RECON VILLAGE - Introducing YOGA: Your OSINT Graphical Analyzer
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 322 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/39962 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Web 2.0Hacker (term)
00:17
Demo (music)Multiplication sign
00:45
Hecke operatorStorage area networkOpen source
01:17
Right angleSingle-precision floating-point formatType theory
01:31
Cycle (graph theory)Uniform resource locatorTrailWeb 2.0Order (biology)Product (business)
01:58
Electronic mailing listSlide ruleWebsite
02:13
WebsiteWeb pageLink (knot theory)Type theorySoftware frameworkGoodness of fitData miningSingle-precision floating-point format
03:02
WebsiteWeb pageSoftware frameworkLink (knot theory)Software testingInformationMeeting/Interview
03:56
Level (video gaming)InternetworkingWebsiteInformationMedical imagingReverse engineeringArrow of timeWeb pageDot productType theorySource codeWeb 2.0Uniform resource locatorTrailMobile appOpen sourceRight angleMobile WebCode
05:38
Physical systemBitInternetworkingWeb browserMeeting/Interview
05:51
CodeGroup actionAddress spacePhysicalismBitConnected spaceProcess (computing)TwitterLine (geometry)Incidence algebraImage resolutionDependent and independent variablesFile archiverWebsiteHecke operatorCausalityGoogle MapsEmailInformationArrow of timeSelf-organizationRight angleComputer iconGreatest elementCoordinate systemType theoryZoom lensDifferent (Kate Ryan album)Resolvent formalismVisualization (computer graphics)Dot productAudio file formatWeb pageElectronic mailing listMultiplication signPower (physics)WordGoogol
10:18
WebsitePresentation of a groupLink (knot theory)Web pageScaling (geometry)Computer fileProbability density functionCentralizer and normalizerLevel (video gaming)Projective planeInformationCausalityElectronic mailing listFigurate numberSocial classBitStorage area networkVenn diagramOnline helpNumerical taxonomyOpen sourceWordSurgeryCartesian coordinate systemTowerOnline chatData conversionSoftware frameworkPhysical systemFormal languageMultiplication signRight anglePlanningUniform resource locatorLecture/Conference
Transcript: English(auto-generated)
00:00
Okay, so I'm just going to really briefly introduce Mika Hoffman. Um, his web handle is webbreacher and if you look online, like I've been looking at recently, um, he calls himself both a hiker and a hacker. I've also learned that he, he broke his fifth metatarsal playing volleyball, um, in March of this year. Um, this is gonna be a live demo of yoga, um, without further ado, I'll hand it over to Mika to
00:23
introduce yoga. Thank you very much. Hi everybody, thank you! Alright. Uh, first off, my name is Mika, not to call you out in front of everybody, but, uh, I'm very happy to be here and thank you for, so much for spending some time with me. Um,
00:40
it's gonna be a demo, but I also want to challenge you because what I'm finding in the OSINT world is that, um, we, we're getting caught up in the wield of suck and I want to break out of that. Alright, so before we do that, there's the obligatory, who the heck is this guy? Um, I am an OSINTer, an
01:02
OSINT instructor. I'm a SANS instructor. I wrote a course on open source intelligence for SANS, um, and I just love anything and everything OSINT. And with that, that said, I have a question. Anybody here know how to cook, like really cook or bake, right? Yeah. Okay. So my hands went up. Now,
01:22
when you learned how to cook or bake, did you start out by learning every single fruit or vegetable, every single piece of meat, every single type of flour? No, you learn what you needed to do to get that recipe made and then you worked
01:41
according to that recipe in order to create the product you were going to then eat. And yet in OSINT now, we are caught in this cycle of resource after resource cataloging these wonderful URLs that can help us track ships or find things on the dark web.
02:01
And so we have these lists. You've probably seen some of them. This is Technizet's website. Great. Oh, by the way, this talk is, these slides are already posted on my GitHub. You're welcome to take pictures if you want, but the slides are already on GitHub and I'll give you that URL at the end. Okay. Um, so Technizet has an amazing website out there in the Netherlands,
02:22
start.me page, and it has all of these wonderful resources that are categorized according to how she wanted to categorize him. It's great. And in fact, Bruno Mortier, he did the same thing, but he has even more links. In fact, he has links to sites that have more links.
