Open Source Intelligence (OSINT): The Data We Leak

Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition.

Guests:

• Christina Lekati (LinkedIn) (Twitter)
• Chris Kirsch (LinkedIn) (Twitter)

Books and References:

• Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode
• YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow
• YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence
• YouTube Playlist from the 2022 SANS OSINT Summit
• YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours
• The OSINT Curious project
• DEFCON Social Engineering Community
• 15 top open-source intelligence tools, CSO Online
• Top 25 OSINT Tools for Penetration Testing, SecurityTrails
• WebMii.com
• Hunter.io
• Wigle.net
• Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Threat Modeling: Designing for Security by Adam Shostack
• What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/
• 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
• The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds

Perry's Books

• Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
• The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer

Production Credits:

Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.

Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.

8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/

Want to get in touch with Perry? Here's how:

• LinkedIn
• Twitter
• Instagram
• Email: perry [at] 8thLayerMedia [dot] com

Learn more about your ad choices. Visit megaphone.fm/adchoices