Tactical OSINT for Pentesters and Cyber Investigators

by Shubham Mittal and Sudhanshu Chauhan


As Internet had found its use in almost all the places in our lives. However whatever we do on internet leave trails of breadcrums. Tactical Reconnaissance will leverage this and strive to achieve a caricature of the target using OSINT Tools and techniques. It basically constitutes of carefully planned actions to harvest information about a target (person, email, phone, domain, etc.) from publicly available sources. This harvested information could be used by active hackers / cyber investigators to perform targeted profiling. While hackers can use this information to further streamline their attack to elude detection, cyber investigators can use the same to trace down the their target entities.


This workshop will cover various OSINT tools and advance techniques for finding, collecting and co-relating publicly available information related to the target, be it a person, company, email, domain, IP, etc. Ranging from various search engines to useful free APIs and social media monitoring, etc., many such widely used but under-considered techniques will be covered. While many of such utilities are readily available, few custom scripts will also be distributed to candidates (at their will, of course). Among bunch of techniques for OSINT, below ones will be specifically covered:

Day 1

  • Using non traditional search engines for finding relevant information
  • OSINT on email, phone, images, IP and domains
  • Scoping and Profiling organisations - IP Addresses, Domains, Subdomains, Employees, Email Addresses, and other entities
  • Tracing and profiling a person using SOCIAL MEDIA INTELLIGENCE
    • Linkedin
    • Facebook
    • Twitter
    • Instagram
    • Flickr
  • Tracing Check-ins, geo-tagged images and other static entities (eg. apikeys, metadata, etc.)
  • Search geo-location data within Twitter, Flickr, Facebook check-ins, and Instagram streams
  • Locate a target's long forgotten Facebook activity
  • Access content believed to be private on Facebook.
  • Using Google Custom Search Engine.
  • Email tracing, automated feeds, online chat, and instant messaging
  • Exif Data Extraction from Documents and data correlation.
  • Breach Status of target and Email Ids.
  • Monitoring and alerting for users / organisations.
  • Profiling friends, interests, preferences, hobbies, etc. for investigating / targeting a person for social engineering.
  • Searching through DARKNET, code engines, paste(s) and forums for passwords, apikeys, tokens, salts, etc.
  • Anonymizing Techniques - TOR, Web Proxies, VPN & Tails.
  • Reverse search images for more information correlation.
  • Useful Browser Add-ons.
  • Demonstration of useful OSINT tools.
  • Visualizing Raw Data for extraction of Meaningful Data.
  • How to hide from Internet?


  • A general understanding of the Internet and computer ecosystem


  • Laptop having ability to access 802.11 b/g/n Wi-Fi network in an unrestricted / unfiltered nature.
  • Participants are encouraged to set up test accounts on Gmail, Facebook, Instagram, Twitter and LinkedIn


1 day


  • Penetration Testers
  • Security Engineers
  • Cyber Investigators


  • Fair understanding of how to Investigate / Recon about a person / organisation using information available on Internet.
  • Hands on Exercises
  • Custom Scripts
  • Slide deck and a handy Cheat Sheet of all the updated and verified OSINT resources.
  • A small OSINT CTF (to practise everything learned in the workshop)


  • Cell Phone Tracing, GPS Tracking etc.
  • Paid Subscriptions / API keys.
  • Database of scraped Passwords/li>


Shubham Mittal

Security Consultant

Shubham Mittal is an active Information Security researcher with 5+ years of experience in offensive/defensive security, with interests in OSINT. He is the author of Automated OSINT tool @Datasploit and he has trained/presented at multiple conferences including BlackHat, DEFCON, NullCon, Null (Bangalore, Delhi and Mumbai chapters), IETF, etc. This year, he is also running @Recon-Village at @DEFCON 25. He works from the command line, uses vi and loves beer.

Sudhanshu Chauhan

Security Consultant

Sudhanshu Chauhan is an information security professional and OSINT specialist. Sudhanshu has written various articles on a wide range of topics including Cyber Threats, Vulnerability Assessment, Honeypots, Metadata etc. and Co-authored ‘Hacking Web Intelligence’. He has been a speaker at various conferences (Ground Zero Summit (New Delhi) 2015, CyberHackathon Bar-Ilan University (Israel) 2016) and a contributor to DataSploit- an OSINT Framework