Open-source technologies (OSINT) and Social Media Intelligence (SOCMINT) are becoming increasingly popular with investigative and government agencies, intelligence services, media companies, and corporations. These OSINT and SOCMINT technologies use sophisticated techniques and special tools to efficiently analyze the continually growing sources of information. There is a great need for training and further education in the OSINT field worldwide. This report describes the importance of open source or social media intelligence for evaluating disaster management. It also gives an overview of the government work in Australia, Haiti, and Japan for disaster management using various OSINT tools and platforms. Thus, decision support for using OSINT and SOCMINT tools is given, and the necessary training needs for investigators can be better estimated.
Open-source intelligence is gaining popularity due to the rapid development of social networks. There is more and more information in the public domain. One of the most popular social networks is Twitter. It was chosen to analyze the dependence of changes in the number of likes, reposts, quotes and retweets on the aggressiveness of the post text for a separate profile, as this information can be important not only for the owner of the channel in the social network, but also for other studies that in some way influence user accounts and their behavior in the social network. Furthermore, this work includes a detailed analysis and evaluation of the Tweety library capabilities and situations in which it can be effectively applied. Lastly, this work includes the creation and description of a compiled neural network whose purpose is to predict changes in the number of likes, reposts, quotes, and retweets from the aggressiveness of the post text for a separate profile.
This paper presents a practical Open Source Intelligence (OSINT) use case for user similarity measurements with the use of open profile data from the Reddit social network. This PoC work combines the open data from Reddit and the part of the state-of-the-art BERT model. Using the PRAW Python library, the project fetches comments and posts of users. Then these texts are converted into a feature vector - representation of all user posts and comments. The main idea here is to create a comparable user's pair similarity score based on their comments and posts. For example, if we fix one user and calculate scores of all mutual pairs with other users, we will produce a total order on the set of all mutual pairs with that user. This total order can be described as a degree of written similarity with this chosen user. A set of "similar" users for one particular user can be used to recommend to the user interesting for him people. The similarity score also has a "transitive property": if $user_1$ is "similar" to $user_2$ and $user_2$ is similar to $user_3$ then inner properties of our model guarantees that $user_1$ and $user_3$ are pretty "similar" too. In this way, this score can be used to cluster a set of users into sets of "similar" users. It could be used in some recommendation algorithms or tune already existing algorithms to consider a cluster's peculiarities. Also, we can extend our model and calculate feature vectors for subreddits. In that way, we can find similar to the user's subreddits and recommend them to him.
Open Source Intelligence (OSINT) has come a long way, and it is still developing ideas, and lots of investigations are yet to happen in the near future. The main essential requirement for all the OSINT investigations is the information that is valuable data from a good source. This paper discusses various tools and methodologies related to Facebook data collection and analyzes part of the collected data. At the end of the paper, the reader will get a deep and clear insight into the available techniques, tools, and descriptions about tools that are present to scrape the data out of the Facebook platform and the types of investigations and analyses that the gathered data can do.
Open-source technologies (OSINT) are becoming increasingly popular with investigative and government agencies, intelligence services, media companies, and corporations. These OSINT technologies use sophisticated techniques and special tools to analyze the continually growing sources of information efficiently. There is a great need for professional training and further education in this field worldwide. After having already presented the overall structure of a professional training concept in this field in a previous paper [25], this series of articles offers individual further training modules for the worldwide standard state-of-the-art OSINT tools. The modules presented here are suitable for a professional training program and an OSINT course in a bachelor’s or master’s computer science or cybersecurity study at a university. In this part 1 of a series of 4 articles, the OSINT tool RiskIQ PassivTotal [26] is introduced, and its application possibilities are explained using concrete examples. In part 2 the OSINT tool Censys is explained [27]. Part 3 deals with Maltego [28] and Part 4 compares the 3 different tools of Part 1-3 [29].
Open-source technologies (OSINT) are becoming increasingly popular with investigative and government agencies, intelligence services, media companies, and corporations. These OSINT technologies use sophisticated techniques and special tools to analyze the continually growing sources of information efficiently. There is a great need for professional training and further education in this field worldwide. After having already presented the overall structure of a professional training concept in this field in a previous paper [25], this series of articles offers individual further training modules for the worldwide standard state-of-the-art OSINT tools. The modules presented here are suitable for a professional training program and an OSINT course in a bachelor’s or master’s computer science or cybersecurity study at a university. In part 1 of a series of 4 articles, the OSINT tool RiskIQ PassivTotal [26] is introduced, and its application possibilities are explained using concrete examples. In this part 2 the OSINT tool Censys is explained [27]. Part 3 deals with Maltego [28] and Part 4 compares the 3 different tools of Part 1-3 [29].
Open-source technologies (OSINT) are becoming increasingly popular with investigative and government agencies, intelligence services, media companies, and corporations [22]. These OSINT technologies use sophisticated techniques and special tools to analyze the continually growing sources of information efficiently [17]. There is a great need for professional training and further education in this field worldwide. After having already presented the overall structure of a professional training concept in this field in a previous paper [25], this series of articles offers individual further training modules for the worldwide standard state-of-the-art OSINT tools. The modules presented here are suitable for a professional training program and an OSINT course in a bachelor’s or master’s computer science or cybersecurity study at a university. In part 1 of a series of 4 articles, the OSINT tool RiskIQ Passiv-Total [26] is introduced, and its application possibilities are explained using concrete examples. In part 2 the OSINT tool Censys is explained [27]. This part 3 deals with Maltego [28] and Part 4 compares the 3 different tools of Part 1-3 [29].
