Zachary Hunsaker - Open Source Intelligence: What Does the Internet Know About You?

all right everybody we have our penultimate talk it's going to be Zachary hunsaker can you pronounce that right presenting open source intelligence what does the internet know about you please give him a round of applause

um thank you so much and uh first of all just like to say I'm super excited to be here and uh if you're expecting some sexy talk where I'm going to put a whole bunch of dark web secrets and stuff on the uh in the presentation that's not going to be what we're doing but we'll talk about a little bit about what we are doing because hopefully we can give you some open source intelligence to bring back to your business and Implement some things that will help make your business better and maybe streamline and improve some processes so um and hopefully we can see this it's a I didn't plan on a projector I probably

should have but uh mostly I'm going to be talking about what's up here it's not really heavily and heavy in visuals and everything so first off I'll just talk about who I am and you know why maybe you would care about anything I have to say um currently I'm an ocent security engineer at Abby it's a pharmaceutical company we do some really interesting stuff right now my primary function for ampy is I'm automating the oceans process that we use for mergers and Acquisitions and on some of the interesting things we got to do with that is when a new company that we're targeting for a merger or an acquisition is coming on the uh on onto the radar of the merger and

Acquisitions team they'll reach out to us and they'll ask us hey can you take a look at this business and tell us everything you can find about their information security footprint they don't want any big scary things happening after a merger acquisition like ransomware they want to be aware of any misconfigurations any issues that we might run into so that they can either leverage that to you know maybe sweeten the deal a little bit with the understanding that we'll go and you know fix those things after the fact or so we can back away slowly and pretend like we were never interested um currently I'm automating a bunch of the processes that have already been

kind of put in place by some of my peers and I'd like to say thank you to those wonderful people that happy that I've been helping that previously I worked at AWS I was a security engineer on the cloud formation team we got to do some interesting stuff at scale for infrastructure's code and if you've ever used cloud formation it's a very interesting product highly recommended that if you're doing things at scale at AWS either the SDK that cloud formation offers or cloud formation itself are both really powerful tools that I think are very underutilized and some interesting things about that as we've actually during my time there some of the things that we ran into

would be from bug Bounty programs and some of the biggest things that were found were found with oceans I can't go too much into that because the mbas and all that jazz but what we're doing here is very applicable and ocean will definitely help us out before that I was an incident responder and security engineer at the national Center for atmospheric research um and I'm also a recovering Java developer which was my first position um a big shout out to any of you who write Java all day um you're the unsung heroes I like to joke that Java is basically what runs the whole internet like it's Java all the way down Java and caffeine so

um a little bit more about me aside from my technical background I'm a dad that's my most important job and I really love it shout out to all the dads out there and I'm a permaculturist um so one of my big Hobbies is I like to you know build an ecosystem onto property that I bought here in Tennessee which thank you Tennessee for accepting me as a refugee from the state of Wyoming and I'm very big into fermentation and cultured food so some interesting things if you want to talk about those you can hit me up on Twitter this is my Twitter handle and there is a giant QR code that you can scan if you're interested

in following me on Twitter at the end of this I'll also provide slides for this deck and again this isn't a PowerPoint presentation I apologize for how crazy it's going to be because of the the extra light in here but we'll continue so in this talk I want to talk a little bit about the intelligence life cycle is anybody here familiar with the intelligence life cycle as it permits to intelligence gathering and everything a little bit okay um so I want to talk about that because it's really important for making ocean applicable to your business um after that we'll talk about ocean and some of the steps and like some of the places in the intelligence life cycle

that it really shines and we'll talk about why those things are important for your businesses because at the end of the day that's what pays the bills that's what lets us be here and I think ocean can actually be a very critical step of what you're doing and I imagine it's something that you are all using to some degree even if you're just Googling for an answer on you know a question or if you're using an RSS feed for finding vulnerabilities that you need to patch in your organizations um so the goals of this session I want to talk a little bit about the risks associated with your company's online presence there's probably a lot more out there

especially for publicly traded companies than you might be aware of and I want to talk a little bit about the best practices that we can use for defending against online attacks via these vectors um specifically we'll be focusing on a lot of policies I'll also mention some tooling and some training that you might get if you're more interested in bringing more open source intelligence to your business for optimizing your business processes um and lastly well I hope you'll learn a little bit about the benefits of integrating ocent into your organization either as a standalone function like my job is currently at Abby which super excited about or as a typical day-to-day activity that you you do as part of your

