Hackfest 2020

Chatty documents: OSINT data from document mapping
2020-11-20, 17:00–17:20, Hackfest - Track 1

How difficult it is to acquire actionable intelligence if no active technique could be used? Our preliminary research aimed at finding relevant elements in the supply network of an entity, resulted in the discovery of hundreds of weak links and dozens of possible entry point. We found our technique to have a much smaller footprint compared to normal methods, and the use of passive techniques coupled with data correlation models to significantly reduce the time of analysis and increase the quality of gathered intelligence.

The practice of parsing documents and assembling knowledge maps out of them it is well known and widely used. Once a target has been defined, it is relatively easy to find and collect files that contain "interesting" bits of intelligence, and parsing would give us the information we want.
What if we are not interested in one specific target, but we want to find the entities that are one step away from out main target? Can we find a way identify entities connected to our target and mount a supply chain attack on them? can we find the weakest links by using only passive techniques or offline data analysis and collect enough data to be able to predict where and how a targeted attack could be lunched?
Our research aims at exploring tools and techniques that make use of common open-source tools that, when used together and in combination with machine learning techniques, can give significant advantages to threat analysts and/or defenders.
We will also provide some initial result on the results of a series of tests performed against more than 10.000 documents that resulted in the discovery of hundreds of weak links and dozens of possible entry point to both government entities and companies alike.

Are you releasing a tool? – no