Training material contains a lot of practical material! You immediately will work. The training adopted for an audience which represents students with completely different background. The obtained experience will mandatory increase your value for employees and customers, and bring a tremendous level of a professional confidence to you personally.
You will have all required skills to face the most difficult problems, which include:
- preserving your anonymity
- threat actor profiling
- metadata analysis
- automated data harvesting
- log analysis and correlation
The course duration is 3 days.
The course syllabus below can be adopted according to company/organisation's needs.
Please write us your requirements and questions that are critical for you. We will update the training program accordingly.
COURSE AGENDA
- Resources for OSINT
- osint framework
- awesome osint
- Anonymity and online safety
- Virtual machines (Vmware player, Virtualbox).
- Snapshots of virtual machines.
- Linux LiveCDs (Tails).
- Kali Linux
- Tor
- Tor browser
- proxychains, socksify.
- VPN, Double-VPN.
- Proxy servers
- I2P
- Bitcoin
- Firewalls.
- Custom user agents.
- Browser protected mode.
- NoScript.
- Disable browser plugins/extensions/addons.
- Dekloaking (WebRTC-STUN leak, DNS leak, User-agent and device properties leak, Sticky cookies).
- Screenshot anonymization.
- Document metadata anonymization, exiftool.
- Virustotal and public sandbox precaution measures.
- Privnote, anonymous chats
- Precation measures with office and pdf documents.
- Profiling
- Google search
- Advanced Google search
- Google dorks
- Yandex search
- Advanced Yandex search
- Bing search
- Advanced Bing search
- Other search engines (yahoo, baidu, duckduck)
- IP address
- AS and BGP, looking glass
- Whois
- Domain names and DNS.
- Dig/nslookup
- viewdns.info
- dnsdumpster.
- Dnsrecon.
- www.tcpiputils.com
- MaxMind geoip, IP2location
- Shodan
- image search engines (google image, tineye, etc.)
- Google translate
- Facebook
- LinkedIn
- Vkontakte
- Odnoklasniki
- Google+
- Instagram
- Twitter
- CheckUserNames.com
- Pastebin
- Virustotal
- State registers
- State databases
- HTML comments
- X509 certificate analysis
- Email headers analysis
- Crimeflare and real IP detection, cloudfail tool.
- Short link expanders
- Webarchives (archive.org)
- Blockchain.info
- Video collection (download helper)
- Desktop screen capture
- Keepnote
- Log analysis
- grep
- file
- binwalk
- sed and awk
- radare2
- log2timeline
- catdoc
- Metadata analysis
- exiftool
- executable files metadata (PE/ELF)
- FOCA
- Metagoofil
- Automating search
- Python scripting
- Shell scripting
- wget
- curl
- httrack
- Google alerts
- recon-ng
- theharvester
- Maltego
- Twitter python API.
- Spiderfoot
- OSINT Opsec tool
- IBM i2
- GeoCreepy
- datasploit
- Interactions
- Account recovery tricks (partial data display)
- Password reset questions (e.g. phone number, etc.)
- Out of office messages
- Contact forms for confirmation email and its headers
- Social engineering, pretext
- cracking password hashes (john, google search, crackstation, hashcat, custom john rules, cewl, crunch)
- Web bugs
- Trojanized binaries, RATs
- Packers/cryptors, AV evasion
- Exploits in documents (Office, PDF)
- Macros in the documents
- Java exploits
- Browser exploits
- User enumeration exploits
- Dekloaking
- XSS and Beef
- DOS on hacker resources
For ease of use, you can download the program of the training course "OSINT INTRO" from the link. Click to download