Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Shubham Mittal & Kumar Ashwin - Tactical OSINT for Pentesters - DEFCON Edition - DCTLV2025
    Shubham Mittal & Kumar Ashwin - Tactical OSINT for Pentesters - DEFCON Edition - DCTLV2025
    Shubham Mittal & Kumar Ashwin - Tactical OSINT for Pentesters - DEFCON Edition - DCTLV2025
    Shubham Mittal & Kumar Ashwin - Tactical OSINT for Pentesters - DEFCON Edition - DCTLV2025

    Shubham Mittal & Kumar Ashwin - Tactical OSINT for Pentesters - DEFCON Edition - DCTLV2025

    Las Vegas 2025

    Name of Training: Tactical OSINT for Pentesters - DEFCON Edition
    Trainer(s): Shubham Mittal and Kumar Ashwin
    Dates: August 11-12, 2025
    Time: 8:00 am to 5:00 pm PT 
    Venue: Las Vegas Convention Center
    Cost: $2,000

    Course Description: 

    This DEFCON Edition of our Tactical OSINT for Pentesting training program not only focuses on OSINT but also focuses on in-depth attack tactics using the information collected in the earlier phases. This course will focus on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern and dynamic infrastructures.

    We will take a deep dive into various modern methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in attack scenarios to get an initial foothold in multiple ways within an organisation’s network beyond the firewall and further exploit it to gain and maintain elevated access. The course will cover topics like:

    • Mapping the Modern Attack Surface

    • Comprehensive Subdomain Enumeration

    • Exploring Dark Web

    • Hunting 3rd Party SaaS Apps

    • Hunting & Attacking API Endpoints

    • Supply Chain Enumeration & SBOM 

    • Template Based Scanning

    • Attacks using Recon from Docker Image, EBS volumes, etc.

    • Exploring Mobile Applications for Attack Chaining

    • Practical Social Engineering, etc.

    This 2-day course takes a hands-on approach to indulge the participants in real-world scenarios, simulated lab environments, and case studies in order to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Hybrid-Cloud Based Private Lab mimicking the modern age infrastructure, as well as decoy accounts and the organization’s social presence, where they can practice the skills learned during the course.

    Course Outline: 

    Day 1

    • Target Scoping and Mapping the Attack Surface

      • Understanding modern attack surface

      • Unconventional Assets existing outside of your infrastructure.

      • ASN ID, IP Lookups, Allocated IP Range Extraction, Domain IP History

      • Subdomain Enumeration

      • Certificate Transparency, Brute Forcing, LDNS Walking, Internet Scan Repositories

      • Geo-Distributed Subdomain Resolution

      • Domain Enumerations & TLD Scanning

      • WARC Files, CommonCrawl, Historical Datasets

      • Organization’s Social Media Profiling

      • Employee(s) Profiling

      • 10 Minutes Linux Primer (curl, jq, grep, ripgrep, axel, cut, sed, awk, wc, for, sort, uniq, etc.)

    • Discovering Modern and Unconventional Assets

      • Identifying Organizations Associations

      • Identifying Mergers, Acquisitions and Subsidiaries

      • Hunting Code Repositories, Paste Sites, and Leaked Data

      • Establishing correlations using Certs, Copyrights, Social Links, etc.

      • Exploring Dark Web

      • Hunting Management Dashboards & API Documents

      • Hunting Communication Channels

      • Hunting 3rd Party Managed Services & Hosted Web Apps

      • Explore CI/CD Infra (Docker Images / Travis-CI, EBS Volumes / etc. )

      • Cloud Reconnaissance

      • Processing and Querying Mass Internet Scan Data

      • Art of Making Notes

    • Enriching OSINT Data

      • Generating Username/Password Patterns

      • Bucket/Spaces Pattern Generation

      • TypoSquatting Domain Pattern Generation

      • Tech Stack Profiling

      • Port Scanning (Active/Passive)

      • JS Discovery

      • Enrich and Collect info from 3rd Party Assets

      • ZMap Tools Suite, MasScan, MassDns, GoBuster, etc.

