SlideShare a Scribd company logo

Open Source Intelligence (OSINT)

festival ICT 2016
festival ICT 2016

Durante l’intervento verranno presentati i cardini del processo di ricerca delle informazioni mediante la consultazione di fonti di pubblico accesso. Sarà illustrata la teoria alla base di questo processo che prevede l’identificazione delle fonti, la selezione e la valutazione del loro contenuto informativo per arrivare infine all’utilizzo stesso dell’informazione estratta. Nella seconda fase della presentazione verranno mostrati i tool e le metodologie per l’estrazione di informazioni mediante l’analisi di documenti, foto, social network e altre fonti spesso trascurate. In ultimo saranno mostrati sistemi in grado di correlare diverse informazioni provenienti dalle fonti aperte e verranno discussi i relativi scenari di utilizzo nonché le possibili contromisure.

Technology
1 of 56
Download to read offline
Open Source INTelligence Gabriele Zanoni @infoshaker OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Index Informa+on that we share Introduc+on to OSINT Tools and examples The power of analysis Summary OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG InformaCon that we share OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Social networks expose our private and professional life… SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Companies expose their own informaCon… OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG IntroducCon to OSINT OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
It’s not a tool , it’s not a website , it’s not with fee it’s not free… SIKUREZZA.ORG OSINT Open Source INTelligence is intelligence collected from publicly available sources. [1] http://en.wikipedia.org/wiki/Open-source_intelligence OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Why OSINT In a world that changes rapidly we need to have high quality informa+on in the exact moment that we need it. SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
What’s the value we get from OSINT «You see? you hesitate. But as a captain, you can't. You have to act. If you don't, you put the en+re crew at risk. Now that's the job. It's not a science. You have to be able to make hard decisions based on imperfect informa+on. Asking men to carry out orders that may result in their deaths. And if you're wrong, you suffer the consequences. If you're not prepared to make those decisions, without pause, without reflec+on, then you've got no business being a submarine captain.» SIKUREZZA.ORG Lt. Commander Mike Dahlgren U-­‐571 OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG How can we use OSINT? • What’s the need? Raw Data • Mailing List • Newsgroup • Chat • Pastebin • Blog Preprocessed Data • Journals • Publica+ons Elaborated Data • Researches • Reports • Analysis Alerts in real time Handling and Monitoring of the situation State of the Art OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG How can we use OSINT? • What’s the need? • How to reach the scope? Raw Data Preprocessed Data Elaborated Data • Dedicated search engineers • Keywords • Ad-­‐hoc early warning systems • Feeds from generic sources of informa+on • “standard” monitoring systems • Are available “when ready” • Feeds from specialist sources Ways to perform the searches Alerts in real time Handling and Monitoring of the situation State of the Art OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Volume of the data you have to parse SIKUREZZA.ORG Time VS Quality VS Efforts TIME QUALITY Level of the effort Reliability Relevancy } Quality OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG The InformaCon Search Process Discovery Selec+on Formula+on Delivery OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG #HowToFail • Incomplete iden+fica+on of the sources • Not always structured data -­‐> Are you searching in a library on in a bazar? • “Not easy to access” data -­‐> methods and/or formats • Too many info «It refers to a hypothe.cal situa.on wherein an ass that is equally hungry and thirsty is placed precisely midway between a stack of hay and a pail of water. Since the paradox assumes the ass will always go to whichever is closer, it will die of both hunger and thirst since it cannot make any ra.onal decision to choose one over the other..» hbp://en.wikipedia.org/wiki/Buridan%27s_ass OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG TOOLS AND EXAMPLES OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Analysis of a Web Site • From the website to the people – Owners – Shareholders – Maintainers – Etc… OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Who has registered a website OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG An example OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Back in Cme OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Registro Imprese OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Finding people on Social Networks Finding a nick: • h^p://namechk.com • h^p://www.namechecklist.com • h^p://www.namecheckr.com OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Creepy -­‐ h^p://ilektrojohn.github.io/creepy/ • A Geoloca+on OSINT Tool. Offers geoloca+on informa+on gathering through social networking plaiorms. • Support: – Flickr – Instagram – Twiber SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Image Analysis • Where a photo has been taken ? hbp://imageforensic.org OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Law and the metadata “La proposta di legge di Gabriella Carlucci per “regolamentare Internet” è in realtà l’ennesimo goffo provvedimento “an+pirateria” mascherato da qualcosa d’altro. Del resto l’onorevole Carlucci si è faba in ques+ anni una vera e propria competenza in materia (dove competenza è termine da maneggiare con estrema prudenza). E comunque la proposta Carlucci liberamente scaricabile sul suo blog in formato .doc ha qualcosa di strano. Come ha notato Guido Scorza il computer sul quale il documento è stato scribo è intestato ad un certo Daniele Rossi di Univideo. Evidentemente un amico di Gabriella, omonimo del presidente della Unione Italiana Editoria audiovisivi.” hbp://www.rigeneriamoci.com/i-­‐metada+-­‐e-­‐lon-­‐carlucci/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
