WEBVTT 1 00:00:00.120 --> 00:00:04.679 Welcome to the deep dive. Today, we're unpacking the real 2 00:00:04.719 --> 00:00:09.960 world power of open source intelligence. Mmm, you know, Ocent, exactly. 3 00:00:10.279 --> 00:00:14.240 You our listener shared some really fascinating material, and well, 4 00:00:14.240 --> 00:00:16.399 our goal is to pull out the most valuable insights 5 00:00:16.399 --> 00:00:16.640 for you. 6 00:00:16.879 --> 00:00:21.600 That's right, Ocent. It really boils down to finding and 7 00:00:21.679 --> 00:00:25.079 analyzing information that's already out there in the open. 8 00:00:24.879 --> 00:00:25.800 Like public information. 9 00:00:26.000 --> 00:00:28.960 Yeah, exactly. It's like being a detective who you know, 10 00:00:29.199 --> 00:00:31.440 only uses publicly available clues. 11 00:00:31.760 --> 00:00:34.799 Wow. To really bring this home. One of the sources 12 00:00:34.840 --> 00:00:37.920 you sent had this powerful personal story. Oh yeah, yeah. 13 00:00:37.960 --> 00:00:41.039 The author talked about their grandmother's life journey Germany to 14 00:00:41.079 --> 00:00:45.679 the US, all documented through public records stuff that's online now, 15 00:00:45.799 --> 00:00:49.799 Incredible things like you know, marriage licenses, census data, even 16 00:00:49.840 --> 00:00:53.840 records of her passing, all accessible and painted this incredibly 17 00:00:53.840 --> 00:00:54.640 detailed picture. 18 00:00:54.840 --> 00:00:56.960 It really hits herme how much is actually out there? 19 00:00:57.000 --> 00:00:58.159 Doesn't it? It really does. 20 00:00:58.240 --> 00:00:59.920 And so for this deep dive, we'll be focusing on 21 00:01:00.119 --> 00:01:03.280 those book excerpts you provided. Our aim is to well 22 00:01:03.439 --> 00:01:07.879 go beyond just defining OSAN and really extract the key insights, 23 00:01:07.920 --> 00:01:09.519 the practical understanding you can use. 24 00:01:09.640 --> 00:01:12.719 Okay, let's unpack this then, So in a more maybe 25 00:01:12.840 --> 00:01:16.519 formal sense, what exactly is osent. 26 00:01:16.400 --> 00:01:20.040 Well, formally osin is it's the process of analyzing publicly 27 00:01:20.079 --> 00:01:25.879 available facts, evidence, observations, arguments, all that stuff to form 28 00:01:25.920 --> 00:01:28.879 a judgment. Right, critical thinking is really at its heart 29 00:01:28.959 --> 00:01:32.480 that ability to you know, connect the dots and evaluate 30 00:01:32.480 --> 00:01:33.480 the information you find. 31 00:01:33.640 --> 00:01:35.840 And this isn't exactly a new field, is it. The 32 00:01:36.000 --> 00:01:38.079 sources touch on its history a bit correct. 33 00:01:38.640 --> 00:01:42.719 Traditionally, within intelligence circles, osent was just one of several disciplines. 34 00:01:43.000 --> 00:01:46.920 It sat alongside things like human that's human intelligence getting info. 35 00:01:46.640 --> 00:01:48.640 From people, right, spies and stuff. 36 00:01:48.519 --> 00:01:53.439 Sort of, and sigant signals intelligence or seat imagery intelligence, 37 00:01:53.480 --> 00:01:57.400 and Mason measurement and signature intelligence. Those were the established 38 00:01:57.400 --> 00:01:59.359 categories for wow a long time. 39 00:01:59.599 --> 00:02:02.879 Things have changed a lot, especially recently. 40 00:02:02.920 --> 00:02:06.599 Absolutely, what's really shaped ocent today is just the explosion 41 00:02:06.680 --> 00:02:10.319 of data from mobile phones and social media platforms like Instagram, 42 00:02:10.360 --> 00:02:16.319 TikTok x formerly Twitter. They're just massive public archives of information. 43 00:02:16.599 --> 00:02:20.439 Huge plus maps and satellite images are incredibly accurate now 44 00:02:20.680 --> 00:02:21.599 and easy to get hold of. 45 00:02:21.719 --> 00:02:24.759 Okay, but here's where it gets interesting. Right, while all 46 00:02:24.800 --> 00:02:28.479 this open data is exploding, there's also this big push 47 00:02:28.599 --> 00:02:34.199 for security privacy. You see encrypted communication like signal and 48 00:02:34.240 --> 00:02:37.240 telegram everywhere. Yeah, that creates a bit of a puzzle 49 00:02:37.280 --> 00:02:38.360 for OCENT, doesn't it. 50 00:02:38.360 --> 00:02:41.560 It definitely presents challenges. But you know, these obstacles have 51 00:02:41.639 --> 00:02:44.159 actually driven the development of new tools, often. 