9:00 am - 9:15 am
ET
2:00 pm - 2:15 pm UTC | Opening Remarks |
9:15 am - 10:00 am
ET
2:15 pm - 3:00 pm UTC | In Person Sessions The Power of OSINT: Navigating the New Hybrid Cold War The world is facing a New Cold War, where geopolitical, cyber, and physical threats converge to create unprecedented challenges for global security, business interests, and human rights. Open-source intelligence (OSINT) has become an essential cornerstone of strategic, operational, and tactical decision-making for corporations, NGOs, academic institutions, and government agencies alike. In this keynote session, Andrew Borene, Executive Director at Flashpoint and a seasoned security leader, will highlight emerging trends in national and alliance strategies, with examples from key geopolitical hotspots. He explores how OSINT practitioners of all types are helping the free world stay ahead of multifaceted threats affecting societal resilience and cybersecurity. He addresses emerging trends in contemporary national-level and alliance strategies, with examples spanning geopolitical hotspots from Ukraine to Taiwan and across commercial industries at the forefront of technological advancement. This session will also delve into the untapped opportunities OSINT offers for combating misinformation, supporting informed policy decisions, and fostering a culture of critical thinking. Join this deep dive to understand OSINT’s expanding role in the New Hybrid Cold War and discover how you can contribute to strengthening global security. Whether you are guiding top policymakers or mastering analytical techniques to uncover the ground truth, this presentation will illuminate the pivotal role you can play.
Show More
|
10:00 am - 10:15 am
ET
3:00 pm - 3:15 pm UTC | Break |
10:15 am - 10:50 am
ET
3:15 pm - 3:50 pm UTC | In Person Sessions Finding Threat Actor Infrastructure With SSL Certificates The presentation will focus on practical tips and case studies. Attendees of all skill levels will understand how to use new tools and techniques to help them with their work. Some topics are basic, some are more advanced.
Each tip/tool in the talk will focus on a recent real-world use case and accessible tooling. Most of the examples will relate to cyber crime or hostile nation state info ops (nothing sensitive or critical will be covered).
The talk will cover:
- SSL certificates 101 (briefly)
- How to attribute infrastructure with SSL certificates
- Finding hidden infrastructure with crt.sh
- Using sslyze to verify and find infrastructure behind Cloudflare
- Needle in a haystack: using Zgrab2 to find SSL certificates and hidden infrastructure across the whole web.
Show More
|
10:15 am - 10:50 am
ET
3:15 pm - 3:50 pm UTC | Virtual Sessions Hidden in Plain Sight: Leverage Commented Code and Web Metadata for Website Research This presentation explores how commented code and various forms of metadata, such as image names, <meta> tags, and robots.txt files, embedded within a webpage’s source code, can serve as valuable resources for digital investigators. I will introduce a free browser add-on that automatically collects this hidden information, streamlining the investigative process. While this technique is essential for any web investigation, it is particularly effective when analyzing corporate websites in China and archived versions on the Wayback Machine. This is due to the use of older web technologies, less rigorous development practices, and inconsistencies generated by bilingual website management, making these sites potentially rich in overlooked data.
Show More
|
10:55 am - 11:30 am
ET
3:55 pm - 4:30 pm UTC | In Person Sessions Data Processing Cheat Codes for OSINT at Scale Data collection operations are dynamic and difficult, as sources and pivots through those sources are constantly changing. Achieving the greatest return on investment (ROI) of this data is critical for producing intelligence from OSINT. OSINT is hard to scale for a variety of reasons, as there isn't a standard schema, which is further exacerbated by the folks who gather the required data, as they aren't always data science-oriented individuals. Additionally, there is a lot of cross-domain expertise needed to turn an OSINT requirement into an analysis product. One such choke point is the Processing and Evaluation phase of the Intelligence Cycle referenced in DoD Joint Publication 2-0, Joint Intelligence. Factors that complicate this phase include data scale, diversity, and consistent processing methodology. This presentation suggests some methods and techniques to overcome some of the processing hurdles, from both a tactical and strategic data processing level.
Show More
|
10:55 am - 11:30 am
ET
3:55 pm - 4:30 pm UTC | Virtual Sessions Investigating Fentanyl Supply Chains: An OSINT Analysis of Chinese Biotechnology Companies Rae Baker, Senior Open Source Intelligence Analyst The illicit flow of fentanyl and its chemical precursors from Chinese biotechnology companies to the U.S. has escalated into a critical national security threat. Leveraging OSINT, this research investigates patterns of sales and distribution between these companies, Mexico, and the U.S. market. By analyzing public records, corporate filings, and digital footprints across platforms, this study maps the supply chain, identifies key actors, and highlights the evolving tactics used by these entities to evade detection. This investigation not only sheds light on the methods used to smuggle precursors but also offers actionable insights for disrupting the flow of synthetic opioids into the United States. The findings provide intelligence analysts and law enforcement agencies with a clearer understanding of the challenges posed by the global trade in fentanyl precursors and key patterns that can be used to identify the actors involved.
