Description
"OSINT Tools & TTPs for Pentesters and Red Teamers" will teach you how to detect gaps that are not uncovered by standard reconnaissance workflows and methodologies.
In this course, I will share with you my know-how and point of view on how to examine a target not only from a "pentester's angle”, but also from other cybersecurity perspectives.
Course benefits:
What skills will you gain?
- Using automated tools.
- Developing an investigative mindset.
- Looking at the bigger picture on a target and not only from a ‘pentester’ lens.
- Defining, scoping, and approaching a target.
- Using various collection and analysis methods.
- Learning the best practices used by experts in reconnaissance.
- Learning the methods, tools, and tips to avoid rabbit holes during reconnaissance.
- Keeping your reconnaissance workflows and processes organized.
- Conducting knowledge development for relevant reconnaissance workflows, tools and techniques.
What will you learn about?
1.Steps, Tools & "Best Practices" to approach, define, and scope the target.
2.Profiling company data like a professional.
3.Extensive Internal Reconnaissance.
3.1.Cover and practice the tools, techniques, and methods to collect data on a target’s infrastructure.
3.2.Tools, Footprinting methods, Techniques & more!
4.Extensive External Reconnaissance.
4.1.Cover and practice the tools, techniques, and methods to collect data on a target’s infrastructure from the lens of an OSINT Expert.
4.2.Tools, Custom Search Methods, Techniques & more!
5.Housekeeping & Organizing your workspace.
5.1.Learn to avoid rabbit holes during investigations and reconnaissance practices.
5.2.Conduct knowledge development to discover new techniques, tools, and methods shared and used by experts in the industry.
What tools will you use?
- Investigative search engines for company profiling & their tips and tricks
- Social Media Platforms Advanced Searching Techniques (Twitter & more)
- Search Engines & Dorking (Google & others)
- Practical search engines on all facets of reconnaissance work (Shodan, ZoomEye & others)
- Attack surface search engines and alternative tools (SUIP, Kali suite & more)
- Cloud platform search engines (FTP, Indexers)
- Tools for internal infrastructure web footprinting (Subdomains & other engines and scanners)
- Other really helpful tools and add-ons such as LinkGopher & others
- Code search tools, scanners, and relevant sources (GitHub & many indexable alternatives)
Course general information:
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
Course launch date: April 3rd, 2023
Course format:
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- Browser (Preferably Firefox for the add-ons, tools, and searching).
- Kali Linux VM for testing of scripts, tools and searching.
- Notebook to write down notes, tips from the instructors and any particular points of interest
What should you know before you join?
- You need determination and an open mind to study, conduct all essential searches, and develop an investigative mindset.
Watch the introduction video:
YOUR INSTRUCTOR - Eva Prokofiev
Eva is a former military intelligence officer and a cybersecurity professional with more than 10 years of experience. She is a prominent contributor to the field of Open Source Intelligence (OSINT), sharing her expertise through her personal blog. Eva possesses extensive skills in OSINT, Human Intelligence (HUMINT), Cyber Threat Intelligence (CTI), and online investigations in complex ecosystems, including Russia and China, and the United States.
During her career, Eva has demonstrated and still continues to demonstrate exceptional leadership abilities and actively participated in numerous client-facing projects. She has conducted investigations in both virtual and physical realms across various industries, with a particular focus on Cyber Threat Intelligence, Trust & Safety, and Offensive Security.
COURSE SYLLABUS
Module 1
Pre-Technical Research
This module focuses on the pre-technical investigation and profile of the "intelligence" component of the target company, assets, executives, and other relevant information that is often crucial during investigative work and enables us to have a complete image of a target from all perspectives.
Module 1 covered topics:
- Learn to define the target and the scope with the right tools, methods and techniques.
- Learn to profile a company to help you with reconnaissance tasks.
- Executive & Key Personnel Profiling from an OSINT Investigator point of view.
- Module 1 Key Takeaways + Recommendations
Module 1 exercises:
- Attempt to go over the practical parts shown in the video by the instructor and repeat the same actions for educational purposes. It is also recommended that the student explore further and learn about tips, tricks and tools shown in the course.
Module 2
Internal Infrastructure Footprinting
This module focuses on internal infrastructure footprinting, including its definitions, techniques, and professional advice for gaining the most relevant information and performing fundamental reconnaissance on the target infrastructure.
Module 2 covered topics:
-
Introduction to Infrastructure Footprinting.
- Passive and Active Reconnaissance Key Points.
- Subdomain Enumeration Types & Their Automated Methods.
- Detecting services, technologies and versions effectively.
- Gathering OSINT on critical Infrastructure and technologies of a target.
- Key Reconnaissance Checklists & Workflows.
-
Module 2 Key Takeaways + Recommendations.
Module 2 exercises:
- Attempt to go over the practical parts shown in the video by the instructor and repeat the same actions for educational purposes. It is also recommended that the student explore further and learn about tips, tricks and tools shown in the course.
Module 3
External Reconnaissance & Footprinting
This module focuses on the external factors of reconnaissance work. As with any proper investigative approach and OSINT perspective, you will discover the other areas of collected data that are essential to constructing the "profile" of the target's vulnerabilities, enhancing the existing information as part of infrastructure research and other elements.
Module 3 covered topics:
- Introduction to OSINT Cloud Storage Services
- Cloud storage (Public Buckets Enum S3 & Alternatives)
- Cloud storage (Extensive Repositories & other resources)
- Reconnaissance from a CTI lens
- Master Google Dorking
- Module 3 Key Takeaways + Recommendations
Module 3 exercises:
- Attempt to go over the practical parts shown in the video by the instructor and repeat the same actions for educational purposes. It is also recommended that the student explore further and learn about tips, tricks and tools shown in the course.
Module 4
Housekeeping, Rabbit Holes, & Organized Workflows.
This module brings to light the practices of conducting successful and organized reconnaissance work, as well as learning to avoid rabbit holes during your investigations. The most important skill for any investigator in offensive security, as with other verticals, is the ability to conduct knowledge development for relevant tips, tricks, and methods employed by experts.
Module 4 covered topics:
- How to keep an organized reconnaissance investigation
- Tools & Tips to avoid rabbit holes during investigation
- Tips and tricks for knowledge development (KD)
Module 4 exercises:
- Attempt to go over the practical parts shown in the video by the instructor and repeat the same actions for educational purposes. It is also recommended that the student explore further and learn about tips, tricks and tools shown in the course.
Contact
Reviews
There are no reviews yet.