job whether it's in the help desk security operations center pen testing whatever it might be so I'm going to actually zoom out here a little bit and let's talk a little bit about the intelligence life cycle so this is just basically a process that the intelligence Community set up a few years ago well a long time ago on how they collect intelligence and the the processes involved within that um and from the beginning planning stages to the very end where you're disseminating reports and Gathering feedback so there's six main steps um the first one being your planning stage there's a lot to this you need to be aware of what your requirements are this is where you start whether you're

writing software whether you're um you know setting up infrastructure whether you're trying to secure your organization and as part of Open Source intelligence it's it's critically important as well you define your requirements and objectives so at Abby for example our requirements are we want to know everything we possibly can without actually attempting to do a penetration test or you know scanning or any of those activities of a third party for a merger or an acquisition you need to identify your potential sources of information there's a lot of them if you are a publicly traded company and you fill out those SEC reports every year your 10q is one of the first places I will go when I am searching for

information on your company where you talk about breach announcements when you talk about insider trading when you talk about anything that you have to fill out relating to your business to the SEC that's definitely going to be one of the first places I go again if you're a publicly traded company um so collection um and I put little monikers up here you probably can't see them the collection phase is what I like to call I don't have enough disk space um so ocean is one of those intelligence disciplines where there is more information available than you can probably gather and process so you need to be a little bit pickier about it um there's there's a lot going on so

specifically at Abby one of the things I go and do is when we're looking at acquiring another company that is selling a drug that we're interested in and being able to sell at a later date or that's in their pipeline one of the first places I'll go is the dark darknet markets I'm gonna go see if there is a generic version of that drug available on any of those sites or if there's a copycat of any of those from suppliers in in east of here we'll just put it that way and then social media collection this is a treasure Trove of data and most of it will come from not the business public media presence but

that of its CEOs of its employees and we'll talk a little bit more about that as we go into some of the stories that we'll talk about here next there's the processing and exploitation phase I also call this the import pandas's PD stage because this is where you're taking your information and you're going to compile it into a readable format and pandas is one of those libraries in Python that I absolutely could not live without it's it's critical for what I I do on a daily basis and it's a it's a great way to take and organize and filter data and be able to put it into a data frame so that you can continue to process it

um well I'll just briefly go over some of these other stages but the analysis and production stage this is where you actually need an analyst on the ground to take a look at the data and be able to interpret it and translate it to the business so you need to be able to take all this information that you're finding it's very similar to a pen test report where you're taking and you're analyzing the vulnerabilities seeing if there's actual impact and being able to start producing a report next is the dissemination phase where you actually communicate these findings to the business this is critically important because this is where decisions get made as you're very well aware

you need to process this in a way and be able to visualize this information one of the things I found is the first few reports that I I gave to to my employer um there there was too much reading involved and I don't mean that to be mean decision makers are busy they have tons of meetings every day and they have a lot of information and context switching that they do have to do so the more visual you can make these reports the more impactful they'll be for the business um you know bright red stop sign like don't buy this because XYZ um and then the feedback and evaluation this is a stage that gets overlooked a

lot um but you need to sit down and talk to your your key stakeholders after disseminating a report like this and and basically ask you know what worked what didn't did you understand you know this from this information that I provided how could um you know try and understand their business position a little bit better so you can translate the report of the technical or other complex findings you have and be able to translate it into business speak and I found that this is critically important um so let's talk a little bit about open source intelligence as its own discipline um so open source intelligence as we mentioned before there's a plethora of information available basically anything

accessible on the Internet or other protocols not just the internet that's openly available um is it's fair game um you know there's legal implications that you need to look for you know specific use cases if I go anonymously log into an FTP server that has the banner that says hey please don't come on to here that's obviously an ethical consideration you need to take into account um so don't do that but um open source intelligence as we mentioned before there's lots of problems associated with it as well first is the data volume there's more info than they'll be able to to go over reliability open source intelligence data can be generated on the Fly I mean we're living in a time with

artificial intelligence have you has anybody played with you know Chad gbt or something with it um it's insane the amount the quantity and volume of information that it could put out I I mean I I spent um a couple weeks ago I took and I actually had it generate a fake LinkedIn profile for me like you know here's all the places I've worked here's all the blah blah blah for a puppet account to be able to do investigations um and it was amazing the things that it would the little nuances that it would throw in and so being able to reliably verify the sources that we're gathering with ocean is one of our more critical

problems that we need to address and data quality so quality doesn't mean reliability here specifically I'm talking about the unstructured format that we find a lot of times if you're going and you know reading a blog post on somebody's blog that they wrote you know 12 years ago there's a lot of processing that you have to do in order to automate that and make that valuable um so first let's talk a little bit about the collection phase in open source intelligence we're Gathering from public sources websites social media news articles government reports I'd mentioned the Edgar database that the SEC has for reports that they publicly traded companies have to do public records this is a treasure trove here in