Why metadata are important • You will discover the true authors of the documents • Or clues about if the documents have been shared with someone (e.g. the user that has saved the document) • Verify if the document is from a certain company, person etc.. • Who is working in a company o for a specific company SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Finding Metadata with FOCA hbps://www.elevenpaths.com/labs-­‐tools-­‐foca.html OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Foca and Foca Forensics • Foca: it’s a tool to scan websites and download documents in order to extract metadata in those documents • Foca Forensics: same as Foca, but it works on already downloaded data SIKUREZZA.ORG • Download: • hbp://www.informa+ca64.com/foca.aspx • hbp://www.informa+ca64.com/forensicfoca/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Foca Forensics Anonymous has leaked some data and you want to verify if the informa+on contained is true…. You have to download the data and scan it with Foca Forensics OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Shodan -­‐ h^p://www.shodanhq.com/ • Shodan is a system able to index services and devices on Internet • You can easily iden+fy Webcams, Web administra+on systems, vulnerable sorware (e.g. based on the sorware banner) OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Fbstalker -­‐ h^ps://github.com/milo2012/osintstalker SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Maltego -­‐ h^ps://www.paterva.com Maltego is an open source intelligence and forensics applica+on. It will offer you +mous mining and gathering of informa+on as well as the representa+on of this informa+on in a easy to understand format. A Maltego analysis can start from: – A SIKUREZZA.ORG person name – A document – An email – A phone – Etc.. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
SIKUREZZA.ORG The power of analysis OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
hbp://wisdomofcrowds.blogspot.it/2009/12/vox-­‐populi-­‐sir-­‐francis-­‐galton.html SIKUREZZA.ORG Nobody knows…together we know! OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Who is using OSINT ? “For the past three years, Elaine Rich and 3,000 other average people have been quietly making probability estimates about everything from Venezuelan gas subsidies to North Korean politics as part of , an experiment put together by three well-known psychologists and some people inside the intelligence community.” “According to one report, the predictions made by the Good Judgment Project are often better even than intelligence analysts with access to classified information, and many of the people involved in the project have been astonished by its success at making accurate predictions.” http://www.npr.org/blogs/parallels/2014/04/02/297839429/-so-you-think-youre-smarter-than-a-cia-agent http://www.goodjudgmentproject.com/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
There is a funny comic strip in which the father gives this advice to his son: “You should pay a-en0on while choosing your dog's name because it will be your security ques0on answer for the rest of your life!” hbp://gizmodo.com/5947393/remember-­‐youre-­‐not-­‐only-­‐naming-­‐your-­‐pet-­‐youre-­‐also-­‐securing-­‐your-­‐digital-­‐future OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
SIKUREZZA.ORG Reality Check! http://www.theguardian.com/technology/askjack/2008/sep/19/security.email OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
How do you answer your security quesCons? The scope is to op+mize the abacks making low noise. SIKUREZZA.ORG Info for password cracking: • Girlfriend/wife name • Pet name • Date of Birth • Sport teams • Place of birth • Addresses • List of schools OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
I know where you are…I know your password! hbp://www.oversecurity.net/2014/02/27/casaleggio-­‐bucato-­‐la-­‐ password-­‐usata-­‐e-­‐lindirizzo-­‐della-­‐sede-­‐legale/ SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Google Hacking #1 – The unexpected Knowledge of Google Operators and how Internet or sorware work helps reach any informa+on SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Google Hacking #2 – Passwords from backups SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG So you forgot to remove the geo-­‐tag ? OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Shodan -­‐ how to idenCfy the distribuCon of a vuln • A recent vulnerability about a backdoor listening on port TCP/32764 in Linksys WAG200G (and also on some other devices) has been published • Using Shodan is possible to map the vulnerability SIKUREZZA.ORG • hbp://shodanio.wordpress.com/2014/01/23/quick-­‐sta+s+cs-­‐on-­‐the-­‐router-­‐backdoor-­‐on-­‐port-­‐32764/ • hbps://github.com/elvanderb/TCP-­‐32764 OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Recorded Future Inc. -­‐ h^ps://recordedfuture.com/ “is a sorware company based in Cambridge, Massachusebs, United States, and Gothenburg, Sweden, specializing in web intelligence and predic+ve analy+cs. Using what they call a "temporal analy+cs engine", Recorded Future provides forecas+ng and analysis tools to help analysts predict future events by scanning sources on the Internet, and extrac+ng, measuring, and visualizing the informa+on to show networks and paberns in the past, present, and future.” “Both Google (on May 3, 2010) and the CIA have invested in the company, through their investment arms, Google Ventures and In-­‐Q-­‐Tel, respec+vely.” SIKUREZZA.ORG http://en.wikipedia.org/wiki/Recorded_Future OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Event Analysis OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
Analysis “Pressure cooker bombs have been more commonly seen in Indian and Southeast Asian abacks than anywhere else. Recent reports out of India also suggest that the weapon has become a “fad” in militant camps along the Afghanistan/Pakistan border. In contrast, discoun+ng thwarted abacks such as the abempted aback on Times Square in 2010, the United States has experienced just one bombing with a pressure cooker, and that was back in 1976. There’s also lible to see in Europe during the last several years.” http://analysisintelligence.com/terrorism/pressure-cooker-bombings-map/ SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
SIKUREZZA.ORG Summary OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Summary • Pay aben+on to the informa+on we leave on Internet every day • Internet usually contains the informa+on that we need • Keeping in mind our goal we need to iden+fy the proper methods to extract the informa+on we are looking for SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
Thank you! Gabriele Zanoni @infoshaker OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org

