It’s been a while since I published anything. I have been getting acclimated to my new position as a Senior OSINT Specialist at QOMPLX, as well as several other exciting things. I competed in the Trace Labs Missing Persons CTF at HackFest in Quebec City, Quebec(with Jos, MayGoogleForYou, and Isabella Ballerina as the Password Inspection Agency) and we got a close 2nd place, almost 1st. Still, we couldn’t hammer down a couple of details, but that is okay. I often say that this is the only CTF that matters. I also got 2nd place in the Social Engineering CTF, despite not speaking much French beyond Parlez vous Anglais?.

Aside from traveling to Rhode Island in mid-December for a roundtable with Paul’s Security Weekly, I am done traveling for the year to speak. Thus far, I only have one confirmed engagement in 2020 — Teaching my EC-Council OSINT and Social Engineering Workshop at AppSec California (January 21, 2020 — register here). I will also be helping judge a Trace Labs Missing Persons CTF in December, remotely.

I am also about to resume Hack the Box activity, so the walkthroughs will continue. I also plan on finishing OSCP before the end of May. I am currently doing some research in the Missing Persons space, both in the Trace Labs slack and independently, and I want to finish that research first.

My Conundrum

I feel like I have hit a brick wall when it comes to having material to talk about on a stage to my peers that are a) possibly taking time off work to hear the talk; and/or b) may have paid to attend the conference/presentation. To this end, I have decided to push myself outside my typical comfort zones of OSINT, Social Engineering, and Forensics. I have set off on a journey to learn more Python. Specifically, more Python as it relates to Machine Learning, Natural Language Processing (the other NLP), web scraping, and statistic analysis. I am coupling the R programming language into my research in statistic analysis.

To set the tone, I have some formal graduate-level education in Business Intelligence/Big Data/Applied Statistics. I am familiar with CRISP-DM (Cross-Industry Standard Process for Data Mining) as well as the ethics, quantitative and qualitative methodologies (as well as mixed-method), sampling, and methods to minimize or eliminate bias in data sets.

While my day job has me working on some things relative to OSINT in this capacity, I want to push myself to learn and produce more. The purpose of this post is to share with you what I am working on in terms of learning and any open-source tools I create. I also hope to solicit ideas, advice, and feedback in what would be impactful to the community while also stimulating learning on my accord. To a degree, I am seeking ideas for 2020’s talks from the community.

Ideas

I have submitted one talk for 2020 thus far. Not because I don’t want to speak, although I am trying to slow down on the speaking and travel. I feel like I don’t have anything new or disruptive enough to hop on a stage in front of an audience and present. I want to do something with some OSINT or Social Engineering automation within reason. I would also like to expand on my DECEPTICON idea (disinformation and deception for OPSEC/Anti-OSINT). The lack of ideas is where I am drawing the most significant blank.

I am also considering getting my Private Investigator’s License.

Research Method

I am challenging myself to read between 1 and 3 chapters (depending on outside events, workload, and length/depth of the sections) of each of the following books (Note: the links will Donate to the Rural Tech Fund via Amazon Smile)

https://smile.amazon.com/Mastering-Social-Media-Mining-Python

https://smile.amazon.com/Social-Media-Mining-Nathan-Danneman/dp/1783281774/

https://smile.amazon.com/Mining-Social-Web-Facebook-Instagram/dp/1491985046

https://smile.amazon.com/Natural-Language-Processing-Python-Analyzing/dp/0596516495/

https://smile.amazon.com/Hands-Machine-Learning-Scikit-Learn-TensorFlow/dp/1491962291/

As I progress through the books, I plan to marry ideas and create tooling, presentations, and other things of use. I may even create some training sessions on topics and aspects that I can master. I will share anything that I make public via Twitter and here.

The Book

The book, tentatively titled Practical Social Engineering, is coming along well. I have made it through the editorial process with almost eight chapters. I plan on having 14 plus appendices, so I am a little over halfway (less the technical review and edits there). I do not have a tentative release date yet, but working with NoStarch Press has been a fantastic experience. Bill and his team (namely Frances) are nothing short of AMAZING!

Training

I have several training sessions planned. Check out the list here. Use coupon code BLACKFRIDAY for a 50% discount (valid through December 31). Courses offered include (numerous sessions for each):

Regular Expressions (REGEX) for Offense, Defense, and OSINT

Introduction to People OSINT/Missing People OSINT

Basic OSINT (4-hour Version)

Conclusion

I hope you are doing well. I wish you a great holiday season (for whichever holiday(s) you may celebrate). Feel free to DM me (@C_3Pjoe on Twitter) with any ideas you may have.