Training: OSINT: Find dangerous information, identify your own attack surface & protect the company
Many companies do not know what information about themselves is freely available on the Internet, which of it is dangerous and which is not, how attackers can link it, and what risky knowledge adversaries can gain from it about their targets. But if you don’t know what information you – consciously or unconsciously – disclose, how it can be identified and used for attacks, then how can you protect yourself? In this training, participants will learn the basics of information gathering (also known as OSINT – Open Source Intelligence) so that they can then use it to uncover such information about their own company, minimize its disclosure, and thus protect the company. Gathering information about network, systems, hardware, software, company geography, legal structure, personnel, social media, business relationships and many more will be covered in this training.
What should participants learn in the training?
Participants will learn what information attackers can obtain, how it is collected, how it is linked, how it can be analyzed, and which insights and attack strategies can be derived. Information classification theory, the intelligence and OSINT process, tools, data storage and analysis, data avoidance, derivable attack strategies, countermeasures and more will be covered.
What are the contents?
Topics covered include the following:
- Types of information collectable by attackers
- Information about IT systems (hardware and software)
- Identification of attack surfaces
- Integration of the OSINT process into attack chains
- The Intelligence and OSINT Cycle (process model)
- Automation and tools
- Geo information
- Information on personnel/human resources
- Profiling
- Legal structures and what can be derived from them
- Data business relationships
- Derivable attack strategies
- Password leaks and dumps
- What data can be avoided
What is the target audience (prior knowledge etc.)?
IT staff, IT security staff, data protection and privacy officers, security managers, other interested parties.
How long does the training take?
Duration: 2 days