Updated with new information since the last time presented this talk takes a look at how different OSINT sources can be used to learn more about a target or your own organization, with a look specifically at North Korea’s public infrastructure. Starting out it will cover basic reconnaissance and how to discover servers, domains, open ports, and the services running on them. From there we start to dig deeper and take this information to further pivot and find more information. This includes user and contact information, leaked information, and even image analysis to examine whether or not what is posted online is really real.

We then take a further look at some potential North Korean malware, actual North Korean malware, their state-sponsored operating system, and some other interesting software. Everything wraps up with a look at how users can leverage social media to find things they shouldn’t and a look at a few misconfigurations that have been found on North Korean servers that provided some interesting information.


Previous editions: