45+ Cyber Security Courses at SANS 2019 in Orlando! Save up to $200 thru 2/27.


To attend this webcast, login to your SANS Account or create your Account.

Consuming OSINT: Watching You Eat, Drink, and Sleep

  • Tuesday, October 16th, 2018 at 3:30 PM EDT (19:30:00 UTC)
  • Micah Hoffman and John TerBush
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Ah vacations, walk-abouts, and holidays. Most people love getting away from work and the stresses of daily life. Coworkers look at sitting in the sun on beaches for a little rest and relaxation. Families head off to historical sites, camp grounds, or to amusement parks for entertainment. And OSINTers, we sit back and watch people "check-in", snap photos of their food, rate their wine, and share details inside hotel rooms. What a glorious time of the year!

Come join John TerBush and Micah Hoffman, author of the new SEC487, Open-Source Intelligence Gathering and Analysis class, as they show how people collect and use food-ratings, images from reviews, and other information for OSINT and investigations.

Speaker Bios

Micah Hoffman

Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide unique solutions to his customers. Micah holds GIAC's GAWN, GWAPT, and GPEN certifications as well as the CISSP. Micah is an active member in the NoVAHackers group, has written Recon-ng and Nmap testing tool modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.

John TerBush

John TerBush works as a senior cyber threat intelligence (CTI) analyst serving multi-national enterprises in a variety of industries including finance, manufacturing, retail and energy. In this role he conducts open-source and dark web investigations, malware and traffic analysis, tracking of threat actors and their tactics, techniques and procedures, and many other tasks in order to provide analytical and technical support to clients. Previous to his role as a CTI analyst, he worked as a security operations center (SOC) analyst with a large managed security service organization handling response for numerous Fortune 500 companies. While working through a sea of alerts and research, he developed a focus on creating network detections and tracking attacks.

Prior to entering the information security field, John worked for over two decades in legal research and private investigations, providing open-source research, surveillance, court testimony, undercover operations and other investigatory work of all types. John acted as the director of investigations and lead investigator for two well-known regional investigation companies for over a decade, before starting his own investigations firm.

John assisted with the development of the SEC487: Open-Source Intelligence Gathering and Analysis course. John is a member of both the SANS GIAC Advisory Board and the SANS Open Source Intelligence Summit Advisory Board, and holds the GIAC GCIA and GREM certifications as well as the Certified Information Systems Security Professional (CISSP).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.