02:42
Do you see where I'm going here? Because it's not only that, we've got OSINT framework by Justin Nordin, good buddy of mine. He's got a lot of links and I think we have a problem. That problem is, is we're stuck describing every single type of ingredient instead of
03:01
understanding how to use those ingredients to create a wonderful OSINT assessment. And so what I did was I looked at each one of those sites, each one of those start.me pages, OSINT framework, and some other sites. And what I found is that we've got hundreds and thousands of links out there
03:21
that people are categorizing the way they want, that are duplicative. And it's confusing. In fact, we have over 6,000 links across these sites. Now you think about this, have you ever done an OSINT assessment or pen test, recon, or stalked, done some research on a friend or something like that? Yeah.
03:42
Knowing where to get that information is great, but being overwhelmed by the ingredients, that's overwhelming. So what I challenge you to do is figure out a way to understand how these ingredients, how these URLs, how this flight tracker and how that Bitcoin tracking app,
04:04
how those things fit together. And in fact, the way I was thinking of it is, you know, if you use, if this, then that, you know, it's kind of just like that. It's like, if I have this information, what do I do with it? You know, how do I get that? And what is that?
04:21
And we need to do it at a level that we can understand and work through. It's kind of a methodology, but at an abstracted level. So without further ado, I present to you Yoga. Yoga is your OSINT graphical analyzer. It's on the internet right now. Mobile devices work really well with this. And all it is,
04:42
is a webpage with some JavaScript in it. That's it. But the thing about yoga is, is I don't go and tell you do a duck, duck, go search. I don't tell you to go ahead and do a who is on this site. What we talk about here is we have a certain type of information.
05:02
Like maybe you found an image in your assessment. What do you do with it? Well, we might need to do a reverse image search. Okay. It says go do a reverse image search, and there's an arrow from image to reverse image search. So it's kind of like that methodology of connecting the dots and it connects a
05:21
lot of dots. In fact, it's available on the internet. The source code you can pull down. And the thing about it, I tried to keep it simple. I tried to keep it just very, very easy to use. And so all it is is HTML and JavaScript. You download it onto your web and onto your system and you can run it locally
05:44
without even having access to the internet. It's pretty cool. So let me show you a little bit about yoga. So this is yoga. When you go to the page, I got somebody who's really nice. Actually, pelicans. Shout out to my buddy, pelicans.
06:01
He created this beautiful little logo and it's, this is an interactive site. So when you pull it up, you can zoom in with your mouse or use these little icons at the bottom to move the diagram around. And let's just take something here, like a GPS coordinates. You click on the GPS coordinates and all of the connections to and from the GPS
06:22
coordinates are highlighted. And you see that with the GPS coordinates, I'll zoom in there for you with GPS coordinates. We might, Oh, and you can move these around. Yeah. If you ever want to kill time, you can just like move them around and see how they, I don't know. I had a lot of fun with this. So if you have GPS coordinates, you can go over here and get a physical address. Kind of makes sense, right?
06:44
You have something, you get something. Now, I'm not telling you where to go to get that address. You can go to Google maps or Yandex or Bing or whatever, but that's the thought process. And that is the power of yoga. It helps you figure out what's my next step. And I've,
07:02
everything here is mouse overable. It's a word. And in fact, so if I mouse over here, it says resolve GPS coordinates to an address and back. Cool. If you mouse over a node like physical address, it gives you an example of what a physical address might look like if you've never seen one.
07:20
Let's take a look a little bit about what the code actually looks like since this is a demonstration. And I show you this because somebody hit me up on Twitter and said, Hey, Micah, I'm not really doing OSINT, but I love the visualization thing. And can I take that and do that and do the same thing you did here for
07:40
OSINT with my internal processes, my incident response and incident handling processes? I thought, well, yeah, absolutely. Why the heck not? And it's really simple. I've, again, I've tried to keep the code simple. I've tried to keep it easy to read. This stuff up here is that's the code for not easy to read. But down here is where we get into the actual nodes.
08:03
Now a node is one of these dots. Okay. And an edge is the connection between those dots. So here's a node hashtag and here's a connection right here from hashtag to wedding site or wedding site to a hashtag. Cause you know, some people have wedding sites and they say, Oh,
08:23
Hey, you know, go to hashtag Micah's wedding or something like that. So these types of things. So we have edges and nodes. And if we switch back over here to the code, I'm going to zoom out just a little bit so you can see how just beautifully formatted it is. I've separated out into different types of code. So the group one stuff,
08:45
the blue nodes are facts and data like physical addresses, audio files, business names, and such like that. And then we have other types of nodes. And as you go down the list, we take those nodes and we make the edges and connect things together.