Tennessee and many other states I don't know if you're aware but there is a land parcel database that if you've ever owned a land or bought a property if you're a landowner essentially your information is probably in this database and it's open to the internet you can go take your you can go request your information to get out but when I'm searching for somebody um that's a really good source of information um there's lots of things like that um I want to mention some interesting trainings or tools that you can take a look at so ocean curious is a good one this is by Mike Hoffman um the ocean which is Joe here no okay

so um Joe gray is one of the organizers here he has a great training available for open source intelligence inteltechnics.com this is a really interesting one so Mike bizell is largely considered the The Godfather of ocean he is very focused on privacy and kind of removing himself from a lot of these open source intelligence you know databases or places and he has a wealth of information and knowledge available on his website here which I gotta say last time I gave this talk I sent on I had people going here and it was actually the day that his website got taken down and all the information so please I hope that doesn't happen now um but um he's a great resource and there's

actually really good tools there that he tries to keep up to date um for doing manual investigations on phone numbers on domain names IP addresses usernames that can help you track down somebody's you know username across various social media sites it's a great resource if you're looking for that um there's another tool here called obsidian markdown it's a great knowledge database that you should keep for yourself osim is one of those things that the tools that you're using or the the techniques that you find they're probably going to break tomorrow um I have my GitHub page with skeletons of projects that I was working on where the next day the vendor found oh you know we didn't mean to release

this information and they they fixed it and my tool no longer works right so it's a cat and mouse game that's frequently happening but the thing that doesn't change a lot is your framework for you know here's my process for going and investigating things and I found that obsidian is one of those tools that lets me do a mind map and kind of track down some of those things I'll also say RSS feeds are one of my favorite tools if you aren't using one I highly recommend it even just for vulnerability tracking but there's lots of tools out there that you can have web pages Twitter feeds all of that converted into an RSS feed so it's a

great source of information to you know be able to programmatically grab those types of things and process them um I'll kind of skip over the processing and exploitation the other stages but they're very important from an open source intelligence perspective but I'd like to get a little bit more to the the meat and potatoes the why we're here so let's talk a little bit about your businesses and how we might be over sharing information and some of the implications of those things so first data breaches it's on everybody's mind and a lot of them can happen because of oversharing of company information online um with information that's publicly accessible there are frequent cases where we're more at risk of a data

breach because of it um who here has seen one of those pictures on Twitter or LinkedIn or something where somebody's like taking a picture and they're like it's my first day at this company super excited anybody I can't be the only one okay so everybody's seen one um does anybody know why people do that it's a serious question anybody they're excited we are social human beings we social media took off because of the dopamine hits and everything but it's because we're social creatures we want to include people in our lives that we care about so when they're sitting there taking a picture and saying like look how excited I am um it's not a terrible thing for them to

want to do it's a terrible thing for your business um recently I found like why I was looking at an organization I found a tweet from somebody said it's my first day super excited and it was a picture of life their badge it was a picture of their badge which makes you know being able to copy one of those RFID tags super easy to do you can see the format that they're using the type of logo they're using which seems innocuous enough Until you realize that they're also sharing where they went where they're going to go on their you know with their group after their first day and they say hey we're all going to

meet at this bar and you know after work I'm super excited I have an awesome new team so you go there with a prox Mark or something and you just you walk by and beep and you've got a picture you've got their badge you know the hours where they're going to be at work or when they might be after where when they might be somewhere after work um and it starts to look a little bit scarier another example I have this really happened and it's really sad who here can tell me what an Etsy shadow yes go ahead yeah it's the it's the actual you know document on a Unix system that stores your password and it's not easy to get

to you need you know hype like you need escalated privileges to get it um I was investigating um some open indexes um I was investigating my boss had asked me um to go and look at and this is a former employer I'm just going to say that now so you know um that's abundantly clear um he's like we have a problem we're seeing a lot of we're getting a lot of reports from a third party about these open indexes can you go take a look I said okay let's go take a look so I'm going through I'm going through some open indexes and I'm seeing a lot of you know publicly available data some web

