A Method For Teaching Open Source Intelligence (Osint) Using Personalised Cloud-Based Exercises

The ability to analyse publicly available information is highly valued in the cybersecurity community and is often crucial in areas such as incident investigation and penetration testing. However, it has been challenging to provide practical hands-on exercises to train the techniques relevant to open source intelligence (OSINT). This is particularly so as gathering sensitive data about a real person or organisation in a classroom exercise is likely to bring out a multitude of ethical and legal issues. To conduct classroom-based OSINT exercises it is possible to create a sandbox environment with simulated services or to create some publicly available services that can be analysed by the students. However, both approaches having their shortcomings. In a sandbox environment, it is very difficult to simulate relevant real-world systems such as Facebook, Google, or Shodan. Setting up public services to be available to everyone is also problematic as it is usually not possible to provide an individual student experience. Therefore, once one participant has found the answer, it is very easy to cheat and share the solution with others. This paper presents a novel way for constructing a learning environment focusing on OSINT exercises where capture the flag (CTF) style tasks are conducted in cloud based virtual labs. The students use real applications throughout the exercise environment with the network traffic in the virtual lab routed through a specialised proxy. Here the contents of the web sites are modified to contain flags that are individual for each participant. Assessment approaches and scenario development are discussed together with key learning points from conducting this case study. This experimental setup is already being used in a university undergraduate level introductory course in cybersecurity at the Tallinn University of Technology.