Cyber Adversary Tradecraft & Open Source Intelligence is our introductory three-day course designed for all investigators, regardless of technical background.  The course focuses on effective OSINT techniques that minimise exposure to the target. 

Unlike other OSINT courses that focus on collection, this course also shows students the traps that are often set for them by sophisticated adversaries.  Many target groups actively perform counterintelligence and will seed false information or design traps to detect an investigation in progress.  CAT&OSINT covers both the tradecraft to work online safely and the latest OSINT techniques available for law enforcement, government or security researchers.

Course Overview

Day 1
  • Introduction to OSINT for investigators

  • What can be found?

  • What can be believed?

  • What is your digital exhaust?

  • Open, closed and hidden data sources 

  • Persistent an non-persistent operating systems

  • Cookies, user agents and forensic tells

  • VPNs, VPS and proxies

  • Creating personas for OSINT work

  • Using TAILS and TOR

  • Bouncing your traffic through VPNs

  • Exercise 1 - OSINT on the dark web


Day 2
  • Google hacking

  • Reverse image searching

  • Other search engines and data sources

  • Wayback Machine

  • Indirect access using snapshots

  • Forensic challenges with websites

  • API access to bulk data

  • Social media access and legalities

  • Maintaining personas and when to burn them

  • Counterintelligence risks for OSINT

  • Exercise 2 - Using your OSINT persona and VPNs


Day 3
  • Watering holes and other traps

  • Misinformation operations and fake news

  • Evaluating the target capability

  • Matching the target expectations

  • Planning your OSINT approach

  • Introduction to link analysis and critical thinking

  • Exercise 3 - Investigate an organised crime group

  • Exercise 4 - Investigate a state-based cyber actor

  • Exercise 5 - Sting operation on the dark-web


OSINT Cyber Range

Students make use of an unattributable cyber range to perform all OSINT exercises.  All network traffic is collected and examined for mistakes in tradecraft (such as VPNs dropping out).  Students are tasked with investigating pre-staged targets and must choose the appropriate tradecraft for each exercise.   Any mistakes are visible to students in real-time as we show social media interactions, web site logs or other forensic artefacts visible to the staged target groups.

The CAT&OSINT course is held intermittently at Cybermerc throughout the year.  We also regularly run custom versions of this course for Canberra agencies.  Please get in touch if you would like to talk about a group booking for your agency.

Suite 1, 31-37 Townshend Street, Phillip, ACT, 2606

0407 428 035

  • Twitter - Black Circle
  • LinkedIn - Black Circle

© 2018 by Cybermerc | Dare to be wise.