The vast majority of cyberattacks don’t start with zero-days - they start with data. And most of that data is already public.
This workshop focuses on how attackers and red teamers operationalize open-source intelligence (OSINT) to gain an initial foothold in target environments. From unprotected services indexed by internet-wide scanners to leaked credentials buried in old GitHub commits, we’ll walk step-by-step through how a modern adversary builds a complete picture of a target - and turns that picture into a pathway to compromise.
Participants will learn to use advanced search platforms such as Shodan, Censys, ZoomEye, Netlas, and GreyNoise to enumerate exposed systems, discover forgotten cloud assets, fingerprint technologies, and identify misconfigurations across global infrastructure. These platforms will be cross-referenced for deeper visibility and fingerprint validation.
Next, we’ll pivot into targeted data mining - hunting for breached credentials, mining document metadata, scraping LinkedIn/GitHub for developer footprints, and leveraging forgotten S3 buckets, unindexed APIs, and DNS leaks to expand the attack surface.
The second half of the workshop focuses on weaponization. You’ll take the intelligence gathered and craft:
• Spear-phishing payloads built around real personas, organizational structure, and internal language
• Infrastructure impersonation attacks using cloned login portals, domains, and social engineering lures
• Initial access simulation, where OSINT is used to move from information → impersonation → access
We’ll also explore (optionally) how AI tooling can support phishing automation, script generation, and voice cloning in vishing scenarios - showing how generative techniques can scale low-effort but high-impact campaigns.
Finally, we’ll wrap up with counter-OSINT techniques - how organizations can reduce public exposure, limit leakage from employees and code repos, and track adversarial OSINT collection patterns.
This is not a recon primer - it’s a full-spectrum adversarial simulation lab, where open data becomes offensive opportunity.
Key Learning Outcomes:
By the end of this session, participants will:
• Build OSINT-driven recon workflows using multiple internet-wide search engines
• Correlate infrastructure findings with real-world exposure
• Identify exploitable attack surfaces using public leaks, repo secrets, metadata, and misconfigs
• Craft phishing pretexts, payloads, and domains based on organizational intelligence
• Simulate adversary access strategies from nothing but public data