52 00:02:44.000 --> 00:02:45.719 Open source tools like on GitHub. 53 00:02:45.840 --> 00:02:48.599 Yeah, you can find loads on platforms like GitHub. And 54 00:02:48.639 --> 00:02:52.280 we're also seeing the growth of really active OCENT communities 55 00:02:52.319 --> 00:02:56.879 online sharing knowledge exactly, sharing knowledge through blogs, videos, even 56 00:02:56.960 --> 00:03:00.599 live streams. And it's not just governments anymore. Profits are 57 00:03:00.639 --> 00:03:04.520 using crowdsourcing and OCENT for things like finding missing people. Wow, 58 00:03:04.879 --> 00:03:08.879 the lines between those old intelligence categories they're getting blurrier. 59 00:03:09.319 --> 00:03:11.879 Analysts need a broader skill set now, and. 60 00:03:11.800 --> 00:03:14.599 The sources even hint at what's coming, right with a 61 00:03:14.680 --> 00:03:18.520 chapter called What's Next. Sounds like it's always changing. 62 00:03:18.599 --> 00:03:22.360 Precisely, the digital world is always moving, so OCENT methods, 63 00:03:22.479 --> 00:03:25.360 the information we can access, it'll just keep. 64 00:03:25.240 --> 00:03:30.199 Evolving, which makes those core skills like critical thinking even. 65 00:03:29.960 --> 00:03:31.719 More crucial, absolutely essential. 66 00:03:32.120 --> 00:03:36.800 Speaking of skills, the source material really hammers home critical thinking. 67 00:03:37.360 --> 00:03:40.840 Why is that so vital for someone doing OCENT well? 68 00:03:40.960 --> 00:03:44.080 Without critical thinking, it's just so easy to get overwhelmed 69 00:03:44.120 --> 00:03:45.960 by the sheer amount of data right. 70 00:03:46.120 --> 00:03:48.039 Information overload totally. 71 00:03:47.840 --> 00:03:50.599 And it's hard to tell what's reliable. Critical thinking is 72 00:03:50.599 --> 00:03:53.360 about being able to see the connections between different pieces 73 00:03:53.360 --> 00:03:55.680 of info and figure out, you know, what's credible and 74 00:03:55.680 --> 00:03:56.000 what's not. 75 00:03:56.280 --> 00:03:58.840 Like journalists verifying stuff on social media. 76 00:03:58.719 --> 00:04:01.639 Exactly like that, they're off on the front lines separating 77 00:04:01.719 --> 00:04:03.919 fact from fiction. It's a core part of the job 78 00:04:04.280 --> 00:04:05.439 that makes perfect sense. 79 00:04:06.000 --> 00:04:08.199 You can have mountains of data, but if you can't 80 00:04:08.240 --> 00:04:11.199 analyze it right, it's not really useful intelligence, is it. 81 00:04:11.199 --> 00:04:11.719 Not at all? 82 00:04:11.960 --> 00:04:15.319 Now? Something you might not immediately link with intelligence work 83 00:04:15.439 --> 00:04:19.399 is mental well being, But the sources bring this up. 84 00:04:19.639 --> 00:04:23.319 Yes, And it's such a crucial point ascent analysts can 85 00:04:23.600 --> 00:04:28.160 unfortunately encounter deeply disturbing content I can imagine, especially when 86 00:04:28.199 --> 00:04:32.920 dealing with topics like violence or exploitation. It's vital to 87 00:04:33.000 --> 00:04:36.879 acknowledge the potential for trauma for mental health challenges for 88 00:04:36.959 --> 00:04:38.759 ourselves and our colleagues. 89 00:04:38.319 --> 00:04:40.079 Because ignoring it affects. 90 00:04:39.680 --> 00:04:42.560 The work absolutely. It can seriously impact the quality of 91 00:04:42.560 --> 00:04:45.079 the work and of course personal lives too. It's something 92 00:04:45.079 --> 00:04:45.959 we have to talk about. 93 00:04:46.040 --> 00:04:50.480 Another really important aspect highlighted is personal bias. How can 94 00:04:50.519 --> 00:04:53.839 our own beliefs mess up ocent analysis. 95 00:04:54.040 --> 00:04:57.879 Well, our biases can lead us to misinterpret information, plain 96 00:04:57.920 --> 00:05:00.959 and simple. It undermines the impartial. That's just key to 97 00:05:01.000 --> 00:05:02.839 good investigations. 98 00:05:02.000 --> 00:05:04.040 And you need to be aware of them exactly right. 99 00:05:04.240 --> 00:05:08.199 Being aware lets you actively question your interpretations. The example 100 00:05:08.240 --> 00:05:10.000 and the source about the Nicholas Cage fans. 101 00:05:10.040 --> 00:05:12.319 Oh yeah, the best actor investigation. Right. 