Recommended

OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
Osint
OsintOsint
OsintKamal Rathaur
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 

Recommended

OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
Osint
OsintOsint
OsintKamal Rathaur
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]RootedCON
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)Molfar
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Osint skills
Osint skillsOsint skills
Osint skillsFelixK4
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxanonymousanonymous428352
 
DMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data MiningDMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data MiningPier Luca Lanzi
 

More Related Content

What's hot

Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]RootedCON
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)Molfar
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Osint skills
Osint skillsOsint skills
Osint skillsFelixK4
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 

What's hot (20)

Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and future
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Osint skills
Osint skillsOsint skills
Osint skills
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 

Similar to Open Source Intelligence (OSINT)

DMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data MiningDMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data MiningPier Luca Lanzi
 
Role play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyRole play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyNANOYOU
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 
Panama Papers, or How To Coordinate a Secret in the Digital Age
Panama Papers, or How To Coordinate a Secret in the Digital AgePanama Papers, or How To Coordinate a Secret in the Digital Age
Panama Papers, or How To Coordinate a Secret in the Digital AgeOnline News Association
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Connecting the Dots
Connecting the DotsConnecting the Dots
Connecting the DotsInnoTech
 
Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Elizabeth Murnane
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyCRS4 Research Center in Sardinia
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Let's Get Visible! with Karla Smith, Winnefox Library System
Let's Get Visible! with Karla Smith, Winnefox Library SystemLet's Get Visible! with Karla Smith, Winnefox Library System
Let's Get Visible! with Karla Smith, Winnefox Library SystemWiLS
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere10x Nation
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationChristopher Mohritz
 

Similar to Open Source Intelligence (OSINT) (20)

OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
DMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data MiningDMTM 2015 - 02 Data Mining
DMTM 2015 - 02 Data Mining
 
Open Data Journalism
Open Data JournalismOpen Data Journalism
Open Data Journalism
 
