SANS OSINT Summit 2022

Organised by SANS, 7 April 2022

Finally one of the few SANS Summit that caters to non-US time! Reason being, the summit ran for 12 hours straight so it cuts across different time zones.

Agenda: https://sansorg.egnyte.com/dl/ibuj9m90H4

A list of speakers from around the world spoke on OSINT techniques, workflow, used cases, tools etc. Many are from the well-known OSINT community named OSINT Curious.

As this is OSINT-related, it's a given that the information is open-source. Relying on online databases and tools, one is able to track and pivot from a piece of information. Most talk about human trafficking and child abuse with some on financial crimes. Using OSINT is a testament to one's online detective skills.

One talk I enjoyed was 'Lessons Learns from Ten Years of OSINT Automation' by Steve Micallef, the author of SpiderFoot. As there are thousands of data points, to manually collect this data is a waste of time and resources. Automation is the key to data collection to allow analysts perform their core work - Analyse. With an unbiased human to provide context and consider the quality of data, there is a higher chance value is being derived from OSINT.

Another talk is 'Dark Web, The Other Side' by Chris Poulter from OSINT Combine. Chris covered an overview of the dark net, how TOR network works and how attribution happens. The second part covers how one can search, scrape and automate data from the dark web. There's also a couple of resources provided to build your own scraping tool.

A graphical summary of all the talks can be found at https://www.sans.org/blog/visual-summary-sans-osint-summit-2022/. Really innovative and clear way to capture information on the go!

An attendee has collated a list of links shared at the summit as SANS Slack channels are always deleted after the event. The links are grouped by talks. https://start.me/p/1kBrw9/sans-osint-2022