Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams presented at BSidesSF 2016

by Ethan Dodge, Brian Warehime,

Summary : In today's age everyone puts everything on the Internet. Not only can this present a personal threat, it can also introduce tangential risk to your organization. Seemingly innocent public displays of company pride, human error, and all-to-descriptive LinkedIn profiles are all interconnected pieces of information that can be leveraged by both attackers and defenders in the ongoing battle between red and blue.In this presentation we'll explain and demo how we've leveraged Twitter, Instagram, Google Maps, Whitepages.com, court case records and property records to automate and assist in OSINT discovery. We have integrated it all together in a single custom application, coupled all this with the power of Maltego. These custom transforms can easily be used to identify potential insider threats within your organization, prepare for a red team engagement, or to simply dox all your friends. We will discuss the benefits of this information from both an attacker and defender’s point of view.