2024 SANS OSINT Summit - JoeyTaubert/Cyber-Summits-Conferences-Talks GitHub Wiki

Helicopters of DC

By: Andrew Logan

Government Accountability Office (GAO) - Made a report about what helicopters they fly and where they fly them.

Federal Aviation Administration (FAA) has a SWIM system data feed. They have a LADD (Limiting Aircraft Data) policy.

ICAO is a 6-digit hex code that is the "primary key" to the airplane in the database.

ADSBExchange used to be a good database for helicopter OSINT. ALso can pay for FlightAware, and flightradar24.

Better free option came out:

  • TheAirTraffic
  • ADSB.fi
  • airplanes.live
  • ADSB.lol
  • ADSB.one

OpenSky is a good option for research,

ADSB.im is an image you can use to contribute to the data feed.

No API for historical data.

Federal regulations have an exemption for military and government craft being tracked.

MLAT is a technology flight aggregators use to calculate older transponder codes.

image

The Impact of AI With OSINT

By: Chris Poulter

OSINT Emergent Technologies - Generative AI

Capable of creating new data based on the patterns it has learned from massive amounts of existing data

AI models generate content like text, images, music or video.

LLMs are the hype, but there are other models.

You can prompt ChatGPT to create an intelligence briefing for world events, like Israel Hamas war. You can also using plugins to point it to different sites to scrape from.

It can also be used for Terrain Mapping purposes. "Generate an overpass turbo query that shows the major waterways and land bridges within Malaysia's borders". The resulting query can be put into https://overpass-turbo.eu/

Can also do stuff with Shodan. "write a shodan query URL that finds IOT devices close to 30.94529,121.90515"

DFIR log analysis is a huge advantage that AI can provide us with. We can upload a (sanitized) log file and tell ChatGPT to analyze the log for signs of unusual behavior from a DFIR perspective.

You can also tell ChatGPT to build you a website with certain things in it.

We can also provide ChatGPT with a real-life image of a location, and it will help us find out where it might be taken.

You can also use ChatGPT to write a facebook comment you can inject client-side and take a screenshot.

Maximizing Social Media Data Extraction

By: Megan Munoz

If creating intel report for yourself, its ok to miss some metadata.

However, if you need to be very thorough, should be downloaded in a certain way. Want to get in and get out. Don't want to be clicking around on people's pages and going down rabbit holes.

Should use a sock puppet account, never use your own.

Should use other equipment that will not leave a trace to you. Separate SIM cards/cell phones.

Collect as much as possible at the first point of discovery. Don't forget about family members, associates, business affiliations, etc.

Create an audit trail.

Collect > THEN LOOK

If collecting for court, data must be collected lawfully. Needs to be organized, technical, and complete (metadata must be in tact). Chain of custody should be maintained.

Timestamps should be visible, comments and likes should be captured. Download original photo for metadata. Copy the URL, data is usually in URL. Capture username/UID.

When it comes to metadata and hashing, handling changes based on the context of investigation.

Metadata is the time stamps, device, authorship, location, size, and more, associated with a file.

Right click image, look at "properties". Also can use and EXIF viewer.

You can also use looks like mattw.io or citizenevidence.amnestyusa.org to get metadata on a YouTube video. Can also use still images of the video to do reverse image searches or for face lookups. FaceCheck.ID is one.

Hash values are important for images to verify that it has not been changed.

SingleFile - Good utility for saving a webpage as a single file. It can also download multiple tabs at once.

Video Downloading tools - Storesdown, fdown.net, Greenshot. Can grab a story without them knowing you viewed it.

Export social media comments with Export Comments

From the Public Archive to the Wayback Machine

By: Stephen Silver

Archive sites exist. They are useful, however, a lot of stuff has not been digitized. Get off your butt and go to a physical archive.

  • ArchiveGrid
  • Archives Hub (UK)
  • WorldCat
  • National Archives
  • Library of Congress

Also lots of databases/University Public Libraries. A lot of times, you can show up at a university library as an independent researcher and ask for your options. However, public libraries can be very useful.

Useful databases:

  • EBSCO
  • ProQuest
  • Gale
  • NewsBank
  • JSTOR
  • Hathi Trust
  • Sci-Hub
  • Google Scholar
  • Google Newspapers
  • Newspapers.com
  • Ancestry/other gemological resources

Saving and Archiving:

  • Wget + ExifTool
  • HTTrack
  • SingleFile Extension
  • Forensic OSINT tool
  • Hunchly
  • Wayback Machine Downloader + DocFeather

Managing and Sorting:

  • Free OCR Tools: Google and SimpleOCR
  • Paid: ABBYY Finereader and Adobe
  • Tropy
  • Zotero

Copyright Takedown Requests:

  • Lumen Database
  • Google Transparency Report

Stunt OSINT: AI and Content Networking Display

By: Michael James

Positives of using ChatGPT for OSINT:

  • Vast knowledge set
  • Efficiency in Data Processing
  • Pattern Recognition
  • Languages Processing Capabilities
  • Automated Question ANswering

NEgatives of using ChatGPT:

  • Data currency limitations
  • Lack of Access to Restricted sources
  • Potential for inaccuracies
  • Limited Visual Data Analysis
  • Slow to learn for specific tasks
  • Ethical and Privacy concerns

Prework matters:

  • What is the goal of the research?
  • Which OSINT tools and AI technologies are most appropriate?
  • What measures will I take to protect the opsec of my research?
  • How will I safeguard sensitive info from exposure?
  • How will I manage and store the data collected to ensure privacy?

Using ChatGPT to help develop Python scripts, and to help understand a Python script.

ChatGPT is also super helpful for generating Regex expressions.

Running open source LLMs reduces the cost, and we don't need to hit OpenAI with all of our requests.

  • LM Studio

AutoGen is a product by Microsoft that is CLI-driven. It basically creates a group chat of AI agents, where each agent has a discrete task.

  • This plays on the idea that ChatGPT is extremely good at linear tasks

AutoGen Studio is a GUI for AutoGen. Allows you to build specific pipelines/agents/skills to solve a task. Can run locally.

ShellGPT can take advantage of the ChatGPT API key you have to create bash commands/scripts. It can even run the code for you.