This document discusses the challenges security researchers face when conducting open-source intelligence (OSINT) research anonymously. It outlines anonymity challenges like security policies prohibiting VPNs and TOR, and a lack of funds for secure anonymous channels. It also discusses challenges obtaining valid information from large datasets and sharing intelligence due to policy differences. The document recommends tools for anonymous OSINT like Whonix and Tails virtual machines, and describes sources like search engines, social media, paste sites and intelligence reports. It emphasizes practicing intelligence in depth using multiple sources.
How to Use Open Source Intelligence (OSINT) in Investigations
Similar a TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
Similar a TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber (20)
IAC 2024 - IA Fast Track to Search Focused AI Solutions
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT by Christopher Barber
1.
2. “White Hat Anonymity”: Current challenges
security researchers face preforming
actionable OSINT
Christopher R. Barber, CISSP, C|EHv7
Threat Analyst
Solutionary Inc.
Security Engineering Research Team (SERT)
3. Introduction
• Member of Solutionary’s Security Engineering Research Team
(SERT) specializing in threat intelligence and analysis
• Research and discovery of emerging threats and
vulnerabilities
• Use of Open-Source Intelligence Techniques(OSINT) for
tracking threat actor activities
• Analysis of threat landscape trends monthly
and high level analysis annually
6. Anonymity Challenges
• Security policy prohibits the use of 3rd party VPN
providers and access to TOR network
• Lack of funds, resources and personnel for the
development of secure anonymous channels.
7. Source Information Challenges
• Large volumes of information from a diverse
collection of sources
• Being able to discern between valid
information and injected disinformation
• Personnel and Resources
8. Intelligence Sharing Challenges
• Conflicts between organizations due to
differences in security policies
• Lack of security from collaborating
organization leads to pivot point for
compromise
9. Establishing Anonymity
• Having an unknown or unacknowledged name
• Having an unknown or withheld authorship or agency
• Having no distinctive character or recognition factor
• Being able to gather information in a manner that does not
reveal your personal, professional, or organizations identity
10. Digital Paper Trail: The bread crumbs left as we
traverse the cyber domain.
• IP Address
• User Agent
• Cookies
• Behavioral habits
16. Open-Source Intelligence
• Collection and analysis of information
gathered from publicly available
sources
• Sources involve any form of electronic
or printed material available in the
public domain
• Intelligence is obtained through the
statistical analysis of the occurrence
and relationships between pieces of
information
17. Tools and Techniques for OSINT
• Collection Tools
• Search Engines
• Social Media
• Intelligence sources
33. Intelligence Assimilation and Sharing
Applications
• Structure Threat Information
eXpression (STIX)
• Trusted Automated eXchange of
Indicator Information (TAXII)
• Common Attack Pattern
Enumeration and Classification
(CAPEC)
34. Intelligence in Depth
• Intelligence research and analysis
should be practiced with the idea of
“defense in depth”.
• Validity and actionable predictions
can only be made with the collective
analysis of multiple sources.
35. Solutionary’s 2013 Global Threat
Intelligence Report
http://go.solutionary.com/GTIR.html
Solutionary Minds Blog
http://www.solutionary.com/resourcecenter/blog/