Open-Source Intelligence (OSINT) for Attack Surface Mapping

During this 2-day workshop, participants will delve into the realm of Open-Source Intelligence (OSINT) techniques specifically tailored for mapping cyber-attack surfaces. Through hands-on sessions, attendees will gain practical insights into the tools and techniques essential for comprehensively mapping and analyzing an organization’s digital footprint, and more.

USD $1,399.00


2 days

Delivery Method




Seats Available



2 days

Delivery Method




ATTEND IN-PERSON: Onsite in Bangkok, Thailand

DATE: 27-28 August 2024

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
27 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
28 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

This workshop will kick off by exploring the fundamental concepts of OSINT and how they fit into the broader landscape of cybersecurity. Participants will gain clarity on the goals and techniques that drive effective OSINT practices.

We will be identifying and understanding an organization’s digital assets. What are these assets, and why are they crucial? During the workshop we will discuss the importance of starting the enumeration process with the right “seeds” to uncover hidden information.


We will then dive into the following key areas:
  • Hosts: what constitutes a host, and how can we uncover relevant details about them? Leveraging tools such as WHOIS, we will explore IP ranges, ASNs (Autonomous System Numbers), and identify & map cloud-based assets.
  • Hostnames: the DNS (Domain Name System) protocol plays a pivotal role in our hunt. Students will learn how to extract valuable data by interacting with DNS servers. Additionally, we will leverage a few techniques to differentiate between internal and external hostnames and understand what insights we can gain about the target organization’s technological stacks.
  • Network Services: we will explore how to identify relevant services, using a set of different tools such as NMAP. Moreover, we will focus on web protocols and applications to extract more intelligence: from web application profiling to vulnerability scanning, the participants will be equipped with the right set of practical skills.
  • Leaked Data: it is not just about digital infrastructure; the human element matters, too. We will discuss data leaks and their relevance, emphasizing the broader attack surface beyond digital assets.


What will the students get
  • Battle-tested and future-proof OSINT trades and techniques.
  • Fully configured Virtual Machine (VM) with a selection of pre-configured OSINT tools.



Agenda/Topics Covered


Open-Source Intelligence Introduction (OSINT)

  • What is Open-Source Intelligence (OSINT).
    • Objectives and Methodology.
  • OSINT for mapping Cyber Attack Surface.
    • Hunting for assets: what are we looking for?
      • Identifying the right initial starting “seeds” for
      • Hosts, hostnames, network services, leaked data, and beyond.
      • Just “why”? A curious case-study.


Hunting for Hosts

  • What is a Host?
  • What is WHOIS and how to leverage it.
  • IP ranges, ASNs, and cloud asset discovery.


Hunting for Hostnames

  • DNS primer: an old protocol for modern hunting.
  • Certificate Transparency Monitor (CTM).
    • Internal vs. External hostnames: why do you not exist?
  • Tools and services for effective subdomains enumeration.


Hunting for Exposed Network Services

  • How to identify relevant services.
  • Nmap Primer: you network scanner Swiss knife.
    • Scaling up: MASSCAN NMAP vs. NAABU.
  • It’s (most) all about web.
    • Web application profiling.
    • Web application metadata extraction.
    • Web application vulnerability scanning.
    • Your web toolset: nuclei & eyewitness.
      • Writing custom nuclei templates.


Hunting for Leaded Data

  • Data leaks and beyond: why are they relevant.
  • It’s not just digital infrastructure: the human attack surface.


Deducing the Security Postured from Mapped Attack Surfaces

  • Connecting dots: inferring the security posture of an organization from mapped assets.
  • Case study: formulate a remediation plan based on the outcome of OSINT activities.


Why You Should Take This Course

During this 2-day workshop, participants will delve into the realm of Open-Source Intelligence (OSINT) techniques specifically tailored for mapping cyber-attack surfaces. Through hands-on sessions, attendees will gain practical insights into the tools and techniques essential for comprehensively mapping and analyzing an organization’s digital footprint, and more.

Who Should Attend

This workshop is designed for anyone interested in learning how to effectively enumerate and understand the attack surface of modern organizations, including:
  • Aspiring security professionals willing to learn effective OSINT techniques, which are the foundation of the Reconnaissance phase of external assessments.
  • Security analysts who are willing to learn how to map an organization’s attack surface and stay ahead of potential cyber threats.
  • Students willing to mature competences required to fulfill a future role in the cybersecurity industry.

Key Learning Objectives

  • Mastering OSINT fundamentals: understand the core principles of OSINT, its objectives and methodologies

  • Effective host identification and analysis: dive into the world of IPs and Hosts, leveraging WHOIS data to extract valuable information about hosts while exploring and identifying IP ranges, ASNs and cloud assets.

  • Uncovering hostnames: understand the role of hostnames in attack surface mapping, while exploring the DNS protocol and its details.

  • Mapping and profiling network services: how to identify relevant network services by leveraging multiple evergreen tools and techniques.

  • Human attack surface and leaked data: how to enumerate the human attack surface of an organization by leveraging leaked databases.
  • Prerequisite Knowledge

    Basic understanding of computer concepts and network architectures is preferred. No prior knowledge or experience on OSINT is required.

    Hardware / Software Requirements

    • Laptop running a Microsoft Windows 10+ or Apple macOS platform
    • CPU: 64-bit Intel i5/i7 with 4th generation + (2.0 GHz)
    • 8 GB of RAM or higher
    • 100 GB free space
    • Wi-Fi 802.11 capability (no wired connection available in the classroom)
    • Installed VMware Workstation / Player for Windows or VMWare Fusion for macOS
    • Local administrative access to the host OS is required

    Your Instructor

    Matteo Beccaro is a cybersecurity professional with over a decade of experience researching the security of critical systems and technologies employed in the cyber-physical domain, executing advanced cybersecurity assessments across the globe for top tier organizations, and designing & developing innovative cybersecurity solutions. Also, Matteo has been delivering and managing long-term training programs in Europe and the Middle East, to upskill security professionals and educate the next generation of cybersecurity professionals.

    During his career, he presented the results of his research efforts at prestigious conferences such as DEF CON, Hack in the Box, Black Hat Armory, 30th Chaos Communication Congress (30C3), ZeroNights, and many others.

    In 2015, he co-founded Opposing Force, the first Italian company specialized in delivering offensive cyber-physical services to challenge the security of organizations and their technologies, where he served as Chief Technology Officer (CTO) and led the security research on SCADA/ICS devices, Near Field Communication (NFC), and Electronic Access Control (EAC) technologies. In 2020, Matteo co-founded Lateral Thinking, a cybersecurity boutique focused on cybersecurity knowledge transfer and advanced educational programs.

    As co-founder of Adverse Theory, he is working on the company mission to empower clients with cutting-edge knowledge transfer initiatives and develop unconventional technologies to protect from tomorrow’s known and unknown cyber threats.

    Adverse Theory is a disruptive startup focused on delivering “unconventional” cybersecurity advisory services to support organizations in establishing security teams, managing large-scare security programs, and developing innovative security technologies.