102 00:05:12.399 --> 00:05:16.519 It perfectly shows confirmation bias, that tendency to just favor 103 00:05:16.560 --> 00:05:18.639 information that supports what we already believe. 104 00:05:18.879 --> 00:05:20.360 We all do it, we all do. 105 00:05:21.040 --> 00:05:24.600 Recognizing that everyone has biases is the first step in 106 00:05:25.319 --> 00:05:29.680 reducing their influence. You have to constantly question credibility and evidence. 107 00:05:29.720 --> 00:05:32.519 That's a good reminder. Okay, So the sources then get 108 00:05:32.560 --> 00:05:35.959 into the methods. This idea of the intelligence cycle can 109 00:05:36.000 --> 00:05:37.040 he gives a quick overview. 110 00:05:37.160 --> 00:05:40.800 Sure, the intelligence cycle is basically a structured way of 111 00:05:40.959 --> 00:05:45.079 doing intelligence work. A process, Yeah, a process. It generally 112 00:05:45.120 --> 00:05:50.319 involves planning and requirements first, then collection, followed by processing 113 00:05:50.319 --> 00:05:54.720 and evaluation, then analysis and production, and finally dissemination and 114 00:05:54.759 --> 00:05:57.319 consumption with feedback looping. 115 00:05:57.000 --> 00:05:58.519 Back like a continuous loop. 116 00:05:58.560 --> 00:06:00.519 Pretty much. Yeah, it feeds back in to itself. 117 00:06:00.560 --> 00:06:02.720 Okay, let's break some of that down starting with planning 118 00:06:02.720 --> 00:06:06.399 and requirements. What's really important in that first stage. 119 00:06:06.000 --> 00:06:08.720 The planning and requirements phase is well, it's all about 120 00:06:08.759 --> 00:06:12.279 defining the who, what, why, and how of your investigation. 121 00:06:12.399 --> 00:06:14.480 Who needs the info and what do they need exactly? 122 00:06:14.560 --> 00:06:17.480 Those questions should be driven by the stakeholders, the people 123 00:06:17.519 --> 00:06:22.040 who need the intelligence. Without clear goals, clear objectives, you 124 00:06:22.160 --> 00:06:25.720 just risk wasting time chasing rabbits, right, wasting time on 125 00:06:25.800 --> 00:06:29.600 irrelevant information, and ending up with intelligence that doesn't actually 126 00:06:29.600 --> 00:06:30.720 answer the original question. 127 00:06:30.839 --> 00:06:31.360 Makes sense. 128 00:06:31.879 --> 00:06:34.519 As analysts, we might be tempted to just dive in 129 00:06:34.560 --> 00:06:37.879 and start gathering data, but setting these initial requirements is 130 00:06:38.000 --> 00:06:42.240 so essential. The key takeaway. Without clear goals upfront, you 131 00:06:42.360 --> 00:06:45.600 risk drowning in data that doesn't help total sense. 132 00:06:45.720 --> 00:06:47.199 You need to know what you're looking for before you 133 00:06:47.199 --> 00:06:52.800 start digging. Okay, next step collection. The sources highlight this 134 00:06:52.879 --> 00:06:56.040 technique called pivoting. What's the art of pivoting? 135 00:06:56.079 --> 00:07:00.839 In osent pivoting, it's like following a trail of digital breadcrumbs. 136 00:07:00.920 --> 00:07:01.199 Okay. 137 00:07:01.439 --> 00:07:04.399 When you're collecting info, you'll often find clues that lead 138 00:07:04.439 --> 00:07:07.720 you to other related data, things that potentially connect different 139 00:07:07.759 --> 00:07:09.279 findings or user accounts. 140 00:07:09.319 --> 00:07:10.680 Like starting with an email address. 141 00:07:10.800 --> 00:07:12.879 Yeah, that's a great example. You start with an email, 142 00:07:13.160 --> 00:07:15.920 and you might pivot to a username, maybe a phone number, 143 00:07:16.000 --> 00:07:17.959 maybe even an IP address. 144 00:07:17.560 --> 00:07:20.879 And each new piece becomes a new starting point exactly. 145 00:07:21.360 --> 00:07:24.879 Each new bit of information lets you pivot again build 146 00:07:24.879 --> 00:07:30.800 out the picture. Mastering. Pivoting really transforms scattered data into 147 00:07:30.920 --> 00:07:35.319 like interconnected narratives. It reveals hidden relationship is crucial. It is, 148 00:07:35.759 --> 00:07:38.399 and it's a skill that really improves with practice. Learning 149 00:07:38.439 --> 00:07:41.399 to spot those potential connections, those pivot points. 