servers that are just misconfigured incorrectly you can see the files in there you know nothing too crazy and I get to about the sixth one down like on my list of of servers to go check and I go on to here and I see a folder called backups so I go to backups I'm like okay well this looks interesting um there is some commands that they run to do backups like they're scripts that they're using with hard-coded credentials I might add there is a copy of the data that they're backing up into a folder date and time stamped and in one of these there is your Etsy password and your Etsy shadow files so I'm like okay well maybe it's

old maybe it's just from an old you know Solaris system I guess that's a joke we're doing today um and so I go and I investigate and uh I'm like I have I have a co-worker that is amazing at um cracking passwords if you ask them anything about hashcat he can tell you all the flags and everything and I say hey can you try this you know see if you can crack any of these and uh all right I go over to his cubicle and we're sitting there talking about it and he's pulling it up he types in his crazy hashtag man um and he hits enter and password found you know it just like it

was an instant pop-up and it was a really terrible password um and all this happened because somebody must configure the server your directory is open to the internet and somebody can find it via Google dorks or you know some some technique that is relatively easy to do um so be mindful that this can happen um in the blink of an eye it only takes once for something like this to get out and you'll be amazed at how fast people start hitting these types of directories there's a lot of automated tools that are going out and looking for these types of things um and uh you know luckily we were we went and did instant response mode and

we're able to get this figured out and luckily you know checked logs and everything nobody could use these credentials yet um for for doing anything malicious and it was kind of contained but um it wasn't a fun day I can tell you that um another incident that I had similar to that is same same place I was working um I I start the day go and talk to the security operations center and uh we're working on a few things and one of the things I've been working on is anybody here heard of a tool called Showdown census i o everybody's heard of it right so um I had set up some alerts with shoden to say you know here's our IP

range if anything new pops up let me know so I go sit down and I'm going and you know I'm doing some work and then all of a sudden I hear a ping ping ping ping ping ping ping ping and my email is just freaking out and I go when I look at one of these emails and it's like this IP address you know as you and this is new here's the port go check it out um turns out and I'm glad I set up this alert and this is something everybody should go look at doing if you're not monitoring these types of things um are building operations systems had been publicly exposed to the internet

um so there had been a router misconfiguration somebody was updating some router rules and ended up accidentally pushing out you know a change that made it so that they become they became publicly accessible to the internet luckily we were on that one a lot faster than we would have been otherwise um and you know we're able to do some damage control there so let's talk about risk number two brand damage um you can get your company broiled into a scandal that will damage their reputation and their brands to the point where it it becomes difficult for some people to do business with them I'm not going to say that every business is going to shut down because somebody says

something bad on social media [Music] um but it's an optic that you really don't want your businesses to to run into um I'm going to share there's a quick news story I pulled up this happened a few days ago there was a New York Hospital that fired an employee um who worked in a morgue and uh they were taking selfies with uh deceased people which isn't a good look if you're you know in the business of working with people and so it's one of those things that that brand when you I'm not a I mean that hospital when you search for them I can almost guarantee for the next few years in the Google search results

you're going to see that article and you're going to say I really don't want to bring my mom or dad there because I the employee's gone but the damage persists um intellectual property theft this is one of those that I have the privilege of working with frequently um this is the sharing of information online that could expose the your company to theft to reputational damage to uh government government problems if you're sharing proprietary government information Etc um so this is another one where um this guy I worked with and I we were doing some threat hunting we've got the security Operation Center kind of set up the way we wanted with a few new people

and we decided to go do some front hunting um so we were searching our space and I was using the Google dork and I basically said give me all the PDFs that you can find on my domain and I'm like okay well what could be out there it was an educational research Institution and a lot of the information that we had we just gave out there were a lot of Publications that we shared um so I was going through a bunch of these and you know using some some tools to help me kind of filter out some of the stuff that's you know very technical um that you know we had hashes of from documents that we published

and something really interesting set up so there was a schematic for satellites um has anybody heard of The Cosmic mission so this isn't a this isn't a very well known one so I would have been surprised if somebody had um so the cosmic mission was a collaboration between the national Center for atmospheric research and some government agencies and uh they published some schematics for some satellites and they they sent some satellites into space um that have sensors on them for measuring climate and weather data um really cool Tech really cool things they're doing with these satellites turns out the specs were available on one of our web servers and the document was marked itar which

