SEC487 - OSINT ANALYSIS - Comprehensive Review
Randy_Randerson
Member Posts: 115 ■■■□□□□□□□
in GIAC
So like before, I want to provide some information on courses I've recently taken in the hopes it helps anyone who may be on the fence about taking it OR trying to convince leadership to even send them to it. Please let me know if these are helpful or if there is something you would like me to add.
COURSE: SEC487 - Open Source Intelligence Gathering and Analysis
Syllabus: https://www.sans.org/course/open-source-intelligence-gathering
Method: Live
Additional Resources: https://inteltechniques.com/
Day 1: This day is predominately like any other day for SANS. Introduction to the material itself. Things that are gone over are a vast majority of the links to things like Mind Maps, Note Taking initiatives and then getting into the importance of using alternate accounts for things like social media. You learn very quickly that sites like Facebook and Twitter are basically impossible to register for without a valid cell number nowadays.
Day 2: Probably my second favorite day out of the class. You spend the vast majority of scouring the internet on public facing websites for personal information. Things like Phone Numbers, Addresses, Real Estate Records, etc. Other things that were fun to learn and work through were reverse image searching. Things like Avatars and Usernames. This is the day you start using tools like Recon-ng.
Day 3: Social Media Day. It is a ton of fun, but frustrating if you couldn't get the social media accounts up and running.
Day 4: Geo-location. Lots of goodies for how to tie in measuring distance on Google Maps and the use of other open source map sites. You start digging into tracking a high value person through political contributions and other things to build out their dossier.
Day 5: Kind of a mash of all the concepts and topics that couldn't fill in a day. First half of the day is on Dark Web and using Tor. Second half is government/international issues. Then you get thrown to the wolves and put into a single-user investigation (meaning no teams, that is Day 6 CTF).
Overall Impressions: I've been doing this type of work now for the better part of 4 years. This is a foundational course (hence the 400 level) and it really does show. Lots of hand holding and you really don't get very deep in the weeds. However, that is most likely by design. Also many of the sites that were included in the material were useless by the time the class happened because they either went down or went to a pay model. Course Author did the best they could to update on the fly, but if you plan on taking the cert whenever it goes live -- I would strongly suggest not using someone's books. My guess is this class is going to be one of those that gets updated very frequently.
I do think the material is worth while though. The links themselves allow a person to steer away from pay model sites or companies that charge to do the same thing. That in itself can be helpful if you are working Insider Threat or just investigations in general at your company. It is pretty darn scary what you can find out just by simply searching. I do think the additional resource I linked to (and the subsequent book) may be beneficial in-lieu of this training. Biggest benefit from this training are Resources (e.g. the links) and the Mind Maps that you can then use to build out your fake persona and for your future investigations.
Overall score out of 10 --- 7/10
COURSE: SEC487 - Open Source Intelligence Gathering and Analysis
Syllabus: https://www.sans.org/course/open-source-intelligence-gathering
Method: Live
Additional Resources: https://inteltechniques.com/
Day 1: This day is predominately like any other day for SANS. Introduction to the material itself. Things that are gone over are a vast majority of the links to things like Mind Maps, Note Taking initiatives and then getting into the importance of using alternate accounts for things like social media. You learn very quickly that sites like Facebook and Twitter are basically impossible to register for without a valid cell number nowadays.
Day 2: Probably my second favorite day out of the class. You spend the vast majority of scouring the internet on public facing websites for personal information. Things like Phone Numbers, Addresses, Real Estate Records, etc. Other things that were fun to learn and work through were reverse image searching. Things like Avatars and Usernames. This is the day you start using tools like Recon-ng.
Day 3: Social Media Day. It is a ton of fun, but frustrating if you couldn't get the social media accounts up and running.
Day 4: Geo-location. Lots of goodies for how to tie in measuring distance on Google Maps and the use of other open source map sites. You start digging into tracking a high value person through political contributions and other things to build out their dossier.