Show More
|
11:35 am - 12:10 pm
ET
4:35 pm - 5:10 pm UTC | In Person Sessions |
11:35 am - 12:10 pm
ET
4:35 pm - 5:10 pm UTC | Virtual Sessions Chinese Social Media Intelligence The thing which sets SOCMINT (Social Media Intelligence) apart from other sub-domains of OSINT is its diversity of options. Each terrain brings with it its regional social media platforms which are usually preferred by its local populace, keeping aside those which are used globally. It becomes even more complex when your investigation covers a country where there exists an almost negligible freedom of speech, such as China and North Korea. As these nations often boycott western platforms, it forces the investigators to put more efforts into digging deep via other regional sources. Hence, our presentation will be encompassing these pivotal topics to better harness the power of internet when researching on China:
1. Tiktok Vs. Douyin (what to expect on both platforms, which one is more uncensored comparatively, what sort of intelligence is easily available on these platforms)
2. Bilibili (a go-to platform for vloggers - within and outside China)
3. Baidu services (its biases and possible information you can get out of it)
4. How a visually appealing image is created of a nation to tranquilize the citizens by cutting them off from the outside world
5. Use cases: a bunch of investigative pieces which used Chinese social media platforms to prove their point
6. How to be effective in your research and instantly transcribe/translate Chinese using certain tools
Show More
|
12:15 pm - 1:30 pm
ET
5:15 pm - 6:30 pm UTC | Lunch |
1:30 pm - 4:20 pm
ET
6:30 pm - 9:20 pm UTC | Skull Games CtF Skull Games CtF Open to In Person and Virtual Attendees
Show More
|
1:30 pm - 2:05 pm
ET
6:30 pm - 7:05 pm UTC | Virtual Sessions Beyond Google Lens: How Real Estate Sites Can Assist Geolocation Efforts This talk will explore practical tips for enhancing your geolocation skills based on interior and exterior photos, social media content, and other clues. We’ll examine various real estate websites and mapping tools available in the US and Canada and cover their strengths and weaknesses. Additionally, we’ll walk through a fictional investigation inspired by real events, showcasing how to locate an address using real estate data. We will also address ethical considerations surrounding geolocation and how to protect against adversarial efforts. Finally, we’ll explore potential workflow enhancements through automation, data scraping, and AI. By the end of the session, participants will be equipped to streamline their geolocation processes and assist others in safeguarding against them.
Show More
|
2:10 pm - 2:45 pm
ET
7:10 pm - 7:45 pm UTC | Virtual Sessions OSINT and Network Security: Navigating the Balance Between Public Information and Internal Threat Protection At the intermediate level, this session will discuss the strategic importance of OSINT in enhancing network security in balance with how to guard internal information. This talk will give you some tips to use OSINT to accurately detect the external threats, track the attack vectors and identify the network vulnerabilities. We will also provide examples from recent headlines to illustrate how companies can incorporate OSINT in their security strategies, and thus improve the detection and response capabilities of threat response. The session will end with practical strategies for how attendees can balance the collection and use of public data with considerations related to privacy and ethics, as well as avoid letting their broadly sensitive internal networks be exposed. What you will learn is: – Hit the balance to strengthen internal security defenses by optimizing OSINT,– Tap into monitoring public data using tools and guidance for compliance with privacy regulations whilst utilizing OSINT for safeguarding networks.
Show More
|
2:45 pm - 3:05 pm
ET
7:45 pm - 8:05 pm UTC | Break |
3:05 pm - 3:40 pm
ET
8:05 pm - 8:40 pm UTC | Virtual Sessions Mastering Email OSINT: Techniques for Uncovering Online Footprints This presentation will explore email addresses as the ultimate OSINT datapoint, covering reverse email address searches, finding a subject’s emails, types of information that can be gathered using an email address (such as social media profiles, monikers, domains, and more), and the Gaia ID and how to find it. Additionally, it will feature a success story from an international fraud investigation where I guessed the main suspect’s email, confirmed it, located their Google Contributor account, and traced their location. The presentation will also include exclusive tips on setting up a virtual sockpuppet environment and using it to add your subject’s email as a contact, which can help in identifying their online profiles.
Show More
|
4:25 pm - 4:30 pm
ET
9:25 pm - 9:30 pm UTC | Wrap-Up |
5:30 pm - 8:00 pm
ET
10:30 pm - 1:00 am UTC | Summit Night Out - In Person Only |