if you're not familiar with itar this was a very very bad thing um fortunately for us and we put processes around it after the fact it had been Declassified as itar by one of the agencies we were working with a very long time ago so this has been out there for a very very long time but when we searched some of our logs there was there was traffic from external countries and entities that um we weren't too friendly with so just be careful um it can be a user that has access to publish their information on their personal site that you make for them you know a lot of people you know here's your company

profile and they allow people to you know publish this subsection of data in those and you would be very surprised at what some people put out there it could be a CV which is you know it's useful if you're trying to Target for spear fishing or something like that but it's not going to end the world but you will see crazy information put out um via PDFs open indexes all those types of things um so let's talk about fishing um now that we've talked about that fishing and social engineering sorry I get a really dry mouth so criminals are always looking for opportunities to exploit information that you share online um they'll still images of people and

try and impersonate people on Facebook LinkedIn has anybody seen this um my wife has a grandmother that frequently is friend requesting her it's not her it's an impersonation somebody steals her image every other week and attempts to you know um to scam people out of money using my my wife's great my wife's grandmother basically as the decoy so it's something that attackers have automated processes for spinning these types of things up working on you know they take in account that they've set up two years ago put on a new image you know add some information to it and they'll try and use that as a pretext for social engineering um uh oh yeah okay so this is another

really fun one um so company I was working for um they were building a new building um they were building a new facility and the construction company that they were using was in a picture for the groundbreaking ceremony seems innocuous enough right um and I'm I'm not here to fear monger um I just want you to I I hope you understand that everything we do in the public life has consequences right so this construction company was in one of the pictures and um that company got targeted by some phishing attacks and one of them was successful and an attacker was able to take over an email account so business email compromise you can all see where

this is going um and one of our finance people gets a message that says hey we haven't received payment for X number of days and here's our new ACH information we had processes in place to take advantage like to make sure that you know nothing malicious like this happened nothing's 100 unfortunately um they got rushed it was a Friday at 4 pm had a soccer game or something to go to and uh set the payment turns out it was a payment for about a million dollars so my next three weeks were meant you know helping clean that mess up reporting that to the proper authorities but because a picture was in the newspaper the local newspaper and on their website

of a construction company breaking ground with the organization I was working for somebody targeted them and was able to you know compromise an email and be able to make off with some money I actually don't know how that one ended I ended up leaving very shortly after that hopefully it was a good good ending in the FBI cop couple of people but there are real world consequences to the information we shared online legal and compliance risks so I'm sorry this program all right um regulation so I'll cruise past this one really quick but the UK find Tick Tock recently um a total of 15.8 million dollars for tick tock breaking gdpr um for sharing information with third

parties that um they didn't have access to do and then competitive disadvantage um if you share your internal processes or strategies online competitors are going to take advantage it's something that every every company has a competitive Edge that they're looking to gain and if one of your competitors say hey here's how I make this drug um better believe I'm going to be out there trying to find that information and you know share that as well so how can we defend our employees and I'm sorry I have rambled on forever um a lot of them are the things other speakers have talked about today and we've been very lucky to hear about a lot of these things but employee

education awareness make sure they're aware of some of these things one of the things I mentioned before was the first day of work um something you can do to help employees feel like they belong that they can share with their life have a place where before they get badges um you come they come in you explain to them you know hey we we're excited to have you we want you to take a picture you can share this on social media please don't share in XYZ spaces that way you know when I look in the background of a picture of your first day and I see a key I can go and find some really awesome ocean guy I can't

remember his name off the top of my head but he has these key templates and you can actually put that on top of pictures and you can figure out what kind of key they use for specific things or I can fish you with a vendor message from the vendor that you're using so raise awareness in those types of places but you can also make policies or processes that still allow those kind of things to to happen strong password policies um I won't beat this to death but multi-factor authentication is by far one of the best mitigating factors for a lot of these things Implement privacy settings and engineering into all the products that you're building privacy engineering

should be almost as important as your security engineering they go very much hand in hand and the more privacy you build for your employees and you you know you build into your products the the less juicy of a Target you'll be um you know safe online practices and you know give employees good information um if you have a threat intelligence team if you have somebody that does a newsletter for your your employees send out really good information make it high quality make sure um that it's usable um down here in the potential references and again I'll make these slides are available to you um and I apologize for how about there but there's um there's a