09:01
You can do this too. You can download this and then add to it, whatever you want to do in your process. And then you have a living document that you can use. So if we scroll down, scroll down, scroll down, scroll down, down here, we have the edges back on line 83. I'm going to zoom out just so you can see that if you do like it at normal
09:21
resolution you can see up here, we've got these, I mean, it's nicely, nicely formatted there. And all it is, is it says, Hey, go from don't, let's see, go from archive site search, wait, here we go from business name to HTTPS certs, right?
09:43
Cause one of the things we do is if you have a business name like Google, Google probably has HTTPS certs in those HTTPS certs. We might have email addresses, people's names and other internal information. So we need to do that search. So I'm connecting one node to another node and I'm putting an
10:01
arrow too. And then inside here is the pop-up information. And you could take this document, download it, customize it, however you want and use it in your internal organization. And so that's yoga. I mean, that's, that's really the heart of it. And as I was doing this, as I was making this application and I thought, well, this is really cool.
10:23
Now we have the, the, the, I have this and I, I can look for this or I can look for this. I can look for this. I thought, well, now we've got it putting together and now we have another problem, right? Because if you remember back to all of these links, we've essentially created this wonderful tower of Babel for ourselves
10:44
because those links, each person that has the site, OSINT framework, technoset, start me page, whatever categorizes their links according to how they want to categorize their links, right? I mean, it's my site. I put it however I want.
11:00
So when you are doing your OSINT assessment and you are trying to find how to track this ship or how to look up information on a license plate, you go to OSINT framework and you're like, okay, well, that's going to be in vehicles and then here and then that. And then, you know, technoset site, it's totally different. That's a problem.
11:20
And then the other problem is, is that I really, I really wanted to make a Venn diagram here and I tried. I care about you so much. I tried. I spent all like a whole half hour on the plane. What? I actually downloaded all of those start me pages and I looked in the
11:41
websites and saw the JSON files of all the links and I was going to take all those links and map them and see what the overlap is between all of those different sites. Create a mind map or a geffy file. Cause I thought you might appreciate that and I failed. But as a thought experiment,
12:00
if you have hundreds and hundreds and hundreds of these links, these URLs, I guarantee you there's a huge amount of overlap. And so what we really need now, now that we have that, I have this, I get this, and now we understand that all of these things that making lists of resources is good, but it's also complicated.
12:23
What we got to do is we got to come together as a community and figure out some kind of ossent taxonomy. We need to come up with a classification system for links. So when Justin Nordine goes ahead and create and creates that, that link for a great mission, uh, ship tracker and technoset does the same,
12:43
they're using the same words to describe it. To make it easier for you to use their there's tools. I love naming projects. So I present to you Orcs. Yes, Orcs. Orcs is the ossent resource classification system.
13:01
And I wish it was a hundred percent done. My goal was to make it a hundred percent done, but I don't know if any of you saw, I, I kind of busted my leg like you mentioned, um, and, uh, had some surgery and so I'm a little bit behind on things. Um, but the neat thing about this is if you have a, is that you all have a voice in how we do classification,
13:23
how we name and categorize sites. The community is working right now on the ossent team, uh, rocket chat application. Um, and you can join that application. You can join the rocket chat and you can join in the conversation about how
13:40
we're going to start categorizing all of these sites. And then my hope, my dream one day is that we will take Tech Nizeath's site and Bruno Mortier's site and that wonderful iIntelligence ossent handbook that they release every year. Has anybody seen that PDF? Yeah. I didn't put it in here because that PDF has 5,000 links in it and it
14:06
totally screwed up the scaling for the bar chart. 5,000 links in a PDF. So my goal is to help bring the community together, help create a system so that we can talk the same way, tag the resources,
14:22
create some kind of centralized system, and then when you go to talk about something, you can go to anybody's site and we're all talking the same language. That's my goal. It's going to take some time. It's going to take some work. We've got some great people on the project already and I'm very, very excited about it, but I did want to let you know about it. Okay?
14:42
Now that is the end of my talk. So I, I'm, I know I sped it up a little because I know we're behind. That's the end of my talk. Here's my contact information. Again, there's where the presentations are and I put all of my presentations up there. So tomorrow's presentations up there too.
15:00
Also there's a link to the SANS class that I'm teaching, the Sec 487, which is six days of open source intelligence gathering and I love to talk to anybody about that. Since we have a little bit of time, are there any questions that you have for me? Of course not. It's just the website, right? All right. Well, thank you for your time everybody. I appreciate it.