3 videos 📅 2025-07-03 09:00:00 US/Eastern
4:43:30
2025-07-03 08:58:27
2:40
2025-07-03 13:54:28
1:44:35
2025-07-03 14:05:41

Visit the Open Source Cyber Intelligence - Introduction Training course recordings page 

                WEBVTT

00:00:01.730 --> 00:00:10.660
i'm fighting with it on this end give me a second all right uh i'm not sure if it's going to allow

00:00:10.660 --> 00:00:14.820
it to work the way i need it to but i'm still going to walk through it with you i'm not sure

00:00:14.820 --> 00:00:21.140
what's really going on depending on that uh so at this section we're going to talk about showdown

00:00:21.140 --> 00:00:25.780
right but before we dive in we're going to make sure that this is clear right it's not a it's not

00:00:25.780 --> 00:00:31.540
a tricks class this is more so like a strategic recon class i've had people in the past use this

00:00:31.540 --> 00:00:36.260
information in the wrong way so i try to be a little bit more critical about it these stages

00:00:36.260 --> 00:00:43.780
today so how do we begin right all right so we've already covered google dorking we've already

00:00:43.780 --> 00:00:49.300
covered culture we've already covered the osin tools don't just show systems right so

00:00:50.500 --> 00:00:57.220
now we're going to get into like the actual mechanics of a thing right showdown so it's

00:00:57.220 --> 00:01:00.660
often going to be described as the search engine for devices connected to the internet

00:01:01.220 --> 00:01:08.500
but you already know that you gotta go much deeper than that so we go through the architecture and

00:01:08.500 --> 00:01:14.260
the crawler models right we go through what metadata it collects right such as it'll collect

00:01:14.260 --> 00:01:21.460
banners it'll collect tls certs it collects ports your operations the operating system fingerprints

00:01:21.460 --> 00:01:27.220
your geolocation and a few more other things right and what it doesn't and sometimes what

00:01:27.220 --> 00:01:33.620
it doesn't collect and that's important too you know how that affects evidence so for example let's

00:01:33.620 --> 00:01:40.420
say this example doesn't specifically apply for this one but just in general example let's say

00:01:40.420 --> 00:01:46.900
you have 50 pictures and all of those pictures but one has been scrubbed of its metadata

00:01:46.900 --> 00:01:52.900
it's safe to say that the data that's left on the last final on the last time the image is

00:01:52.900 --> 00:01:57.700
probably going to be tampered with right so that would be something that you would want written in

00:01:57.700 --> 00:02:04.340
your report how the condition that you found the data what that information looks like for you

00:02:04.340 --> 00:02:11.840
and what your conclusion is about one second