Register Online

Contact Info

(+91)-974-690-6654
support@c0c0n.org

Social Links

WS-03

Home WorkshopsOffensive OSINT

Offensive OSINT

07-09 October, 2025

WORKSHOP OBJECTIVE

Offensive OSINT is a tactical training program that teaches how to weaponise publicly available information to simulate real-world adversary actions. This isn't just about passive data gathering—it's about turning intelligence into access.

Designed for red teamers, pentesters, and security researchers, this 3-day hands-on course goes beyond traditional recon. You’ll learn how attackers discover, enrich, and exploit exposed data across modern, sprawling infrastructures.

COURSE HIGHLIGHTS

  •     Discover
    • Enumerate assets, APIs, third-party services, and weak links across cloud, SaaS, and mobile ecosystems.
  •     Enrich
    • Filter signal from noise. Identify viable attack paths and high-value entry points.
  •     Exploit
    • Launch targeted attacks using non-traditional vectors—just like real adversaries.

We will cover topics (not limited to):

  •     Mapping the Modern Attack Surface
  •     Subdomain Enumeration at Scale
  •     Third-Party SaaS Discovery
  •     Hunting and Exploiting APIs
  •     Supply Chain Recon and SBOM Abuse
  •     Practical Social Engineering
  •     Exploitation using Recon Data

PRE-REQUISITE

Basic understanding of Pentesting and Recon

PARTICIPANT'S REQUIREMENTS

What Students Should Bring:

  •     You should have a laptop with admin access on it.
  •     4 GB of Free RAM is required.
  •     It should have an SSH Client and should support Wifi Connection in order to reach the Internet.
  •     Any OS is fine (Windows/Mac/Linux).
  •     We will provide each student with their own pre-configured cloud machine, all they need to do is SSH into the machine.
  •     Please avoid Chromebooks.

TECHNICAL DIFFICULTY

Beginner to Intermediate

DURATION

Duration: 3 days (6-8) Hrs

Trainers

Kumar Ashwin

Security Researcher , RedHunt Labs

Shubham Mittal

CEO, RedHunt Labs

Day wise Training Plan

  • DAY 1 Discovery: Mapping the Modern Attack Surface
    • Core Concepts
      • Scoping targets: domains, IPs, brands, personas
      • Understanding the modern attack surface: SaaS, cloud, APIs, mobile, dark web
      • Identifying unmanaged and orphaned assets
    • Infrastructure Recon
      • ASN and WHOIS lookups, IP range discovery
      • Historical DNS/IP mapping
      • Subdomain enumeration at scale (CT logs, passive sources, brute force, DNS tricks)
      • Domain permutations and TLD sweeps
      • Mining archived datasets: CommonCrawl, WARC, Wayback, etc.
    • Organizational Profiling
      • Social media recon (org + employee)
      • Mapping acquisitions, subsidiaries, and associated entities
      • Infrastructure correlations via certs, metadata, social trails
      • Rapid tooling crash course (jq, ripgrep, curl, awk, etc.)
  • DAY 2 Enrichment: Connecting Dots and Prioritizing Targets
    • Expanding Recon Intelligence
      • Mining paste sites, GitHub, and breach dumps
      • Exploring Docker registries, EBS snapshots, and CI/CD traces
      • Uncovering internal tools, exposed panels, and dashboards
      • Hunting for forgotten APIs, integrations, and dev environments
      • Leveraging the dark web for attack pretexting
    • Data Enrichment & Context Building
      • Username, password, and bucket pattern generation
      • Tech stack profiling via passive data and JS scraping
      • Asset tagging: login portals, admin panels, API docs, SSO endpoints
      • Port scanning and screenshotting workflows
      • SBOM and third-party software mapping
      • Building a prioritized attack surface profile
  • DAY 3 Exploitation: Attacking with Intelligence
    • From Recon to Access
      • Credential spraying on identified assets
      • Stealing data via leaked keys, tokens, and misconfigured APIs
      • Attacking business communication tools (Slack, Jira, CRMs)
      • Breaking weak mobile app logic and hardcoded secrets
      • Exploiting cloud misconfigs (S3 buckets, blob URLs, Docker, EBS, etc.)
    • Advanced Techniques
      • Source code analysis for hidden endpoints
      • Exploiting historical URLs and forgotten endpoints
      • Template-based scanning for rapid exploitation
      • Broken link hijacking and takeover scenarios
      • Supply chain attacks: Dependency confusion and 3rd-party leakage
      • Extracting PII and business intel from exposed services
      • Case studies: Firebase misconfigs, GH dependency attacks, Android app leaks
      • Final walkthrough + post-training instructions

Book your seat Now

Workshops

Windows Kernel Exploitation Foundation & Advanced Training
Read More
Multi-Cloud (AWS, Azure & GCP) Security [2025 Edition]
Read More
Offensive OSINT
Android Security Primer
Read More
Automotive Security: A Hands-On Approach
Read More
Mastering Telecom Security: A Hands-on Guide to RAN & Core Network Protection
Read More
Hands on in Signal intelligence, Electronic Warfare, and CEMA for Security Applications
Read More
StealthOps: Red Team Operations 2025 Edition
Read More
HackTheWeb: Pentesting Beyond Basics
Read More
Secure Code Audit Exclusive Edition
Read More
Hacking Android, iOS and IoT apps by Example
Read More
Attacking CI CD Environments
Read More
Breaking Smart Kiosks with Windows 11 OS Hardening
Read More
Offensive Tradecraft Development
Read More

COMMUNITY PARTNERS

INDUSTRY CONFERENCE ALLIES

Contact Us

© Copyright 2025 -c0c0n. All Right Reserved