{"id":14329,"date":"2024-05-13T09:50:46","date_gmt":"2024-05-13T09:50:46","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?post_type=product&#038;p=14329"},"modified":"2024-08-01T05:24:19","modified_gmt":"2024-08-01T05:24:19","slug":"open-source-intelligence-osint-for-attack-surface-mapping-bkk2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/","title":{"rendered":"Open-Source Intelligence (OSINT) for Attack Surface Mapping"},"content":{"rendered":"<div class=\"page\" title=\"Page 3\">\n<div class=\"layoutArea\">\n<h4><strong><span style=\"color: #993300\">ATTEND IN-PERSON<\/span><\/strong><strong><span style=\"color: #993300\">: <\/span><\/strong><strong>Onsite in Bangkok, Thailand<\/strong><\/h4>\n<div class=\"layoutArea\">\n<div class=\"page\" title=\"Page 3\">\n<h4><strong>DATE: 27-28 August 2024<\/strong><\/h4>\n<\/div>\n<h4><strong>TIME: 09:00 to 17:00 ICT\/GMT+7<\/strong><\/h4>\n<table style=\"height: 146px\" width=\"599\">\n<tbody>\n<tr>\n<td><strong>Date<\/strong><\/td>\n<td><strong>Day<\/strong><\/td>\n<td style=\"text-align: left\"><strong>Time<\/strong><\/td>\n<td><strong>Duration<\/strong><\/td>\n<\/tr>\n<tr>\n<td>27 Aug<\/td>\n<td>Tuesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>28 Aug<\/td>\n<td>Wednesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<hr \/>\n<\/div>\n<\/div>\n<h5>This workshop will kick off by exploring the fundamental concepts of OSINT and how they fit into the broader landscape of cybersecurity. Participants will gain clarity on the goals and techniques that drive effective OSINT practices.<\/h5>\n<p>We will be identifying and understanding an organization\u2019s digital assets. What are these assets, and why are they crucial? During the workshop we will discuss the importance of starting the enumeration process with the right \u201cseeds\u201d to uncover hidden information.<\/p>\n<p>&nbsp;<\/p>\n<h5><strong>We will then dive into the following key areas:<\/strong><\/h5>\n<ul>\n<li><strong>Hosts<\/strong>: what constitutes a host, and how can we uncover relevant details about them? Leveraging tools such as WHOIS, we will explore IP ranges, ASNs (Autonomous System Numbers), and identify &amp; map cloud-based assets.<\/li>\n<li><strong>Hostnames<\/strong>: the DNS (Domain Name System) protocol plays a pivotal role in our hunt. Students will learn how to extract valuable data by interacting with DNS servers. Additionally, we will leverage a few techniques to differentiate between internal and external hostnames and understand what insights we can gain about the target organization&#8217;s technological stacks.<\/li>\n<li><strong>Network Services<\/strong>: we will explore how to identify relevant services, using a set of different tools such as NMAP. Moreover, we will focus on web protocols and applications to extract more intelligence: from web application profiling to vulnerability scanning, the participants will be equipped with the right set of practical skills.<\/li>\n<li><strong>Leaked Data<\/strong>: it is not just about digital infrastructure; the human element matters, too. We will discuss data leaks and their relevance, emphasizing the broader attack surface beyond digital assets.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h5><strong>Key learning objectives<\/strong><\/h5>\n<ul>\n<li>Mastering OSINT fundamentals: understand the core principles of OSINT, its objectives, and methodologies.<\/li>\n<li>Effective host identification and analysis: dive into the world of IPs and Hosts, leveraging WHOIS data to extract valuable information about hosts while exploring and identifying IP ranges, ASNs and cloud assets.<\/li>\n<li>Uncovering hostnames: understand the role of hostnames in attack surface mapping, while exploring the DNS protocol and its details.<\/li>\n<li>Mapping and profiling network services: how to identify relevant network services by leveraging multiple evergreen tools and techniques.<\/li>\n<li>Human attack surface and leaked data: how to enumerate the human attack surface of an organization by leveraging leaked databases.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h5><strong>What will the students get<\/strong><\/h5>\n<ul>\n<li>Battle-tested and future-proof OSINT trades and techniques.<\/li>\n<li>Fully configured Virtual Machine (VM) with a selection of pre-configured OSINT tools.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h5><strong>Agenda\/Topics Covered<\/strong><\/h5>\n<p>&nbsp;<\/p>\n<p><strong>Open-Source Intelligence Introduction (OSINT)<\/strong><\/p>\n<ul>\n<li>What is Open-Source Intelligence (OSINT).\n<ul>\n<li>Objectives and Methodology.<\/li>\n<\/ul>\n<\/li>\n<li>OSINT for mapping Cyber Attack Surface.\n<ul>\n<li>Hunting for assets: what are we looking for?\n<ul>\n<li>Identifying the right initial starting \u201cseeds\u201d for<\/li>\n<li>Hosts, hostnames, network services, leaked data, and beyond.<\/li>\n<li>Just \u201cwhy\u201d? A <em>curious<\/em> case-study.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Hunting for Hosts<\/strong><\/p>\n<ul>\n<li>What is a Host?<\/li>\n<li>What is WHOIS and how to leverage it.<\/li>\n<li>IP ranges, ASNs, and cloud asset discovery.