Day 1

Tuesday
13th September 2022

9:00am - 4:30pm AEST

Closed-door series of sessions by and for Law Enforcement, Military and Federal agencies to discuss operational lessons learnt, OSINT tradecraft and emerging trends.

In person and virtual*
*Please note some sessions will not be available to the virtual audience at the request of the speaker

OSINT Support to Major Events – How the NZ Police OSINT Team collection supported the response to Wellington’s parliament grounds occupation

More sessions to come!

Proliferation of Online CBR Threats. A Deep and Dark Web OSINT Investigation.

Using OSINT to deanonymize dark web child sex offenders

Indicators & warnings through technical OSINT

9:00 - 9:03am

Welcome and Opening Address

9:03 - 9:45am

OSINT Support to Significant Events – How the OSINT supported staff on-the-ground and in head office during New Zealand’s Convoy protests

Presenter: Peter Tyson


The Police OSINT Team provided important intelligence before, during, and after the New Zealand convoy protest and parliament grounds occupation. We worked with other open source capable staff from around New Zealand to track the groups converging on Wellington, and then during the occupation we provided timely and valuable intelligence on the plans and movements of protesters.  OSINT contributed intelligence that helped the deployed staff respond firmly and tactfully to an event which challenged Police at all levels.

10:25 - 10:45am

Morning Tea Break

11:25am - 12:05pm

Cyber-Physical OSINT: Drone Challenges & Threats

Presenter: Mike Monnik - DroneSec


Drones represent the new frontier – kinetic, internet-connected devices with capabilities that include ferrying narcotics, dropping IEDs and conducting intelligence, surveillance and reconnaissance. In this talk we will review how new techniques in OSINT can aid the compromise sensitive drone data, hijack drone controls, evade law enforcement, disable counter-measures and discover new black markets funneling terrorist supply chains.

12:05 - 12:45pm

IN PERSON ONLY*

Using OSINT to deanonymize dark web child sex offenders

 

Presenter: Adele Desirs

Argos Victim Identification unit has been targeting producers of child sexual abuse for many years, and their investigative techniques have evolved as new tools and technology arise. This presentation will showcase how various open source techniques and tools including NexusExplore were used to identify a specific child sex offender who was operating on the darknet and sharing his production on a Pedo Tor Board.

 

*This session is only available to the in-person audience at the request of the speaker

VIRTUAL SESSION 

Practical tools for investigators

Speaker: Steven Rappold

As investigators we are faced daily with technology. As Technology can be a blessing, it can also be a curse at times. This session will give tool ideas, ways to make your investigations better, and most importantly forensically sound.

12:45 - 1:30pm

Lunch Break

1:30 - 2:10pm

IN PERSON SESSION

Opes Cyber Security and DXC National Security


Presenters: Aaron Breban and Steve Berichon

  • RFI services, exploitation of PII – managing attribution

  • Digital footprint assessment for Commercial Exec’s – aggregation

  • Developing trade-craft to interact with, store and ultimately exploit PII

  • Leveraging the noise. Utilising the significant digital and commercial footprint of global organisations for obfuscation.

  • Managing attribution. Challenges of “breaking” an SI’s internal governance & commercial structures

  • Sticking to competencies. Leverage an eco-system of competent partners as the environment is too expansive and dynamic to “own”

 

VIRTUAL SESSION 

No session will run virtually 

2:10 - 2:50pm

IN PERSON SESSION

Opes Cyber Security and DXC National Security


Presenters: Aaron Breban and Steve Berichon

  • RFI services, exploitation of PII – managing attribution

  • Digital footprint assessment for Commercial Exec’s – aggregation

  • Developing trade-craft to interact with, store and ultimately exploit PII
     

  • Leveraging the noise. Utilising the significant digital and commercial footprint of global organisations for obfuscation.

  • Managing attribution. Challenges of “breaking” an SI’s internal governance & commercial structures

  • Sticking to competencies. Leverage an eco-system of competent partners as the environment is too expansive and dynamic to “own”

VIRTUAL SESSION

OSINT: The Past, Present & Future

Presenter: Nico Dekens

This talk by Nico Dekens will go into the history of OSINT, look at the present state of OSINT but most importantly will look at the future of OSINT.


Nico will cover how OSINT has evolved and has been adopted by the Intelligence community, the journalism world and how online sleuths have embraced OSINT.

Nico will talk about the current state and challenges within OSINT and will take a deep look into what to anticipate in the near and distant future when it comes to OSINT gathering & analysis.

2:50 - 3:30pm

OSINT in criminal intelligence practice: Using open sources to geolocate online offenders

Presenter: Jimmy Aitken


Time and time again, criminal intelligence practitioners are asked to answer three key questions about an online offender: what’s their true identity, who’s in their inner circle - and most importantly - where are they located. This session will briefly describe how OSINT methods - with particular focus on geolocation – were used to find answers and drive successful investigations, when routine law enforcement enquires alone could not.

3:30 - 4:00pm

Wrap up

Day 2

Wednesday
14th September 2022


Symposium
9:00am - 4:00pm AEST
Networking event
4:00pm - 6:00pm

Open-door series of sessions by industry professionals to discuss OSINT, share valuable knowledge and foster greater public-private partnerships in Australia.  Networking sessions with drinks to end the day.

In person and virtual 

Using OSINT to Counter Foreign Interference

Protecting your Online Footprint

More session to come!

Geojournalism: How to Use Satellite Imagery to Verify Information and Uncover New Investigations

Future pathways for Open-Source Intelligence in government

Protecting your Online Footprint

The Devil Is In The Data: Sports betting investigations through the prism of open-source intelligence

9:00 - 9:03am

Welcome and Opening Address

9:03 - 9:45am

Using OSINT to Counter Foreign Interference

Presenter: Ben Cornish

 

Foreign Interference is becoming an increasingly relevant risk consideration for governments, industry and organisations, particularly those connected to Critical Infrastructure. But it is not just the responsibility of government or security agencies to protect us from foreign interference activities.
 

In this presentation, Ben will discuss why organisations need to be proactive in identifying, assessing and managing Foreign Interference Risks and explore, using various case studies, how OSINT can be used illuminate these risks and enable the implementation of mitigations strategies.

10:25 - 10:45am

Morning Tea Break

10:45 - 11:25am

Future pathways for Open-Source Intelligence in government

Presenter: Adam Calver

 

Open-source intelligence collection is a relatively new capability within most of New Zealand’s governmental agencies. As a small nation, with an even smaller intelligence community, how do we best create a collective operating environment with the intent to promote professional excellence?

 

Adam, Principal Open-Source Analyst at the NZ Ministry of Business, Innovation & Employment, will discuss future pathways for open-source tradecraft and training in government; the recently launched open-source hub ‘Te Whakaara’ that is working to evolve New Zealand’s OSINT environment, with an emphasis on the practitioner; and the potential success that comes from outsourcing training to an external service provider.

12:05 - 12:45pm

The Devil Is In The Data: Sports betting investigations through the prism of open-source intelligence

Presenter: Jack Kerr

 

The explosive growth of online gambling in recent years has been mirrored by a huge increase in match fixing, with one in every 200 games now believed to be fixed. Money launderers have also welcomed this new way of betting, and both these problems are exacerbated by the illegal status of the majority of gambling websites.

 

The fuel that feeds these sites is live sports data, and in this presentation, I will show how I used computer-assisted OSINT techniques in my latest cross-border investigation. By tracking flows of data around the globe, we not only mapped out the scale of the European football betting market but also showed that the companies producing and selling this live data are the same ones entrusted by sports to protect them from match-fixers.

12:45 - 1:30pm

Lunch Break

1:30 - 2:10pm

APT Catfishing

Presenter: Emerald Sage

In 2017 a London-based photographer named Mia Ash used LinkedIn to contact multiple male employees of a Middle Eastern company. She stated this contact was part of an exercise to reach out to people around the world. Over the next few days, Mia and these individuals exchanged messages about their professions, photography, and travels. Mia encouraged these employees to add her as a friend on Facebook and continue their conversation there. Over time, trust was established, and Mia eventually convinced one of these employees to open a Microsoft Excel attachment on his work laptop. The attachment promptly launched a malicious macro and attempted to install malware. 

Security researchers working with the Middle Eastern company assessed Mia Ash as a fake persona deployed by Advanced Persistent Threat (APT) actors known as COBALT GYPSY – a group associated with Iranian government-directed cyber operations. The Mia Ash online persona was unique in its sophistication; however, catfishing unsuspecting individuals to exploit their privileged access is not unique. This Tactic, Technique and Procedure (TTP) has been used by several APT actors since at least 2016. 

In our talk we will demonstrate how Open Source Intelligence (OSINT) tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks. We will analyse their methodologies and TTPs, and demonstrate how you can apply this knowledge to identifying possible APT catfishing profiles operating within your social media environment.

2:10 - 2:50pm

Use of OSINT to source and analyse procurement data to inform on global issues - Examining the PCR Purchasing Report Wuhan China

Presenter: David Dennison - Internet 2.0

2:50 - 3:30pm

Geojournalism: How to Use Satellite Imagery to Verify Information and Uncover New Investigations

Presenter:
Ben Strick

 

This presentation takes journalists and analysts through practical case studies from Russia/Ukraine, South East Asia and Africa to show the basics of satellite imagery, geographical data, and using imagery in storytelling to verify information and make new findings. 

 

The main fields attendees will learn in this session is: how do image-based investigations look in a story, what data is available and how can we actually use satellite imagery and geospatial information to boost our investigative and research capacity. 

3:30 - 4:00pm

Wrap up

4:00 - 7:00pm

Networking Drinks 

Day 3

Thursday
15th September 2022

Virtual Only

Investigating Corporate Structures and Website OSINT

 

During the first part of our Training Day,  we will explain the different databases in which we can leverage information and begin to understand the structure and key people within corporations and businesses. We will then dive further to get a deeper understanding behind the scenes by conducting a website investigation (DNS, IPs, technology builds, domain enumeration and documents) as well as looking at the browser developer tools and webpage source code to locate hidden information of value.

Dark Web

Investigations

 

 

During the second part of our Training Day, we will explore the Dark Web.  Dark Web is defined as the part of the World Wide Web that is only accessible via special software such as The Onion Router (Tor), allowing users and website operators to remain anonymous or untraceable. There is a widespread misunderstanding of how the Dark Web works and how it can be investigated or researched, so this training is designed to increase participant knowledge on how it works, who uses it, how it can be investigated and monitored, as well as the risks involved.

Our Trainers

small_bw.jpg

Chris Poulter

CEO and Founder - OSINT Combine

Jake_edited.jpg

Jacob Hunter

Head of Training - OSINT Combine