150 00:07:41.439 --> 00:07:43.839 And where do we usually start this collection? The sources 151 00:07:43.879 --> 00:07:45.959 mentioned a few common jumping off points. 152 00:07:46.240 --> 00:07:50.360 Well, analysts might start with large collections of data, you know, 153 00:07:50.639 --> 00:07:54.920 big data, right, or just basic search engine results, or 154 00:07:54.959 --> 00:07:58.879 maybe social media profiles. The specific starting point often depends 155 00:07:58.920 --> 00:08:01.079 on what you already know, what you're trying to find out. 156 00:08:01.279 --> 00:08:03.759 Okay, so we've gathered our data. The next step in 157 00:08:03.800 --> 00:08:07.160 the cycle is processing and evaluation. The sources mentioned a 158 00:08:07.240 --> 00:08:11.000 couple of interesting techniques here, reset and gap analysis. Let's 159 00:08:11.000 --> 00:08:12.000 start with reset. Okay. 160 00:08:12.040 --> 00:08:16.120 The reset technique it stands for refresh, explore, think, seek. 161 00:08:16.800 --> 00:08:18.839 It's basically a way to get a fresh perspective when 162 00:08:18.879 --> 00:08:19.480 you feel stuck. 163 00:08:19.560 --> 00:08:20.319 We all get stuck. 164 00:08:20.399 --> 00:08:23.319 Absolutely, It encourages you to take a break, maybe look 165 00:08:23.319 --> 00:08:25.879 at things from a different angle, think creative right, find 166 00:08:25.920 --> 00:08:28.639 the box, yeah, without being limited by your current focus, 167 00:08:28.959 --> 00:08:32.399 and then actively look for new information or new ways 168 00:08:32.399 --> 00:08:35.720 to approach the problem, like taking the walk exactly. The 169 00:08:35.799 --> 00:08:38.159 example of taking a thirty minute walk to clear your 170 00:08:38.200 --> 00:08:40.919 head and come back with a fresh outlook. That's reset 171 00:08:40.960 --> 00:08:41.399 in action. 172 00:08:41.679 --> 00:08:43.480 Sounds like a good way to avoid getting lost in 173 00:08:43.480 --> 00:08:46.440 the weeds. And what about gap analysis? How does that 174 00:08:46.559 --> 00:08:48.679 help in processing and evaluating? 175 00:08:49.039 --> 00:08:53.399 Gap analysis is a bit more systematic. It's a technique 176 00:08:53.720 --> 00:08:55.159 for breaking down an investigation. 177 00:08:55.320 --> 00:08:56.039 How does it work? 178 00:08:56.360 --> 00:09:00.120 It involves asking four key questions what do I already know? Oh, 179 00:09:00.240 --> 00:09:02.480 what does this mean? What do I still need to know? 180 00:09:03.000 --> 00:09:05.120 And crucially, how do I find that out? 181 00:09:05.200 --> 00:09:05.519 Okay? 182 00:09:05.600 --> 00:09:08.840 By methodically answering these you can break down large amounts 183 00:09:08.879 --> 00:09:12.159 of info into a more manageable form and identify the 184 00:09:12.200 --> 00:09:13.720 critical gaps in your knowledge. 185 00:09:13.759 --> 00:09:15.159 The example with the image was good. 186 00:09:15.240 --> 00:09:18.159 Yeah, analyzing the image, noting the boat, the German flag, 187 00:09:18.279 --> 00:09:21.200 the name temptation, and then asking what those details imply 188 00:09:21.320 --> 00:09:23.519 and what else you need to know? It really shows 189 00:09:23.600 --> 00:09:26.320 how effective this can be. It forces you to be methodical. 190 00:09:26.600 --> 00:09:29.960 Right, It's about being methodical in your approach. Okay, after 191 00:09:30.000 --> 00:09:34.759 processing and evaluation comes analysis in production, making sense of 192 00:09:34.799 --> 00:09:37.080 it all. Documentation seems really key. 193 00:09:36.919 --> 00:09:40.679 Here, absolutely essential. Taking detailed notes, capturing the data you find. 194 00:09:41.279 --> 00:09:43.039 You just have to do it or you'll forget or 195 00:09:43.080 --> 00:09:47.120 lose track exactly and depending on how complex the cases, 196 00:09:47.559 --> 00:09:52.519 visualizations like mind maps, charts, graphs, they can be incredibly. 197 00:09:52.080 --> 00:09:53.480 Useful for seeing connections. 198 00:09:53.559 --> 00:09:58.120 Yeah, for understanding entities, connections, characteristics. Link analysis charts are 199 00:09:58.120 --> 00:10:01.960 great for visualizing relationships between people, for instance, Right, while 200 00:10:02.000 --> 00:10:04.279 mind maps can help you see how different pieces of 201 00:10:04.320 --> 00:10:07.840 information relate and maybe spot potential pivot points you missed. 202 00:10:08.399 --> 00:10:11.200 The key is finding a documentation method that works for 203 00:10:11.240 --> 00:10:13.600 you and allows for collaboration if needed. 204 00:10:13.799 --> 00:10:16.799 The sources even mentioned specific tools for this, like Hunchly 205 00:10:16.919 --> 00:10:18.080 in Obsidian. Yeah. 206 00:10:18.159 --> 00:10:21.559 Hunchley is a browser extension. It's designed to automatically grab 207 00:10:21.639 --> 00:10:24.000 and organize your web based research as you go. 208 00:10:24.159 --> 00:10:25.600 Sounds handy any downsites? 209 00:10:25.840 --> 00:10:28.480 Well, One thing is it only works with chromium based 210 00:10:28.519 --> 00:10:32.519 browsers like Chrome or Edge, and some users find its 211 00:10:32.559 --> 00:10:36.919 little overlay box a bit intrusive. But it's powerful for. 212 00:10:36.919 --> 00:10:39.559 Autocapture okay, and Obsidium. 213 00:10:39.639 --> 00:10:43.039 Obsidian is different. It's note taking software. It stores your 214 00:10:43.039 --> 00:10:45.600 notes locally on your machine, which is great to privacy, 215 00:10:46.000 --> 00:10:48.440 and lets you create links between notes. 216 00:10:48.320 --> 00:10:50.960 More like building a personal wiki kind of. Yeah. 217 00:10:51.080 --> 00:10:55.519 It offers features like graph views, seeing the connections visually, slideshows, 218 00:10:55.639 --> 00:10:57.559 even automatic mind map generation. 219 00:10:57.679 --> 00:10:58.519 Why do people like it? 220 00:10:58.600 --> 00:11:00.720 People tend to like it because it's easy to use. 221 00:11:00.759 --> 00:11:03.480 Your data stays secure on your own computer, and it 222 00:11:03.519 --> 00:11:06.120 offers a lot of flexibility in how you organize things 223 00:11:06.320 --> 00:11:07.600 free for personal use too. 224 00:11:07.720 --> 00:11:10.840 Good options. Yeah, okay. So once we've analyzed everything, the 225 00:11:10.879 --> 00:11:13.799 next step is production, putting it all together in a report. 226 00:11:14.320 --> 00:11:17.559 The sources emphasize this is critical, even if it's maybe 227 00:11:17.559 --> 00:11:18.799 not the most glamorous part. 228 00:11:18.919 --> 00:11:21.159 That's so right. All that hard work you put into 229 00:11:21.200 --> 00:11:25.120 collecting and analyzing, it's wasted if you can't effectively communicate 230 00:11:25.120 --> 00:11:27.120 your findings to the people who need them, right, the 231 00:11:27.159 --> 00:11:31.080 stakeholders again, exactly. The report needs to clearly answer the 232 00:11:31.159 --> 00:11:34.519 questions defined way back in planning and requirements, and it 233 00:11:34.559 --> 00:11:37.200 absolutely has to be tailored to the specific audience. 234 00:11:37.279 --> 00:11:40.039 So a CEO gets something different than say, a technical 235 00:11:40.120 --> 00:11:41.559 expert totally different. 236 00:11:41.600 --> 00:11:45.120 The CEO needs the bottom line quickly. The expert might 237 00:11:45.159 --> 00:11:47.639 need all the technical details. The report itself needs to 238 00:11:47.639 --> 00:11:51.159 be well organized, easy to read, key elements, clear title 239 00:11:51.240 --> 00:11:56.039 and date. Obviously, and crucially, an executive summary gets straight 240 00:11:56.080 --> 00:11:59.679 to the point, uses the BLUF approach, bottom line up front, 241 00:12:00.519 --> 00:12:03.159 got it, and the information in the report needs to 242 00:12:03.200 --> 00:12:07.639 be accurate, relevant, objective. The example the US government struggles 243 00:12:07.639 --> 00:12:11.559 to implement OSENT shows that kind of direct statement you 244 00:12:11.639 --> 00:12:13.360 might find in an executive summary. 245 00:12:13.759 --> 00:12:18.360 Clear concise, clear, concise, tailored key for reporting uh okay, 246 00:12:18.360 --> 00:12:20.919 shifting gears a bit. The sources introduced this idea of 247 00:12:20.960 --> 00:12:24.240 the adversarial mindset. Why is it important for someone doing 248 00:12:24.279 --> 00:12:26.320 ocent to well think like an attacker? 249 00:12:26.720 --> 00:12:30.519 Adopting an adversarial mindset? It really helps you understand potential targets. 250 00:12:30.559 --> 00:12:32.840 What kind of data might be valuable to someone looking 251 00:12:32.840 --> 00:12:35.000 to cause harm? How might they try to get it? 252 00:12:35.200 --> 00:12:37.039 So you can anticipate threats exactly. 