Day 5: Kind of a mash of all the concepts and topics that couldn't fill in a day. First half of the day is on Dark Web and using Tor. Second half is government/international issues. Then you get thrown to the wolves and put into a single-user investigation (meaning no teams, that is Day 6 CTF).
Overall Impressions: I've been doing this type of work now for the better part of 4 years. This is a foundational course (hence the 400 level) and it really does show. Lots of hand holding and you really don't get very deep in the weeds. However, that is most likely by design. Also many of the sites that were included in the material were useless by the time the class happened because they either went down or went to a pay model. Course Author did the best they could to update on the fly, but if you plan on taking the cert whenever it goes live -- I would strongly suggest not using someone's books. My guess is this class is going to be one of those that gets updated very frequently.
I do think the material is worth while though. The links themselves allow a person to steer away from pay model sites or companies that charge to do the same thing. That in itself can be helpful if you are working Insider Threat or just investigations in general at your company. It is pretty darn scary what you can find out just by simply searching. I do think the additional resource I linked to (and the subsequent book) may be beneficial in-lieu of this training. Biggest benefit from this training are Resources (e.g. the links) and the Mind Maps that you can then use to build out your fake persona and for your future investigations.
Overall score out of 10 --- 7/10
Comments
-
JGS Member Posts: 23 ■■■□□□□□□□Hi Randy,
Thanks for the review. I am wondering which courses that have you taken would you give a 10 out of 10? -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□Hi Randy,
Thanks for the review. I am wondering which courses that have you taken would you give a 10 out of 10?
Hi JGS,
This is probably going to be very subjective, as there can be quite a few variables in there that can change a person's viewpoint. For instance: Was it taken online or live? Did you have the course author or one of the lower tiered instructors? Was it in Vegas or Omaha?
With that being said though
FOR585 - Smartphone Forensics
SEC575 - Mobile Device Security and Ethical Hacking
SEC617 - Wireless Auditing and Ethical Hacking
All 3 would get 10/10 from me. I feel the classes are geared towards all sectors (Private, Public, Consultancy, Personal) and there is a deep and comprehensive amount of material that cannot be readily found in other locations. For example, if the course author published a book prior to the course and it feels like the class is regurgitated with labs. Additionally, these 3 courses face probably the most active courseware considering the amount of mobile versions out there for Android/iOS and the different types of wireless capabilities out there. -
JGS Member Posts: 23 ■■■□□□□□□□Hi Randy,
Thanks for your response. Those courses and the factors you mention are well worth considering when I decide future courses to take. -
jcundiff Member Posts: 486 ■■■■□□□□□□Have you done Michael Baswell's OSINT course? Since you list his site as additional resources, I am guessing maybe you have? I can't see SANS being that much if any better than his? His is 1000 bucks vs SANS prices. I have been in the Threat Intel space for about 5 years now and did his self paced online course early in my career and it helped immensely, laying the foundation for me to complete the GCTI this year
"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke -
COBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□Thank you for such an in-depth review.CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
-
jcundiff Member Posts: 486 ■■■■□□□□□□MitM said:Thanks for the review. Looks good
@jcundiff is Michael’s course worth the $1000? What type of roles benefit most from these type of courses?Definitely! you get a year's access and updates that are published during the year. You also get lifetime access to his tools on inteltechniques. Transitioning from a GRC role into Threat Intel, I found his course to be phenomenal, learning how to search and comb through OSINT to find your target.
As far as who, his course is really geared toward Law Enforcement, but its great for less experienced threat intel roles as well. You can buy his book for about 50 bucks and get a lot out of it, but I highly recommend the online course for a grand vs his 2-3 day courses places such as blackhat"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke -
jcundiff Member Posts: 486 ■■■■□□□□□□MitM said:No sir! Threat Intel for a major Financial Services company, work with FBI (Infragard mainly) and USSS, (more so than FBI and other DHS orgs since they handle electronic financial crimes and counterfeit cards etc)
If you are working in a sector that is eligible for Infragard membership, take advantage of it"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke