This is a talk where I introduce a resource to help you make decisions about what tools, sites, or techniques to use next time you use OSINT.
I'll also talk about my approach to OSINT, and provide some generalized recommendations based on my experience.
- A tester at BHIS
- mostly red team and adversary sim experience
- client-facing tester since 2013
- previously Optiv, Hurricane Labs
- OSINT Enjoyer
- Have used OSINT during offensive engagements over the years out of necessity
- Also do OSINT for "fun" (data hoarding)
- this talk contains opinions, biases, assumptions, and YMMV
- there are infinite OSINT use cases, and I can't cover them all