Level UP OSINT

Dive into the dynamic world of Open Source Intelligence (OSINT) with this quick workshop designed to give you a taste of practical online investigations and threat hunting. Led by a seasoned professional, this immersive session offers a condensed yet impactful introduction to essential OSINT techniques that you can use in your red teaming engagements.

Experience the power of hands-on learning as you engage in live demonstrations, exploring key concepts such as operational security (OpSec), advanced search engine queries, username and phone number lookups, social media reconnaissance, breached records analysis, network reconnaissance, historical records, and essential documentation, all within the span of this engaging workshop. Through interactive exercises and guided discussions, participants will gain a glimpse into the world of OSINT.

Who’s it for?

This training is suited for all individuals in any field with a keen interest in online investigations regardless of their experience level in OSINT

Hacker Honeytraps: 6 Simple Techniques To Waste A Hacker’s Time With Quicker Detection

In the world of DevSecOps, it's not enough to simply secure your applications and systems against known vulnerabilities. As cybercriminals become more sophisticated, taking additional steps is important to make it more difficult and expensive for them to breach your defenses. Obfuscation techniques can be a powerful tool in this fight, costing hackers valuable time, resources, and money.

In this talk, we'll explore some simple obfuscation techniques that can be used to make life harder for hackers. We'll cover simple to advanced techniques like hiding the login page, redirecting hackers to honeypots, using fake data that triggers canaries, preventing email scraping, feeding fake emails to scanning tools, using dummy DNS entries, and using fake comments in code to mislead attackers about vulnerabilities that do not exist. We'll also discuss strategies for obscuring code and purposely leaking API keys to create distractions and dead ends for attackers.

Whether you're a developer, security professional, or DevOps practitioner, this introduction will provide valuable insights into how you can use deceptive tactics to make your applications more secure and resilient against cyber attacks and reducing the mean time for detecting threats. Join me and learn how to make life harder for hackers!

Vishing Reinvented: Attacks and Defense Strategies against AI powered Voice Cloning

Have you heard about the latest social engineering threats that use voice cloning? They are becoming quite alarming as they trick people into falling for scams and fraudulent activities.

In this presentation, I'll demo with some funny yet alarming examples of how easy it is to execute these seemingly sophisticated attacks and gain access to sensitive information. The goal is to shed light on the problem and offer effective solutions to protect against these threats.

But don't worry, you won't be left empty-handed. I'll outline some strategies to defend against these AI-based attacks. This includes using AI-powered defensive solutions, advanced behavioral analysis, and educating users about the risks. I'll also share some basic tips that everyone can use to stay safe.

This talk aims to raise awareness and give you practical knowledge to fight back against these evolving cybersecurity threats. By the end of the talk, you'll be better equipped to protect yourself and your organization from these menaces.

The Cyber Imposter: Conquering Imposter Syndrome

Imposter syndrome is a common experience for many individuals pursuing cybersecurity careers, particularly in the early stages. In this talk, we will explore the causes of imposter syndrome and its impact on personal and professional growth. We will also discuss strategies to overcome imposter syndrome, including developing self-worth, managing self-doubt, and building confidence through experience. Additionally, we will address the potential pitfalls of overconfidence and the importance of finding a balance in one's approach to their work. Finally, we will discuss how to navigate gatekeepers and other barriers to entry in the cybersecurity industry and offer insights on how to create a more inclusive and supportive community. By the end of this talk, attendees will have a greater understanding of imposter syndrome and concrete steps to manage it while pursuing their cybersecurity careers.

Protecting Your Code from Privacy Leaks

In the world of programming, functionality often takes precedence over security and privacy considerations. However, unintentional information leakage can have significant consequences when viewed from the perspective of hackers and investigators. In this talk, I present practical insights and best coding practices to safeguard privacy and minimize information leakage. We explore real-life examples of information leakage in public code, GitHub repositories, and compiled software using digital forensics. Discover how seemingly insignificant details can unveil a wealth of unintended information, uncovering leaks, scrapes, breaches, and identifying threat actors. We will discuss the integration of open-source intelligence practices to extract valuable insights. Moreover, we will delve into best coding practices and policies prioritizing privacy, empowering programmers to safeguard sensitive data and understand privacy risks in coding.

Let's foster a culture of privacy-aware coding to protect individuals and organizations from potential privacy breaches.

With Great OSINT Comes Extreme OpSec

We've all heard hacker stories on how they get caught, usually a lapse in covering their tracks (OpSec). Doing recon as Ethical Hackers and OSINT investigators, we need to pay special attention to OpSec as we risk exposure to our targets, clients, or adversaries. You've probably heard stories of ethical hackers getting in trouble with clients or the law for responsible disclosure. For investigators, this could be a matter of safety for their families. In this talk, I'll review the top OpSec techniques you should incorporate before starting any gig. Multiple layers of privacy will ensure your tracks are covered even if a few get breached and will help you sleep better at night.

Sleep better at night, knowing the bad guys can't see your digital breadcrumbs. Discover the art of Extreme OpSec; covering your tracks so you're not leaving a trail for the adversaries. You'll see how I leverage various tools and a layered security and privacy model. I'll guide you through my workflows, help you better understand the time investment and limitations, and walk away with a holistic self-threat assessment.