1482734.ppt
1482734.ppt1482734.ppt
1482734.ppt
 
Role play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyRole play - The internet of things - Nanotechnology
Role play - The internet of things - Nanotechnology
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 
Panama Papers, or How To Coordinate a Secret in the Digital Age
Panama Papers, or How To Coordinate a Secret in the Digital AgePanama Papers, or How To Coordinate a Secret in the Digital Age
Panama Papers, or How To Coordinate a Secret in the Digital Age
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Connecting the Dots
Connecting the DotsConnecting the Dots
Connecting the Dots
 
Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Let's Get Visible! with Karla Smith, Winnefox Library System
Let's Get Visible! with Karla Smith, Winnefox Library SystemLet's Get Visible! with Karla Smith, Winnefox Library System
Let's Get Visible! with Karla Smith, Winnefox Library System
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of Disinformation
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect Information
 

More from festival ICT 2016

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...festival ICT 2016
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015festival ICT 2016
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...festival ICT 2016
 
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...festival ICT 2016
 
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...festival ICT 2016
 
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...festival ICT 2016
 
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015festival ICT 2016
 
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...festival ICT 2016
 
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015festival ICT 2016
 
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015festival ICT 2016
 
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...festival ICT 2016
 
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015festival ICT 2016
 
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...festival ICT 2016
 
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...festival ICT 2016
 
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...festival ICT 2016
 
Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015festival ICT 2016
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...festival ICT 2016
 
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution... Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...festival ICT 2016
 
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...festival ICT 2016
 

More from festival ICT 2016 (20)

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
 
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
 
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
 
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
 
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
 
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
 
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
 
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
 
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
 
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
 
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
 
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
 
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
 
Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
 
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution... Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
 
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Open Source Intelligence (OSINT)