253 00:12:37.639 --> 00:12:40.639 This perspective is really important for creating intelligence that can 254 00:12:40.720 --> 00:12:45.519 lead to proactive security measures. By understanding the techniques attackers use, 255 00:12:45.679 --> 00:12:48.320 how they might get into systems, how they collect information, 256 00:12:48.799 --> 00:12:51.120 you can better identify weak spots. 257 00:12:50.879 --> 00:12:55.799 In an organization's online presence or even in individuals both. Yeah. 258 00:12:55.919 --> 00:13:00.480 It's a common approach in threat intelligence, red teaming security testing, 259 00:13:01.360 --> 00:13:02.759 thinking like the bad guy to. 260 00:13:02.720 --> 00:13:05.639 Find the holes, which leads us directly to the crucial 261 00:13:05.679 --> 00:13:10.879 topic of operational security op set. Why is OPSX so 262 00:13:11.000 --> 00:13:12.639 vital for someone involved in ocent? 263 00:13:13.080 --> 00:13:16.480 OHPSC is absolutely essential. You have to protect yourself and 264 00:13:16.519 --> 00:13:18.240 your investigations. 265 00:13:17.519 --> 00:13:19.039 Because the work can be risky. 266 00:13:18.840 --> 00:13:21.000 Exactly because of the nature of the work. You might 267 00:13:21.039 --> 00:13:24.639 be dealing with sensitive information or looking into potentially hostile 268 00:13:24.679 --> 00:13:28.679 individuals or groups. Good OPS practices help prevent your activities 269 00:13:28.679 --> 00:13:31.519 from being detected traced back to you. It ensures your 270 00:13:31.559 --> 00:13:33.480 safety and the integrity of your research. 271 00:13:33.799 --> 00:13:37.480 Okay, the sources outline a specific OPSE process. What are 272 00:13:37.519 --> 00:13:39.120 the main steps involved there? Yeah? 273 00:13:39.200 --> 00:13:44.159 The OPSC process usually includes several steps. First, you analyze 274 00:13:44.159 --> 00:13:45.559 the threat who might be targeting you? 275 00:13:45.840 --> 00:13:46.159 Okay? 276 00:13:46.240 --> 00:13:49.840 Then you determine vulnerabilities where are your weak spots? Followed 277 00:13:49.840 --> 00:13:52.399 by a risk assessment how likely is an attack and 278 00:13:52.440 --> 00:13:56.159 what's the impact? And finally you apply countermeasures to plug 279 00:13:56.159 --> 00:13:56.600 the holes. 280 00:13:56.679 --> 00:13:56.919 Right. 281 00:13:57.480 --> 00:14:00.879 It's a systematic way to identify potential day and put 282 00:14:00.919 --> 00:14:02.799 measures in place. To reduce those risks. 283 00:14:03.080 --> 00:14:06.279 One interesting method mentioned is the persona non grata or 284 00:14:06.360 --> 00:14:07.360 PNG method. 285 00:14:07.559 --> 00:14:11.639 What's that about the PNG method? It involves creating detailed 286 00:14:11.639 --> 00:14:16.000 profiles of potential adversaries. You actually give them names, backgrounds, 287 00:14:16.039 --> 00:14:16.919 skill sets. 288 00:14:16.879 --> 00:14:19.120 Like creating fictional characters sort of, Yeah. 289 00:14:19.360 --> 00:14:22.279 But based on realistic threats. This helps you think from 290 00:14:22.320 --> 00:14:25.720 their perspective, understand their goals, how they might operate, and 291 00:14:25.759 --> 00:14:28.879 it helps you spot weaknesses in your own opsec strategy. 292 00:14:29.000 --> 00:14:32.879 That's clever proactively thinking about how someone might target you exactly, 293 00:14:33.200 --> 00:14:35.440 and when it comes to actually applying those countermeasures. What 294 00:14:35.559 --> 00:14:37.080 kind of privacy tools are available? 295 00:14:37.320 --> 00:14:40.279 There are several tools that can really enhance your OPSS. 296 00:14:40.720 --> 00:14:43.039 VPN's Virtual private networks are common. 297 00:14:43.279 --> 00:14:44.080 What do they do again? 298 00:14:44.159 --> 00:14:47.279 They encrypt your Internet traffic and hide your real IP address, 299 00:14:47.679 --> 00:14:50.360 makes it harder to track your online activities back to you. 300 00:14:50.639 --> 00:14:51.000 Okay. 301 00:14:51.759 --> 00:14:55.639 Then there's tor, the Onion router. It provides anonymous browsing 302 00:14:55.639 --> 00:14:59.799 by routing your traffic through multiple servers multiple relays, obscures 303 00:14:59.799 --> 00:15:01.279 your origin and destination. 