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Hunting for Hostnames<\/strong><\/p>\n<ul>\n<li>DNS primer: an old protocol for modern hunting.<\/li>\n<li>Certificate Transparency Monitor (CTM).\n<ul>\n<li>Internal vs. External hostnames: why do you not exist?<\/li>\n<\/ul>\n<\/li>\n<li>Tools and services for effective subdomains enumeration.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Hunting for Exposed Network Services<\/strong><\/p>\n<ul>\n<li>How to identify relevant services.<\/li>\n<li>Nmap Primer: you network scanner Swiss knife.\n<ul>\n<li>Scaling up: MASSCAN NMAP vs. NAABU.<\/li>\n<\/ul>\n<\/li>\n<li>It\u2019s (most) all about web.\n<ul>\n<li>Web application profiling.<\/li>\n<li>Web application metadata extraction.<\/li>\n<li>Web application vulnerability scanning.<\/li>\n<li>Your web toolset: nuclei &amp; eyewitness.\n<ul>\n<li>Writing custom nuclei templates.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Hunting for Leaded Data<\/strong><\/p>\n<ul>\n<li>Data leaks and beyond: why are they relevant.<\/li>\n<li>It\u2019s not just digital infrastructure: the human attack surface.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Deducing the Security Postured from Mapped Attack Surfaces<\/strong><\/p>\n<ul>\n<li>Connecting dots: inferring the security posture of an organization from mapped assets.<\/li>\n<li>Case study: formulate a remediation plan based on the outcome of OSINT activities.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<h6>During this 2-day workshop, participants will delve into the realm of Open-Source Intelligence (OSINT) techniques specifically tailored for mapping cyber-attack surfaces. Through hands-on sessions, attendees will gain practical insights into the tools and techniques essential for comprehensively mapping and analyzing an organization&#8217;s digital footprint, and more.<\/h6>\n","protected":false},"featured_media":14357,"template":"","meta":{"_acf_changed":false},"product_cat":[85,84,86,57,87],"product_tag":[],"class_list":{"0":"post-14329","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-2-day-workshop","7":"product_cat-bkk-2024","8":"product_cat-bkk-2024-workshop","9":"product_cat-in-person","10":"product_cat-workshop-2","12":"first","13":"outofstock","14":"shipping-taxable","15":"purchasable","16":"product-type-simple"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"og:description\" content=\"During this 2-day workshop, participants will delve into the realm of Open-Source Intelligence (OSINT) techniques specifically tailored for mapping cyber-attack surfaces. Through hands-on sessions, attendees will gain practical insights into the tools and techniques essential for comprehensively mapping and analyzing an organization&#039;s digital footprint, and more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-01T05:24:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/\",\"name\":\"Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg\",\"datePublished\":\"2024-05-13T09:50:46+00:00\",\"dateModified\":\"2024-08-01T05:24:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg\",\"width\":1024,\"height\":683,\"caption\":\"Image of smart business people looking at their leader while he explaining something on whiteboard during seminar\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Open-Source Intelligence (OSINT) for Attack Surface Mapping\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/","og_locale":"en_US","og_type":"article","og_title":"Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok","og_description":"During this 2-day workshop, participants will delve into the realm of Open-Source Intelligence (OSINT) techniques specifically tailored for mapping cyber-attack surfaces. Through hands-on sessions, attendees will gain practical insights into the tools and techniques essential for comprehensively mapping and analyzing an organization's digital footprint, and more.","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-08-01T05:24:19+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/","name":"Open-Source Intelligence (OSINT) for Attack Surface Mapping - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg","datePublished":"2024-05-13T09:50:46+00:00","dateModified":"2024-08-01T05:24:19+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg","contentUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-1.jpeg","width":1024,"height":683,"caption":"Image of smart business people looking at their leader while he explaining something on whiteboard during seminar"},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/open-source-intelligence-osint-for-attack-surface-mapping-bkk2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/"},{"@type":"ListItem","position":3,"name":"Open-Source Intelligence (OSINT) for Attack Surface Mapping"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product\/14329"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media\/14357"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=14329"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_cat?post=14329"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_tag?post=14329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}