  • 1. Open Source INTelligence Gabriele Zanoni @infoshaker OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 2. SIKUREZZA.ORG Index Informa+on that we share Introduc+on to OSINT Tools and examples The power of analysis Summary OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 3. SIKUREZZA.ORG InformaCon that we share OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 4. Social networks expose our private and professional life… SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 5. SIKUREZZA.ORG Companies expose their own informaCon… OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 6. SIKUREZZA.ORG IntroducCon to OSINT OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 7. It’s not a tool , it’s not a website , it’s not with fee it’s not free… SIKUREZZA.ORG OSINT Open Source INTelligence is intelligence collected from publicly available sources. [1] http://en.wikipedia.org/wiki/Open-source_intelligence OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 8. Why OSINT In a world that changes rapidly we need to have high quality informa+on in the exact moment that we need it. SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 9. What’s the value we get from OSINT «You see? you hesitate. But as a captain, you can't. You have to act. If you don't, you put the en+re crew at risk. Now that's the job. It's not a science. You have to be able to make hard decisions based on imperfect informa+on. Asking men to carry out orders that may result in their deaths. And if you're wrong, you suffer the consequences. If you're not prepared to make those decisions, without pause, without reflec+on, then you've got no business being a submarine captain.» SIKUREZZA.ORG Lt. Commander Mike Dahlgren U-­‐571 OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 10. SIKUREZZA.ORG How can we use OSINT? • What’s the need? Raw Data • Mailing List • Newsgroup • Chat • Pastebin • Blog Preprocessed Data • Journals • Publica+ons Elaborated Data • Researches • Reports • Analysis Alerts in real time Handling and Monitoring of the situation State of the Art OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 11. SIKUREZZA.ORG How can we use OSINT? • What’s the need? • How to reach the scope? Raw Data Preprocessed Data Elaborated Data • Dedicated search engineers • Keywords • Ad-­‐hoc early warning systems • Feeds from generic sources of informa+on • “standard” monitoring systems • Are available “when ready” • Feeds from specialist sources Ways to perform the searches Alerts in real time Handling and Monitoring of the situation State of the Art OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 12. Volume of the data you have to parse SIKUREZZA.ORG Time VS Quality VS Efforts TIME QUALITY Level of the effort Reliability Relevancy } Quality OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 13. SIKUREZZA.ORG The InformaCon Search Process Discovery Selec+on Formula+on Delivery OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 14. SIKUREZZA.ORG #HowToFail • Incomplete iden+fica+on of the sources • Not always structured data -­‐> Are you searching in a library on in a bazar? • “Not easy to access” data -­‐> methods and/or formats • Too many info «It refers to a hypothe.cal situa.on wherein an ass that is equally hungry and thirsty is placed precisely midway between a stack of hay and a pail of water. Since the paradox assumes the ass will always go to whichever is closer, it will die of both hunger and thirst since it cannot make any ra.onal decision to choose one over the other..» hbp://en.wikipedia.org/wiki/Buridan%27s_ass OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 15. SIKUREZZA.ORG TOOLS AND EXAMPLES OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 16. SIKUREZZA.ORG Analysis of a Web Site • From the website to the people – Owners – Shareholders – Maintainers – Etc… OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 17. SIKUREZZA.ORG Who has registered a website OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 18. SIKUREZZA.ORG An example OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 19. SIKUREZZA.ORG Back in Cme OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 20. SIKUREZZA.ORG Registro Imprese OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 21. SIKUREZZA.ORG Finding people on Social Networks Finding a nick: • h^p://namechk.com • h^p://www.namechecklist.com • h^p://www.namecheckr.com OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 22. Creepy -­‐ h^p://ilektrojohn.github.io/creepy/ • A Geoloca+on OSINT Tool. Offers geoloca+on informa+on gathering through social networking plaiorms. • Support: – Flickr – Instagram – Twiber SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 23. SIKUREZZA.ORG Image Analysis • Where a photo has been taken ? hbp://imageforensic.org OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 24. SIKUREZZA.ORG Law and the metadata “La proposta di legge di Gabriella Carlucci per “regolamentare Internet” è in realtà l’ennesimo goffo provvedimento “an+pirateria” mascherato da qualcosa d’altro. Del resto l’onorevole Carlucci si è faba in ques+ anni una vera e propria competenza in materia (dove competenza è termine da maneggiare con estrema prudenza). E comunque la proposta Carlucci liberamente scaricabile sul suo blog in formato .doc ha qualcosa di strano. Come ha notato Guido Scorza il computer sul quale il documento è stato scribo è intestato ad un certo Daniele Rossi di Univideo. Evidentemente un amico di Gabriella, omonimo del presidente della Unione Italiana Editoria audiovisivi.” hbp://www.rigeneriamoci.com/i-­‐metada+-­‐e-­‐lon-­‐carlucci/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 25. