Certificate
I’d like to take a moment to give a very big thank you to everyone that has been following me and reading my posts or just popping in to say hello!
To be completely quite honest I started this blog more or less as a memory device that I could refer back to in case I needed brushing up on something I’ve covered before. That said, I never thought anyone would find anything here valuable so I’m really glad that you all find something here useful.
Okay so let’s get to the point of today’s post, shall we? In this post, I would like to give my review of the Security Blue Team - Introduction to OSINT course.
As some of you may know, I’ve taken a keen interest in OSINT (Open-Source Intelligence) lately. My exposure to OSINT started with TryHackMe’s room OhSINT and it was really fun! Click the link here if you want to read my writeup of that room. Moving along, I liked that detective drive it brought out in me so I started looking for more challenges to sharpen my OSINT skills.
Little did I know a good friend of mine was also pursuing OSINT challenges and mentioned we should do Security Blue Teams - Into to OSINT course together.
Course Content
I looked over the course content and it looked very interesting. I felt like it would give me a clearer methodology process for gathering intelligence and the price wasn’t too bad either. At the time of this writing, it was only £20, which was about $27. I also liked that it gave you a certificate of completion upon completing the course. On that note, I tend to gravitate to platforms or resources that offer certificates like that because I feel like it gives me something to show for on how I spent my time and effort.
I created an account, logged in, and purchased the course. Blah blah blah! You know the usual stuff. Martin and I got in a discord call and started chipping away at it. Each lesson covered a different subject matter. These included theHarvester, Maltego, Google Dorking, OSINT framework, and Reverse Image Searching with Tineye to name a few. Read through each module, practiced the example exercises, and read the supplemental links provided.
At various points in the course, there was a quiz with several questions to answer. The questions comprised of some multiple-choice, but most were text fields. You do have the ability to take the quizzes as many times as you like, but you have to get 80% to achieve completion of a section.
Unfortunately, some of the questions became frustrating, specifically when we got to the TweetDeck section. The example screenshots were taken on an outdated version of TweetDeck as well as if you got a question wrong you had to start the quiz completely over instead of retrying that specific question. I think we both spent several hours entering commands that would work in the real tool and give the desired output, but it would still mark our answers as wrong on the quiz. One particular question we figured out we only got wrong because the quotation marks were missing so formatting is very important for the answer to be marked correct. I just thought it wasn’t very intuitive and could use some tuning. There could be multiple correct answers to the question but the string formatting they were looking for required a specific answer.
For example:
Correct:
#Microsoft and Vulnerabilities
Incorrect:
Vulnerabilities and #Microsoft
The Final Challenge
After pushing through the quizzes, the course ends with a final challenge. I was hoping I wasn’t going to be fighting more weird quiz answer issues but I expected it to happen. I did reach out to some of the people on the discord but sadly I got no responses.
Now I’m not going to go over or elude to anything in the challenge but I will say that it was fun and probably one of the most realistic challenges I’ve done so far. You could tell they spent a good amount of time building this challenge and I feel like due to the difficulty I’m more likely to walk away remembering what I learned versus some other platforms that handhold a little too much. I wish we had taken a break because at times it was information overload and just too many roads to cover at one time. That said, I feel like that is a real representation of what a lot of OSINT practitioners go through, and being able to stay calm and push through I imagine is essential.
For the final challenge, you need at least an 80% passing score on a total of 12 questions. We submitted our answers and got a total of 10 out of 12 correct. I was relieved I had passed and received my certificate.
Conclusion
Overall, I’d say this was a really good course. I still say the quizzes could use some work but for a good introduction to what OSINT is all about I feel like it covers the bases pretty well. It’s challenging and will push your limits a bit. I’d recommend this course to anyone in the Cybersecurity industry. Whether you’re a red teamer or a blue teamer OSINT is crucial. It can make all the difference between widening the attack surface or in terms of defense reducing that attack surface.
That’s all for now. Have you taken the course? What are your thoughts on OSINT? Let me know down in the comments below!