What You Will Learn
Data Leaks vs Breaches - What’s the difference and why does it matter?
Anatomy of a leak (Case studies based on actual public leaks and some private ones)Introduction to private communities where you can put your skills to use and help fight data leaks and protect others.
Tools for data leak discovery (Open Source and Closed Source tools and services)
How to build your own data leak discovery toolkit (No developer experience required)
Methodologies for data leak discovery and analysis
Tactics for risk assessment, verification and validation of datasets
Dealing with foreign languages in large datasets
Identifying and dealing with sensitive data ( PHI | PII | Confidential | Secret | Proprietary | Personal )
How and when to contact a data “leaker”.(Disclosure Methods That Work)
How and when to contact the “authorities” and what to expect
Protecting yourself from legal and ethical issues before, during and after discovery and disclosure
Working with Journalists and Media
Ethical and Responsible disclosure methodologies that actually work.
Journalists will gain valuable insight into validation techniques and building trust with some of the best researchers in the world.
Give me the Executive summary!
This workshop will introduce a number of privately developed data breach research methodologies as well as sensitive data/breach discovery tools and techniques that participants can put into practice on day one. Participants will be immersed in real-world case studies and given a birds eye view into recently disclosed leaks and breaches such as the Chinese Smart Cities A.I. surveillance leak discovered and responsibly disclosed by our team in collaboration with TechCrunch reporter Zack Whittaker. The first and second day will introduce and then build participants knowledge of key methods and concepts used at CONDITION:BLACK to perform sensitive data and breach discovery research along with hands-on exercises utilizing tools specifically crafted for CONDITION:BLACK researchers and participants.
This is not your run of the mill OSINT course and there will be no facebook scraping scripts or mind numbing url’s to remember. The experienced practitioner, executives, journalists, students and even those curious about data breaches or sensitive data discovery will all benefit from two intense and action packed training days. Your instructor will walk you step by step through a series of exercises starting with basic methodologies and discovery concepts and will use this foundation through a range of examples that will give you the confidence you need to hit the ground running. In day two we will also dive into media and researcher communications and disclosure methods. How to deliver the “bad news” and when to call for help. We’ll give you insight into our processes and tell you whats gotten us out of some pretty sticky situations. If we are lucky we might even have a lawyer or two in the house to give us some perspective from the much feared “Legal Counsels” chair. We’ll have a lot of fun and you’ll feel like you are in the room no matter where you are.
The third and final day of the training is where we bring it all together. We’ll start the day with a brief recap and answer any lingering questions then participants will work either alone or in small groups on one of several real-life research projects chosen by the class. Your instructor will be there to offer guidance as you put the tools, techniques and knowledge you’ve acquired into practice. Each group will be asked to present their findings to others or if you aren’t the presenter type you can provide the results to your instructor so everyone can benefit from what you’ve accomplished. Throughout the project you will have an opportunity to engage in 1 on 1 guidance as you work to solve the challenges that arise. This is a zero pressure environment and if you are uncomfortable with crowds, public speaking or just aren’t “feeling it” thats perfectly ok.