Open Source Threat Intelligence

Open Source Threat Intelligence -Defense – Monitoring – Recon and Strike capabilities. OSINT- Tools for Cyber Investigation –

gAtO sAy -In today’s world Threat Intelligence is always right at your finger tips. With Twitter and Facebook it’s a researchers dream come true. Before we start let’s become invisible on the web I would read –Anon Security -How to be Anonymous[1]. This is a guide written by the group Anonymous and frankly they do a great job of hiding. Just add your favorite and be safe and private. In the white hat world Anonymous is one of the bad guy’s but this growing movement will inspire the young and the lonely a place to be accepted. These crew(z) help you to help yourself, just read and educate yourself. If you want to be good at TI you have to learn from your advisories and friends.

A simple TOR and Best Free VPN will give you basic protection so you can start your work.


Get a Twitter account and ad TweetDeck to your tool kit and your world will open up to twitterSphere. Go to and check the trends this will give you another view into the hacker world. I won’t cover the darkWeb. Now with a simple browser (Firefox recommended) and a translate button you can start.



Take a look at This is a real-time mapping of twitter. There are dozens of tools like this that will let you gather Intelligence on what’s out there. Add country by country and you can see trends come out at you real-time. Enter SOPA in trendsMap and you can see that SOPA is a U.S thing but it’s getting world wide attention. We are speaking about free real time information at the people level. There are many more tools like these that can take the growing social aspect of the technology, the way the new adapters of this technology are using it and gather some great intel.

Example: During the Bradley Manning Trial because of the Anonymous Movement support for him the army was worried something would happened. With the capabilities that the new breed of hacktivism this is a reasonable threat.  The US Army hired Twitter Trend to monitor the Bradley chatter and were able to anticipate physical security depending on twitter-sphere chatter.

Learn how to search!!!!!

Look at google hacks[5] and see how the smart guy’s are using simple search commands and extracting tons of information. Read gAtO Cyber Security Tools[2] I found some really good tools to help any cyber investigation or researcher.


Google and other search engines are your best friends don’t forget to look at the wayBackMachine – if it was online since 1996 then they have that site mirrored. But wait let’s back up before we start down the road to discovery let’s look at what other successful folks have done to learn how to do it.

In order to have a starting point I took a look at what LulzSec was doing and then reverse-engineer them, this would give me the basic model for what the attackers are looking for.

This is the basic LulzSec 50 days of mayhem this bunch were(are?) the OCG (Original Cyber Gangster). If you look at there escapades you could reverse engineer it and build a basic model[7]. This is what gAtO came up with.

LulzSec Team 

Sabu – Captain of the Ship, organizing the team and planning strategies.

Topiary – Basically PR, updating Twitter and interviews with media.

Kayla – Mostly focused on RFI / LFI / SQLi and coordinating with the rest.

Tflow – Maintenance of LulzSec website and torrents.

Storm  – DDOS and also involved in PBS hack.

Pwnsauce – Coding required tools for the team and involved in Infragard hack.

Neuron – Coding and also involved in Sownage.

M_nerva – Deus Ex Game hack.

TrollPoll – Involved in Fox hack and seems to be the most paranoid of all.

JoePie – Updating the team with news related to LulzSec and other channels of interest.

Avunit – Seems focused on XSS and SQLi

Kl0ps, io, Palladium and Devrandom – Hackers supporting the team

Bitcoin Donations handled by Tflow, Topiary and Joepie

Team Strength – 13 or 15. It could be possible that some handles are used by same person.

Who are these Hacker?

gAtOmAlO sAy's


For law enforcement and Intelligence operators learn how “they” do it, look at how they adapt and develop new way of communication -right in front of our face, these groups are becoming the model of how to get things done online, we have terrorist organizations[8] looking at this model and adapting it to their needs. There are so many more resources out there for any researcher you just have to think like what your looking for and the resources are somewhere in cyberspace. The U.S is already [9]monitoring it own people why can’t you… -gAtO oUt 




[3] Underground Cyber War-TangoDown  OpMegaupload  –



[6] #TangoDown #OpMegaUpload Cyber War #anonymous  vs FiB  –

[7] Hacker Cyber crewz Diagram

[8] Timeline Middle East Hacker CyberWar ?0xomar – Hannibal

[9] U.S Monitors Social Media –

Real Time Web Monitoring – Traffic – Attacks – Latency –

Visualizing Akamai –

Akamai -Visualizing the Internet –



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: