass and Eyewitness; Censys and Shodan; Buckets of Fun
- Section 5: Business; Wireless; Bulk Data Triage; Tor and PGP; Breach Data
- Section 6: Capture the Flag Capstone
"The hands-on labs helped refine my toolbox." - Jason K, Oracle
"Being able to run things hands-on right after learning about it makes the concepts stick better." - Elizabeth Beattie, Domino's Pizza
Syllabus Summary
- Section 1: OSINT and OPSEC Fundamentals: Safe, Effective Information Gathering and Analysis
- Section 2: Essential OSINT Skills: Web Fundamentals, Search Techniques, and Image Analysis
- Section 3: Investigating People: Privacy, Usernames, Emails, and Social Media Analysis
- Section 4: Investigating Websites and Infrastructure: Ips, DNS, WHOIS, and Cloud Analysis
- Section 5: Automation, the Dark Web, and Large Data Sets: OSINT Techniques and Tools
- Section 6: Capstone: Capture the Flag - Collaborative Threat Assessment Challenge
- Poster - OSINT Poster
- Webcast - The New OSINT Cheat Code: ChatGPT
- Webcast - Detecting AI in OSINT Investigations
- Webcast - Setting Up OSINT Watchdogs: Create Your Own Free Persistent Monitoring Tools with Python
- Webcast - Unlocking Digital Mysteries: Password Cracking for OSINT & Forensic Investigations
- Blog - What is OPSEC?
- Blog - What are Sock Puppets in OSINT
- A Linux Virtual Machine (VM) complete with electronic workbook
Depending on your current role or future plans, one of these courses is a great next step in your OSINT journey:
- OSINT Investigator:
- SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
- Digital Forensics Analyst:
- FOR578: Cyber Threat Intelligence
Enquire
Start date | Location / delivery | |
---|---|---|
13 Jan 2025 | Nashville | Book now |