I had the opportunity to take Justin Seitz’s Automating OSINT (Open Source Intelligence) Master Course (https://register.automatingosint.com/) and wanted to write up my experience with it. I took the Master Course which bundled an introduction to Python in addition to all of the OSINT focused modules.
For my background, I have been coding in Python since 2009 and have written or improved a few Python OSINT tools including:
- pagodo (Passive Google Dork) - Automate Google Hacking Database scraping
- An updated version of metagoofil
- A multithreaded rewrite of the classic email address scraper theHarvester
Justin = Python + Security
Before discovering his Grey Hat Python book, I had been scripting and coding in Python on and off for a few years, but like most beginners, my code was embarassingly bad. The book helped me finally understand classes and how to leverage them for cleaner code and I have not looked back since. I had a lot of respect for Justin and his books and wanted to learn more through his Automating OSINT course.
Who is the class for?
As the course name implies, Automating OSINT is geared for information security professionals looking to automate any OSINT activities, however, this is a great class for anyone just getting into information security. Students learn to leverage Application Programming Interfaces (APIs) to automate and scale processes and scripts to facilitate collecting publicly available data.
The Twitter API is the one used primarily throughout the course, however, you are also exposed to others like YouTube, Flickr, and Pastebin. Most of the APIs require an account, and some of the terms of service have changed, so your mileage may vary with what you are able to accomplish.
The course gives a gentle introduction to reading API documentation and building scripts around that. Once you become familiar with the work flow, typical HTTP functions (GET, POST), and data structures (lists, dictionaries), you will be able to adapt to any API and become that much more valuable to your organization.
The Future of InfoSec
The future of information security is in automation and the ability to automate security tasks and connect disparate systems will differentiate you in the industry. For example, would you rather hire a vulnerability analyst that can only use a vulnerability scanner GUI or one that can leverage the vulnerability scanner's API to automate and scale your organization's vulnerability management program? Automation allows infosec professionals to focus on and solve other problems. This course will give you that advantage in the industry.
- Quick responses from Justin to emails and queries. He was always professional in corresponding with me.
- The course platform is intuitive and easy to easy.
- The content has both videos and transcripts if you would rather just read the material.
- The course is a few years old and the example scripts and code are all written in Python 2. As a beginner to Python, this is not really a big deal, but may seem strange if you have jumped on the Python 3 train and never planned on looking back.
- Swap out the Instagram section with a Github API section.
Overall, it was a great course and I would recommend it to anyone looking to either improve their OSINT skills, Python coding skills, or just get familiar with using APIs.