🔍

OSINT Fundamentals: Knowledge and Tools

Aug 27, 2024

View transcript

Open Source Intelligence (OSINT) Fundamentals

Instructor Introduction

  • Instructor: Heath Adams - CEO at TCM Security, ethical hacking educator
  • Background: Husband, hacker, teacher, gamer, sports fan
  • Experience: Over 200,000 students taught

Course Overview

  • Duration: 4.5 hours of a 9-hour course
  • Topics Covered:
    • What is Open Source Intelligence (OSINT)
    • Notekeeping
    • Creation of sock puppets
    • Search engine OSINT
    • Image OSINT
    • Email OSINT
    • Password OSINT
    • Username OSINT
    • People OSINT
    • Social Media OSINT
  • Disclaimer: Ethical use of gathered information is paramount

Course Curriculum

  1. Open Source Intelligence Basics

    • Definition and methods of gathering publicly available information

  2. Note Keeping

    • Tools for taking effective notes during the course
    • Examples: KeepNote, Notion, OneNote

  3. Sock Puppets

    • Definition and importance in research
    • Steps to create a sock puppet account

  4. Search Engine OSINT

    • Using advanced search techniques to gather information
    • Example tools: Google, Bing, DuckDuckGo
    • Techniques: using operators like "site:" and "filetype:"

  5. Image OSINT

    • Techniques like reverse image searching and EXIF data analysis
    • Tools: Google Images, TinEye, Yandex

  6. Email OSINT

    • Discovering email addresses and patterns in email structures
    • Tools: Hunter.io, VoilaNorbert, Clearbit

  7. Password OSINT

    • Searching for breached credentials and user information
    • Methods: Analyzing leaked databases

  8. Username OSINT

    • Hunting for usernames across different platforms
    • Tools: Namecheck, Social Bearing

  9. Social Media OSINT

    • Analyzing Twitter, Instagram, Facebook, and LinkedIn
    • Tools: TweetDeck, Social Bearing, and others

Important Concepts

  • Ethical Use of OSINT: Gather information responsibly and with permission.
  • Intelligence Life Cycle: Planning, Collection, Processing, Analysis, Dissemination
  • Tools and Methodologies: Focus on methods rather than specific tools; tools change frequently.

Summary of Tools Mentioned**

  • Note Taking: KeepNote, Notion, OneNote
  • Search Engines: Google, Bing, DuckDuckGo
  • Image Analysis: Google Images, TinEye, Yandex
  • Email Discovery: Hunter.io, VoilaNorbert, Clearbit
  • Password Analysis: Have I Been Pwned, D-Hash, We Leak Info
  • Social Media: TweetDeck, Social Bearing, Snapdex

Conclusion

  • Next Steps: Engage in further learning through TCM Security Academy and apply the learned techniques ethically.
  • Feedback Request: Likes, subscriptions, comments encouraged for more content.

Full transcript