304 00:15:01.960 --> 00:15:02.799 Can you use both? 305 00:15:02.960 --> 00:15:06.159 Yeah? Using both a VPN and tour together can offer 306 00:15:06.200 --> 00:15:09.720 an extra layer of security. Free net is another option 307 00:15:09.799 --> 00:15:13.200 it's a peer to peer platform using decentralized storage and 308 00:15:13.320 --> 00:15:15.200 encryption for anonymous communication. 309 00:15:15.519 --> 00:15:18.960 Virtual machines vms are also mentioned for security. How do 310 00:15:18.960 --> 00:15:19.440 they help with. 311 00:15:19.399 --> 00:15:24.039 OPSA VMS let you run separate, isolated operating systems on 312 00:15:24.080 --> 00:15:26.840 your main computer, like a computer within your computer, a 313 00:15:26.879 --> 00:15:29.879 sandbox exactly a digital sandbox. So if you click on 314 00:15:29.919 --> 00:15:33.559 a risky link or open a dodgy attachment, it's contained 315 00:15:33.600 --> 00:15:36.480 within that virtual environment. It can't harm your primary system. 316 00:15:36.519 --> 00:15:39.840 But they're not perfect, right, It's worth noting vms aren't 317 00:15:39.840 --> 00:15:43.519 a silver bullet against everything. Things like webcam hijacking or 318 00:15:43.639 --> 00:15:45.600 browser fingerprinting might still be issues. 319 00:15:45.639 --> 00:15:47.279 Browser finger printing, what's that? 320 00:15:47.759 --> 00:15:53.919 Ah, that's when websites collect data about your browser configuration, fonts, graphics, 321 00:15:53.960 --> 00:15:58.120 card drivers, plugins, all sorts of tiny details. 322 00:15:57.679 --> 00:15:59.399 Could identify you potentially. 323 00:15:59.519 --> 00:16:03.360 Yes, enough of these details combined can create a unique 324 00:16:03.360 --> 00:16:06.279 fingerprint that can identify you even if you're using a 325 00:16:06.360 --> 00:16:08.679 VPN or VM. It's a tricky. 326 00:16:08.360 --> 00:16:11.639 Area, okay. Another key part of US and OPSEC seems 327 00:16:11.639 --> 00:16:15.919 to be using research accounts or sock puppets. Yeah, what's 328 00:16:15.919 --> 00:16:18.320 the idea there? Creating fake profiles? 329 00:16:18.480 --> 00:16:22.000 Pretty much? Yeah, research accounts are separate online profiles you 330 00:16:22.080 --> 00:16:24.840 create and maintain specifically for your OCENT work. 331 00:16:24.720 --> 00:16:26.480 To keep it separate from your real life. 332 00:16:26.559 --> 00:16:30.399 Exactly, keep your personal online life completely separate from your 333 00:16:30.399 --> 00:16:33.360 research activities. But just creating them isn't enough. 334 00:16:33.480 --> 00:16:34.600 You have to make them look real. 335 00:16:34.679 --> 00:16:37.159 You got it. To make these accounts look legitimate, you 336 00:16:37.200 --> 00:16:40.559 need to engage in consistent activity that mimics normal human behavior, 337 00:16:40.679 --> 00:16:44.639 like what adding friends, making comments, liking posts, sharing relevant 338 00:16:44.679 --> 00:16:48.519 content stuff related to the persona you've created, and doing 339 00:16:48.519 --> 00:16:50.240 it at typical regional hours. 340 00:16:49.960 --> 00:16:51.480 So they don't get flagg by algorithms. 341 00:16:51.720 --> 00:16:54.919 Right. This helps prevent social media platforms from flagging the 342 00:16:54.960 --> 00:16:58.559 accounts as suspicious and potentially shutting them down. You want 343 00:16:58.559 --> 00:17:01.960 to blend in mean some of that you can. The 344 00:17:02.000 --> 00:17:06.559 source mentions nico building recipes with IFTTT, if this then 345 00:17:06.640 --> 00:17:10.640 that to automate posting things like soccer scores to keep 346 00:17:10.640 --> 00:17:11.799 a persona active. 347 00:17:12.039 --> 00:17:15.160 That makes a lot of sense. Blend in to observe effectively, 348 00:17:15.200 --> 00:17:19.240 don't raise red flags. Okay, let's move into part two 349 00:17:19.319 --> 00:17:23.720 of the sources. This dives into specific OCENT touch points, 350 00:17:23.759 --> 00:17:26.680 starting with something really fundamental. Search engines. 351 00:17:26.839 --> 00:17:30.880 Yes, search engines absolutely central to OCENT they're versatile, they're free, 352 00:17:31.200 --> 00:17:33.480 and often the first place you'll go on starting well 353 00:17:33.519 --> 00:17:34.759 pretty much any investigation. 