October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Open source intelligence (OSINT) tips for malware investigations

Lenny Zeltser (SANS Institute)
3:50pm–4:30pm Tuesday, 11/01/2016
Tools and processes
Location: Trianon Ballroom Level: Beginner
Average rating: ***..
(3.71, 7 ratings)

Prerequisite knowledge

  • A general understanding of the Internet and computer ecosystem and the role that malicious software plays in computer security incidents

What you'll learn

  • Understand the tools and approaches that can be used as a starting point for OSINT analysis
  • Discover free resources for gathering malware-related OSINT data
  • Learn methods that can be used to broaden and deepen your understanding of a security incident that involves malware


If you’re responding to a malware incident, you need to quickly derive relevant and actionable information about the malicious program and the context within which it was employed. This involves not only examining the specimen in your lab but also locating relevant publicly available details.

Lenny Zeltser shares several real-world examples, tools, and data sources for gathering such open source intelligence (OSINT), so you can benefit from previously discovered information and focus your time on new malware characteristics, pivot around data points to progress with your analysis of the malware sample, and broaden and deepen your understanding of the security incident’s context.

Lenny walks you along a breadcrumb trail that begins with a suspicious URL to determine its purpose and the nature of the organizations associated with it. Other examples look at suspicious Windows executables in an attempt to quickly assess their nature on the basis of publicly available details.

Join Lenny to expand your incident response and malware analysis skill-set and learn how to turn publicly available data about adversaries and their malicious programs into useful intelligence.

Photo of Lenny Zeltser

Lenny Zeltser

SANS Institute

Lenny Zeltser is a seasoned business and tech leader with extensive experience in information technology and security. As a product management director at NCR Corp, he heads the software and services group that addresses customers’ data protection needs. He also trains professionals in digital forensics and malware combat at SANS Institute. Before NCR, Lenny led the enterprise security consulting practice at a major cloud services provider. Lenny’s expertise is strongest at the intersection of business, technology, and information security and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has coauthored books on network security and malicious software. Lenny is a member of the board of directors at SANS Technology Institute. He holds an MBA from MIT Sloan, a computer science degree from the University of Pennsylvania, and the prestigious GIAC Security Expert designation from SANS Institute.