Joe Gray joined the U.S. Navy directly out of high school and served for seven years as a submarine navigation electronics technician. He is currently a senior OSINT specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe has contributed material for the likes of Tripwire, AlienVault, ITSPmagazine, CSO Online, Forbes, and Dark Reading, as well as his own platforms. He is the author of a few OSINT tools, such as WikiLeaker and the forthcoming tools Decepticon and Intercepticon.
A Decepticon and Autobot Walk Into a Bar: A *New* Python Tool for Enhanced OPSEC
When we see the terms "Natural Language Processing" (NLP) or "Machine Learning" (ML), often our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, Joe has found a use for NLP and ML that is 100 percent FUD-free in the form of a brand new Python-based tool.
In this presentation, Joe addresses topics that he has frequently spoken about in past years: disinformation, deception, OSINT, and OPSEC. When working through learning NLP and ML in Python, it dawned on him: marry these technologies with Decepticon for good. Enter the Decepticon bot.
The Decepticon bot is a python-based tool that connects to social media via APIs to read posts/tweets to determine patterns of posting intervals and content, then takes over to autonomously post for the user. What is the application, you ask? People who are trying to enhance their OPSEC and abandon social media accounts that have been targeted without setting off alarms to their adversaries. Use case scenarios include public figures, executives, and, most importantly, domestic violence and trafficking victims.
In this six-hour Open Source Intelligence (OSINT) workshop, taught by a passionate social engineer and DerbyCon black badge recipient with a proven OSINT track record, you will obtain a fundamental understanding of OSINT. The legal and ethical considerations of collection and destruction of OSINT data will be discussed. From there, you will learn the offensive and defensive applications of OSINT information. In the next modules, "People OSINT" and "Business OSINT" as they relate to offensive attacks will be discussed. The workshop will wrap up with a two-hour "capture the flag."