354 00:17:34.880 --> 00:17:37.640 The mastering search engines is key, more so than fancy 355 00:17:37.680 --> 00:17:39.000 tools sometimes definitely. 356 00:17:39.079 --> 00:17:41.960 While specialized tools have their place, mastering how to use 357 00:17:41.960 --> 00:17:45.720 search engines effectively is absolutely essential. Don't underestimate the basics. 358 00:17:45.759 --> 00:17:48.400 The sources suggest using different search engines depending on what 359 00:17:48.440 --> 00:17:50.960 you're looking for right, not just Google right. 360 00:17:51.400 --> 00:17:54.400 Different search engines use different algorithms the index different parts 361 00:17:54.440 --> 00:17:56.960 of the web, so for more targeted results, it helps 362 00:17:57.000 --> 00:18:00.160 to use search engines popular in specific regions or languages. 363 00:18:00.240 --> 00:18:04.559 Examples Bad is good for researching Chinese entities, yandex is 364 00:18:04.640 --> 00:18:07.799 useful for Russian content. And a good tip is to 365 00:18:07.799 --> 00:18:10.480 set your VPN to the region you're investigating. That can 366 00:18:10.519 --> 00:18:12.920 sometimes give you more relevant local results. 367 00:18:13.319 --> 00:18:15.839 How do you find out which search engine is popular somewhere? 368 00:18:16.400 --> 00:18:19.480 The website similar web dot com for top dash websites 369 00:18:19.559 --> 00:18:23.559 is a good resource for identifying popular sites, including search engines, 370 00:18:23.640 --> 00:18:24.920 in a particular region. 371 00:18:25.119 --> 00:18:27.480 Good tip. It's a good reminder that Google isn't the 372 00:18:27.519 --> 00:18:30.240 only game in town, and the sources also kind of 373 00:18:30.240 --> 00:18:33.359 push back against the idea that you always need specialized 374 00:18:33.400 --> 00:18:35.920 tools to be great at ocent exactly. 375 00:18:36.480 --> 00:18:39.880 While specialized tools can definitely be helpful, a strong understanding 376 00:18:39.920 --> 00:18:43.400 of basic ocent techniques, especially how to use search engines 377 00:18:43.440 --> 00:18:46.599 really well, is far more important. The Defcon story, Yeah, 378 00:18:46.680 --> 00:18:49.319 the story about winning the Defcon twenty eight Missing Persons 379 00:18:49.359 --> 00:18:52.960 Capture the Flag event using mostly basic ocent skills really 380 00:18:53.000 --> 00:18:53.480 highlights this. 381 00:18:53.599 --> 00:18:56.240 It's about the fundamentals, and that brings us to the 382 00:18:56.279 --> 00:19:01.319 power of Google dorking. What are these advanced search operators? 383 00:19:01.400 --> 00:19:05.039 How do they help Google doorking? It sounds funny, but 384 00:19:05.119 --> 00:19:09.079 it's powerful. It involves using special commands and syntax within 385 00:19:09.119 --> 00:19:12.440 the Google search bar to really narrow down your searches. 386 00:19:12.119 --> 00:19:13.880 To find stuff you wouldn't normally find. 387 00:19:13.680 --> 00:19:16.400 Exactly, find information that might not show up with simple 388 00:19:16.480 --> 00:19:20.880 keyword searches. You can use operators like site to search 389 00:19:21.000 --> 00:19:24.680 only within a specific website okay, or in title to 390 00:19:24.759 --> 00:19:27.720 look for keywords just in the page title, or combine 391 00:19:27.799 --> 00:19:31.559 keywords with terms like misconduct for business intelligence or specific 392 00:19:31.640 --> 00:19:33.799 technology names for industrial intel. 393 00:19:33.920 --> 00:19:35.920 So it's about being really precise, very. 394 00:19:35.799 --> 00:19:39.359 Precise, filtering out the noise, pinpointing the information you actually need. 395 00:19:39.519 --> 00:19:41.559 It's a core OCENT skill. 396 00:19:41.480 --> 00:19:45.519 Got it, Okay. The next touchpoint explored is subject intelligence, 397 00:19:45.839 --> 00:19:48.000 focusing on a person's digital footprint. 398 00:19:48.200 --> 00:19:52.240 Yes, subject intelligence. It's fundamental because well, people are involved 399 00:19:52.240 --> 00:19:56.440 in virtually everything. Right. It's about gathering and analyzing publicly 400 00:19:56.480 --> 00:20:00.680 available information about an individual to get a comprehensive understanding 401 00:20:00.720 --> 00:20:03.720