Industrial control systems are essential for producing goods, electricity generation, infrastructure maintenance, and the transport of energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased inter-connectivity of formerly isolated ICS process environments and standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged. However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. Therefore, it is necessary to combine IT security has accumulated knowledge and experience with the classic Safety-First-mentality of ICS/SCADA environments to avoid significant problems in the foreseeable future. The new course was created for precisely this purpose. The investigation of the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide. The first part of the Red Team side exercise deals specifically with finding and exploiting security vulnerabilities. Red Teaming refers to an independent group that acts as a counterpart to an organization to improve its operational effectiveness and enhance its security. It is the declared goal of the Red Team to detect security vulnerabilities. This work is intended to convey this interfacing knowledge; in the practical exercises for Red Teaming, these hybrid infrastructures and systems’ weak points are identified and exploited. Students will participate in numerous hands-on exercises throughout the course using the tools and techniques that form the basis for attacks on infrastructure, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Red Team Tools <list list-type="bullet"> <list-item>Nmap</list-item> <list-item>Maltego</list-item> <list-item>Shodan</list-item> <list-item>Google hacking</list-item> <list-item>The Harvester</list-item> <list-item>Wireshark</list-item> <list-item>GrassMarlin</list-item> <list-item>Metasploit Framework (MSF)</list-item> <list-item>John the Ripper</list-item> </list>Exercise 1 - Open Source Intelligence (OSINT) <list list-type="bullet"> <list-item>Gathering information with Maltego</list-item> <list-item>Find Remote Access with Google and Shodan</list-item> </list>Exercise 2 - Analysis of network recordings <list list-type="bullet"> <list-item>Analysis of ICS network recordings with Wireshark</list-item> <list-item>Analysis of ICS network recordings with GrassMarlin</list-item> </list>
Industrial control systems are essential for producing goods, generating electricity, maintaining infrastructure, and transporting energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased interconnectivity of formerly isolated ICS process environments and the use of standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged.However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. It is, therefore, necessary to combine the accumulated knowledge and experience of IT security with the classic Safety-First-mentality of ICS/SCADA-environments in order to avoid significant problems in the foreseeable future.The new course was created for precisely this purpose. The approach of investigating the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide.This second part of the exercises describes the Blue Team action in case of an attack and beyond.As opposed to Red Teaming, Blue Teaming is an independent group that develops defenses against Red Team activities to improve an organization’s effectiveness and security and tests and improves them during a Red Team attack.The present work aims to impart the interfacing knowledge; in the practical exercises of Blue Teaming, weaknesses of these hybrid infrastructures and systems are identified, and decisions are discussed on how to counteract possible attacks or even prevent them in advance. Throughout the course, students will participate in numerous practical exercises using the tools and techniques that form the basis of decision-making to prevent attacks on infrastructures, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Blue Team Tools <list list-type="bullet"> <list-item>VirusTotal</list-item> <list-item>Dynamic malware analysis with any.run</list-item> <list-item>Checksum generation with Linux commands</list-item> </list>Incident-Response Complex exercise: Part 1 <list list-type="bullet"> <list-item>Preparation</list-item> <list-item>Detection & Analyses</list-item> <list-item>Containment</list-item> </list>Incident-Response Complex exercise: Part 2 <list list-type="bullet"> <list-item>Eradication</list-item> <list-item>Recovery</list-item> <list-item>Post Incident Activity</list-item> </list>
A large amount of personal and very incriminating data is currently stored on websites, apps and social media platforms. Users often update these data daily, and this data is open source. This information can become evidence for citizens, governments, and businesses to use in solving real financial, employment, and crime problems with the help of a professional information collector. To respond to this new situation, it is important to have well-trained staff. The fact that many authorities and companies work with very sensitive data makes it necessary to train their employees in Open Source Intelligence (OSINT). Motivated by these facts, a practical training concept is developed that enables the creation of practical exercises. The focus is on the practical implementation of OSINT tools and methods. In the new course, participants learn legitimate and effective ways to find, collect, and analyze this data from the Internet. We have developed an introductory course for a Master level program in Open Source Intelligence (OSINT). Students learn up-to-date, hands-on skills, techniques, and tools that law enforcement, private detectives, cyber attackers, and defenders use to search the vast amount of information on the Internet, analyze the results, and build on interesting data to find other areas for investigation. Our goal is to provide the OSINT knowledge base for students to succeed in their field, whether they are cyber defenders, threat intelligence analysts, private detectives, insurance inspectors, intelligence analysts, law enforcement, or just someone curious about OSINT. Throughout the course that consists of 11 exercises, students will participate in numerous hands-on exercises using the OSINT tools and techniques that form the basis for collecting free data from the Internet.