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 26. Why metadata are important • You will discover the true authors of the documents • Or clues about if the documents have been shared with someone (e.g. the user that has saved the document) • Verify if the document is from a certain company, person etc.. • Who is working in a company o for a specific company SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 27. SIKUREZZA.ORG Finding Metadata with FOCA hbps://www.elevenpaths.com/labs-­‐tools-­‐foca.html OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 28. Foca and Foca Forensics • Foca: it’s a tool to scan websites and download documents in order to extract metadata in those documents • Foca Forensics: same as Foca, but it works on already downloaded data SIKUREZZA.ORG • Download: • hbp://www.informa+ca64.com/foca.aspx • hbp://www.informa+ca64.com/forensicfoca/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 29. SIKUREZZA.ORG Foca Forensics Anonymous has leaked some data and you want to verify if the informa+on contained is true…. You have to download the data and scan it with Foca Forensics OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 30. SIKUREZZA.ORG Shodan -­‐ h^p://www.shodanhq.com/ • Shodan is a system able to index services and devices on Internet • You can easily iden+fy Webcams, Web administra+on systems, vulnerable sorware (e.g. based on the sorware banner) OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 31. Fbstalker -­‐ h^ps://github.com/milo2012/osintstalker SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 32. Maltego -­‐ h^ps://www.paterva.com Maltego is an open source intelligence and forensics applica+on. It will offer you +mous mining and gathering of informa+on as well as the representa+on of this informa+on in a easy to understand format. A Maltego analysis can start from: – A SIKUREZZA.ORG person name – A document – An email – A phone – Etc.. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 33. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 34. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 35. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 36. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 37. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 38. SIKUREZZA.ORG The power of analysis OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 40. SIKUREZZA.ORG Who is using OSINT ? “For the past three years, Elaine Rich and 3,000 other average people have been quietly making probability estimates about everything from Venezuelan gas subsidies to North Korean politics as part of , an experiment put together by three well-known psychologists and some people inside the intelligence community.” “According to one report, the predictions made by the Good Judgment Project are often better even than intelligence analysts with access to classified information, and many of the people involved in the project have been astonished by its success at making accurate predictions.” http://www.npr.org/blogs/parallels/2014/04/02/297839429/-so-you-think-youre-smarter-than-a-cia-agent http://www.goodjudgmentproject.com/ OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 41. There is a funny comic strip in which the father gives this advice to his son: “You should pay a-en0on while choosing your dog's name because it will be your security ques0on answer for the rest of your life!” hbp://gizmodo.com/5947393/remember-­‐youre-­‐not-­‐only-­‐naming-­‐your-­‐pet-­‐youre-­‐also-­‐securing-­‐your-­‐digital-­‐future OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 42. SIKUREZZA.ORG Reality Check! http://www.theguardian.com/technology/askjack/2008/sep/19/security.email OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 43. How do you answer your security quesCons? The scope is to op+mize the abacks making low noise. SIKUREZZA.ORG Info for password cracking: • Girlfriend/wife name • Pet name • Date of Birth • Sport teams • Place of birth • Addresses • List of schools OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 44. I know where you are…I know your password! hbp://www.oversecurity.net/2014/02/27/casaleggio-­‐bucato-­‐la-­‐ password-­‐usata-­‐e-­‐lindirizzo-­‐della-­‐sede-­‐legale/ SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 45. Google Hacking #1 – The unexpected Knowledge of Google Operators and how Internet or sorware work helps reach any informa+on SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 46. Google Hacking #2 – Passwords from backups SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 47. SIKUREZZA.ORG So you forgot to remove the geo-­‐tag ? OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 48. Shodan -­‐ how to idenCfy the distribuCon of a vuln • A recent vulnerability about a backdoor listening on port TCP/32764 in Linksys WAG200G (and also on some other devices) has been published • Using Shodan is possible to map the vulnerability SIKUREZZA.ORG • hbp://shodanio.wordpress.com/2014/01/23/quick-­‐sta+s+cs-­‐on-­‐the-­‐router-­‐backdoor-­‐on-­‐port-­‐32764/ • hbps://github.com/elvanderb/TCP-­‐32764 OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 49. Recorded Future Inc. -­‐ h^ps://recordedfuture.com/ “is a sorware company based in Cambridge, Massachusebs, United States, and Gothenburg, Sweden, specializing in web intelligence and predic+ve analy+cs. Using what they call a "temporal analy+cs engine", Recorded Future provides forecas+ng and analysis tools to help analysts predict future events by scanning sources on the Internet, and extrac+ng, measuring, and visualizing the informa+on to show networks and paberns in the past, present, and future.” “Both Google (on May 3, 2010) and the CIA have invested in the company, through their investment arms, Google Ventures and In-­‐Q-­‐Tel, respec+vely.” SIKUREZZA.ORG http://en.wikipedia.org/wiki/Recorded_Future OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 50. SIKUREZZA.ORG Event Analysis OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 51. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 52. OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org SIKUREZZA.ORG
  • 53. Analysis “Pressure cooker bombs have been more commonly seen in Indian and Southeast Asian abacks than anywhere else. Recent reports out of India also suggest that the weapon has become a “fad” in militant camps along the Afghanistan/Pakistan border. In contrast, discoun+ng thwarted abacks such as the abempted aback on Times Square in 2010, the United States has experienced just one bombing with a pressure cooker, and that was back in 1976. There’s also lible to see in Europe during the last several years.” http://analysisintelligence.com/terrorism/pressure-cooker-bombings-map/ SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 54. SIKUREZZA.ORG Summary OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 55. Summary • Pay aben+on to the informa+on we leave on Internet every day • Internet usually contains the informa+on that we need • Keeping in mind our goal we need to iden+fy the proper methods to extract the informa+on we are looking for SIKUREZZA.ORG OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org
  • 56. Thank you! Gabriele Zanoni @infoshaker OSINT -­‐ Fes+val ICT -­‐ Sikurezza.org