      • Extracting, Profiling and Tagging Web Applications

      • Capturing Screenshots of Exposed Services

      • Identifying SSO/Login/Admin/VPN Portal(s)/API Endpoints

      • Explore Breached Password Databases

      • Metadata Extraction

      • Supply Chain Enumeration & SBOM

      • Identifying and Prioritizing Targets (Attack Surface Prioritization)

    Day 2

    • Attacking and Exploitation

      • Targeted Credential Spraying on Infrastructure Assets

      • Exploiting API keys / Tokens for Stealing Information from 3rd Party Apps

      • Exploiting API Keys / Tokens / Credentials for Infrastructure Compromise

      • Compromising Business Communication Infrastructure (BCI)

      • Attacking Network Services using collated data

      • Attacking Web Applications using Parameter mining

      • Template Based Scanning

      • Broken Link Hijacking

      • Attacking discovered API endpoints

      • Looting credentials from JS Files

      • Exploitation using discovered source code

      • Attacking Historic Endpoints / URLs

    • Attacking Modern Stack

      • Compromising Cloud Server Instances

      • Stealing information from Buckets/Blobs

      • Cloud Storage Object Hijacking

      • Attacks using recon from Docker Image, EBS volumes, etc.

      • Exploiting Project Management / Tracking / Ticketing / Inventory Systems

      • Exploring Mobile Applications for Attack Chaining

      • Attacking Supply Chain (Dependency Confusion Attack)

      • Looting PII from 3rd party apps / Cloud Objects

      • Looting Business Intelligence from exposed dashboards

      • Discovering and Exploiting Hidden Injection Points

      • Exploring Human Attack Surface

    • Practical Social Engineering

      • User Profiling

      • Watering Hole Attack

      • Spear Phishing and Targeted Client-Side Exploitation

      • Dropping Payloads using BCI

    • Conclusion and Case Studies

      • Analysis and Case Studies

      • Top Organizations on GitHub Vulnerable to Dependency Confusion Attack

      • Millions of Secrets Exposed via Web Application Frontends

      • Secrets Exposed in Android Apps

      • Analysing Misconfigured Firebase Apps on scale

      • Takeaway Summary

    25+ lab exercises are included in this 2 day course.

    Difficulty Level:

    Intermediate

    Suggested Prerequisites:

    Basic understanding of Pentesting and OSINT

    What Students Should Bring: 

    • A laptop with admin access to it.

    • 4 GB of Free RAM is required. 

    • It should have an SSH Client and should support Wifi Connection in order to reach the Internet. 

    • Any OS is fine (Windows/Mac/Linux). 

    • Each student will have their own pre-configured cloud machine, all they need to do is SSH into the machine.

    • Please avoid Chromebooks..

    Trainer(s) Bio:

    Shubham Mittal is the CEO of RedHunt Labs, a leading 360-degree Attack Surface Management platform. Previously, he served as the CTO of Neotas and co-founded Recon Village, an OSINT-focused mini-conference at DEFCON. He is a review board member at BlackHat Asia, BlackHat Europe, RootConf, and Pycon India (Information Security Track).

    He has trained and presented to various government organizations, and security firms, and at notable conferences such as Black Hat, DEFCON, HackMiami, Nullcon, and various government orgs. Shubham has a strong foothold in OSINT, Recon, Cybersecurity, and Product Engineering. His expertise covers Offensive and Defensive security, Open Source Intelligence, and Perimeter Security. Actively involved in the Null-Open Security Community, Shubham prefers working from the command line and using the vi editor.

    Kumar Ashwin is a Security Researcher at RedHunt Labs with a strong background in offensive and defensive security, Ashwin specializes in OSINT, web, cloud, and software supply chain security, bringing a unique perspective to tackling modern security challenges.

    Ashwin has delivered presentations and conducted training sessions for security professionals at renowned conferences like x33fcon, BSides, and c0c0n. He has also actively contributed to security communities such as null - The Open Security Community, Winja, and DEFCON Cloud Village, creating CTF challenges and sharing insights through different engagements.

    Ashwin's expertise encompasses security engineering, offensive and defensive security where his practical experience and innovative approaches have been pivotal in assisting organizations in strengthening their security posture and safeguarding their digital assets.

    Registration Terms and Conditions: 

    Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

    Trainings are non-refundable after July 8, 2025.

    Training tickets may be transferred. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    $1,800.00
    $2,000.00
    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify