So like before, I want to provide some information on courses I've recently taken in the hopes it helps anyone who may be on the fence about taking it OR trying to convince leadership to even send them to it. Please let me know if these are helpful or if there is something you would like me to add.
COURSE: SEC487 - Open Source Intelligence Gathering and Analysis
Syllabus: https://www.sans.org/course/open-source-intelligence-gatheringMethod: Live
Additional Resources: https://inteltechniques.com/Day 1: This day is predominately like any other day for SANS. Introduction to the material itself. Things that are gone over are a vast majority of the links to things like Mind Maps, Note Taking initiatives and then getting into the importance of using alternate accounts for things like social media. You learn very quickly that sites like Facebook and Twitter are basically impossible to register for without a valid cell number nowadays.
Day 2: Probably my second favorite day out of the class. You spend the vast majority of scouring the internet on public facing websites for personal information. Things like Phone Numbers, Addresses, Real Estate Records, etc. Other things that were fun to learn and work through were reverse image searching. Things like Avatars and Usernames. This is the day you start using tools like Recon-ng.
Day 3: Social Media Day. It is a ton of fun, but frustrating if you couldn't get the social media accounts up and running.
Day 4: Geo-location. Lots of goodies for how to tie in measuring distance on Google Maps and the use of other open source map sites. You start digging into tracking a high value person through political contributions and other things to build out their dossier.
Day 5: Kind of a mash of all the concepts and topics that couldn't fill in a day. First half of the day is on Dark Web and using Tor. Second half is government/international issues. Then you get thrown to the wolves and put into a single-user investigation (meaning no teams, that is Day 6 CTF).
Overall Impressions: I've been doing this type of work now for the better part of 4 years. This is a foundational course (hence the 400 level) and it really does show. Lots of hand holding and you really don't get very deep in the weeds. However, that is most likely by design. Also many of the sites that were included in the material were useless by the time the class happened because they either went down or went to a pay model. Course Author did the best they could to update on the fly, but if you plan on taking the cert whenever it goes live -- I would strongly suggest not using someone's books. My guess is this class is going to be one of those that gets updated very frequently.
I do think the material is worth while though. The links themselves allow a person to steer away from pay model sites or companies that charge to do the same thing. That in itself can be helpful if you are working Insider Threat or just investigations in general at your company. It is pretty darn scary what you can find out just by simply searching. I do think the additional resource I linked to (and the subsequent book) may be beneficial in-lieu of this training. Biggest benefit from this training are Resources (e.g. the links) and the Mind Maps that you can then use to build out your fake persona and for your future investigations.
Overall score out of 10 --- 7/10