couple really good resources here one of them is is free and it's how to freeze your credit and a whole bunch of other really important things that employees can do to it it takes them to a bunch of data Brokers where they can remove their information for anybody that's privacy conscious it's a it's a really good resource and it's a really good way for them to be able to go and see you know this is how I can lock down my social media accounts um here is a list of procedures I think every company should have a social media usage policy you know where and when can you use you know social media in a business context

password security policy privacy policy phishing awareness and email security policy um and that should be more a process than a policy and so I apologize for that um bring your own device policies you know what's allowed on your network what Can employees bring can they you know bring things with cameras in certain places based on your your threat models data data classification and handling policy um make sure that you know uh a document that is marked business critical has proprietary information is never dangling in an open index or not behind role-based access controls we heard from the Drago's presenter this morning that role-based access control implemented properly really save the day for them um and then make sure if you are doing

any employee monitoring um make sure you have an employee monitoring and acceptable use policy for those types of things here's a list of tasks that I think a dedicated ocean analysts these are great places to start if you want to bring those in into your organization so um they make a great start to a threat intelligence team and you can you know go further with that than and bring in other methods besides just open source intelligence you can have them serve as a backup for um instant responders and your your sock teams um monitoring brand reputation and online presence if you have a social media team um or you know they can serve as a way

to track for imposter domains and and other places I mean or in an organization that don't frequently get looked at but can cause a lot of damage um and then here's a list of jobs that I put together that ocean plays a really critical role so obviously cyber threat intelligence analysis we talked about forensics people should have some awareness some situational awareness of what's going on and open source intelligence is definitely a key part of that fraud analysts should have an awareness of awesome techniques that are being used for for organizations to help provide more information there risk analysts and one of the things I do obviously due diligence investigator so I help the mergers and Acquisitions team

with due diligence and I really think that's one of the better places sorry for a bigger business um if you want to start using open source intelligence and then market research um if you have a market research team bring open source intelligence into finding salary data um in order to enrich any data sets that are currently being collected um and then social media analysts make sure that people are out there looking at your social media footprint and that of your employees to look for those crazy things that happen on the internet so I hope you've learned something today um I really appreciate your time there is a QR code here for the slide deck you

can also find it at my GitHub which is 5a4b48 on GitHub that's easy to remember because it's zkh just in hexadecimal so any questions

one second I work in healthcare and we have providers that have their MBI number freely available on the Internet is there any way to to stop that or block that information or pull it from the internet um so again I'd reference you to Michael bizell um with some of that stuff but um with some of the search engine stuff it's it's really hard once something's out there it's really hard to get it down um there are some really interesting techniques that um I can I can reference you to some tools and stuff if you if you shoot me a message or we can talk after this anybody else

you mentioned land docs and uh you know SEC violence what do you is it is your different is your process vastly different for private companies or absolutely um private private companies are a little bit harder because they're not mandated to share information um but what I've also found is that social media tends to be the best place to find information on private companies um mostly because a lot of them are either looking to be acquired or they're looking to form relationships with bigger companies so I found that marketing person for organizations is a great place to start and the CEO tends to overshare a little bit for most companies um but another good source for for

information there might be you know something you can do is go look for if you can link a personal email address to somebody go look in breach history and you'll be almost find you'll almost certainly find one-off usernames or accounts that are maybe using somewhere else and frequently they'll have other information available in those types of places so awesome thank you thank you here

so I only first uh yeah I know you mentioned some tools like wholesome curious and oh Ascension and all the data is enormous that you collect but you have a place where you compile all your stuff where you store it where you start to do it like a template as you're building your osin profile um so yeah so I mentioned it before too it's called obsidian done MD oh okay um I think every ocean practitioner everybody that's doing ocean should have their own knowledge base um you should share but everybody's process is going to be a little bit different because we we all have different neural Pathways I mean the way we view the world is drastically

different and something that works for you won't work for me yeah that would be my recommendation um and Mike Hoffman on his Blog has a great template for oslin that's a great starting point just kind of following up on that question marks do you have any educational resources that you recommend or anything like that and learning a lot of this stuff because it does change all the time and stuff absolutely as soon as you catch up with it it's you're you know back again yeah um it's a real Challenge and I will freely admit that um I will say if you look for the open source intelligence and privacy podcast by Michael bazell he's frequently updating tools he's probably

the most up-to-date on trying to keep things updated um the man must not sleep because he's constantly doing things um but that's a great resource and then um yeah there's there's some in the slide um in the slides if you grab them on GitHub there's some other resources there that might be helpful any other questions cool I think that's time and I really appreciate everybody [Applause]