On February 11-12, the U.S. SANS Institute hosted a virtual conference: The 2021 Open-Source Intelligence Summit. The event drew thousands of participants and professionals from around the world including Social Links, who took part on the opening day of the event with the presentation ‘Extracting and Analyzing Social Networks Data Efficiently.’
What is The Open-Source Intelligence Summit?
The Open-Source Intelligence Summit is an annual event powered by SANS Institute – one of the most trusted providers of cybersecurity training, qualifications, and research. The conference aimed at bringing together leading security experts and investigators to share techniques applied to OSINT gathering and analysis. Despite being delivered in the online format of a ZOOM Webinar, attendees could enjoy a wide degree of communicative freedom and connect with the speakers via interactive Slack channels organized by SANS staff.
During the two days of the conference, a variety of speakers took the floor, including president of Haystack Investigations Heather Honey, VP of Product at DomainTools Jackie Abrams, Threat Intelligence Analyst at PwC Curtis Hanson, Chief Sourcer & Partner at Brain Gain Recruiting Irina Shamaeva, BuzzFeed News reporter Jane Lytvynenko, Certified SANS Instructor Matt Edmondson, OSINT consultant, and investigator Nico Dekens, Detective at Las Vegas Metropolitan Police Department Jeff Lomas, Steven Harris of NixIntel and others. The warm welcome and conference orchestration was supported by Instructor & Summit Co-Chair of SANS Institute Micah Hoffman and his colleague John TerBush. The speakers from Social Links were CEO Andrew Kulikov and Head of Research and Development Azat Kashapov.
Each speaker had a 45 min session in ZOOM, where they presented various OSINT tools and best practices regarding digital investigation. In a wrapping up session for the conference, the experts shared thoughts on which instruments they feel are most suitable and useful for conducting investigations and concluded with some projections about OSINT’s future.
‘Extracting and analyzing Social network data efficiently’ by Social Links
The Social Links webinar was presented by Andrew Kulikov and later continued by Azat Kashapov. Starting as a backend developer, Azat has now worked at the company for three years and has considerable expertise in OSINT tools and technologies development.
The workshop was dedicated to the methods of researching web resource code, and requests for gathering information. Using the example of a LinkedIn page, Azat revealed how to extract data from a web resource code with instruments such as Chrome DevTools, Json Parser Online, Yet Another REST Client, Postman, Fiddler, and others. At the end of the Social Links session, attendees had the opportunity to chat with Andrew and Azat, who fielded questions through Slack about the tools used in the demonstrations.
Why are these tools used?
Websites do not show all the information that can be obtained by HTTP(s) requests. While some features of data retrieval may be disabled, by using HTTP(s) requests, it is still possible to extract such data. Exploring websites in this way, it's possible to find loopholes – defects overlooked by developers – which can be harnessed to gain access to the data that the site doesn't want you to get. Reporting such findings can even earn you money; for instance, Facebook has been known to pay $25000 to individuals for reporting such breaches.
This type of website investigation can also yield requests that work without authorization – even with social media giants like Facebook, Twitter, and TikTok – and can retrieve data without approval. Since the source can close it whenever it likes, such opportunities are unlikely to be around forever, so you should probably make use of it now, while you can, to conduct – for instance – a massive parse. Using these methods, a developer can write code or programs that automate certain actions such as a browser extension that extracts the entire list of friends or followers from a Facebook profile.
Fiddler theoretically allows tracing requests not only from sites but also from software and even Android devices, while Postman catalogues all the sources you are investigating by conveniently putting everything on shelves and saving you a great deal of time.
Attention to detail and supportive atmosphere: Azat’s thoughts regarding the conference
About the organization: “The organizers were highly experienced and treated everything with due attention to detail. All notifications were made in advance, a special workplace was set up in Slack, and there were chats on various topics including subjects such as #petlovers, #workplacesetting, #abusereport, among others. They were also very responsive, constantly answering questions in chats, and actively participating throughout.”
About the participants: “There were a lot of participants from all over the world, ranging from students to professionals in their field. Young specialists came away with great motivation, while professionals were able to further strengthen their skills.”
About the OSINT tools: “The conference speakers introduced a plethora of valuable ideas, showing just how extensive OSINT is and how, with its help, a wide variety of tasks can be solved – I personally learned a great deal of interesting things. With our presentation, we showed the internal workings of OSINT from a technical standpoint: the processes taking place within, and how to view all this differently.”
About the atmosphere: “There was a friendly and supportive atmosphere. I was glad that lots of people reacted positively to our presentation via the Slack channel, asking questions and sharing their lovely insights. While everyone understood that I was not a native English speaker, I felt that I grasped the main ideas from comments while putting across what I intended to convey. I hadn’t participated in such an event before, and the experience has motivated me to improve my English level. In hindsight, I felt that I could’ve given more details about where these tools can be used. I think this question was really dealt with towards the end of the Q and A.”
The Social Links team was happy to participate in the conference, delivering experience from our side as well as gaining valuable insights in exchanging ideas with other professionals. The next SANS Open-Source Intelligence Summit will be held in a year.