1、Leveraging classic HUMINT tactics in CTI investigations01 28 2025Its so overt,its covert:273ABOUT USEliska PUCKOVA Cyber Threat Intelligence SpecialistJulien MASCARO Security&Forensic InvestigatorOSINT Lecturer274DISCLAIMERThe views and opinions expressed inthis presentation are solely ours and dono
2、t reflect the official policy or positionof anyone else or any organization.Our viewpoint is the one of CyberThreat Intelligence operatives.275AGENDA1.CyberHUMINT:Unpacked2.Pitch&Prepare3.Handle sources,avoid pitfalls4.Go with the(CTI work)flow5.Key takeaways276CYBERHUMINT:UNPACKED01.277HUMINT(Human
3、 INTelligence)HUMINT&CyberHUMINT*CyberHUMINT operation=OPS01.Intelligence gathering from human sourcesActive engagement with sources in-personRelies on trust,personal connections with sources,and interpersonal skillsProactive intelligence gatheringCyberHUMINTHUMINT adapted to the online realmActive
4、engagement with sources onlineRelies on trust,personal connections with sources,interpersonal skills.and OPSECProactive intelligence gathering which leverages online anonymity&easier access to remotely located sourcesActive Defense278HUMINT(Human INTelligence)HUMINT&CyberHUMINT*CyberHUMINT operation
5、=OPS01.Intelligence gathering from human sourcesActive engagement with sources in-personRelies on trust,personal connections with sources,and interpersonal skillsProactive intelligence gatheringCyberHUMINTHUMINT adapted to the online realmActive engagement with sources onlineRelies on trust,personal
6、 connections with sources,interpersonal skills.and OPSECProactive intelligence gathering which leverages online anonymity&easier access to remotely located sourcesActive Defense279UNVEILING A CYBERHUMINT USE CASE01.Phase 1Phase 2Phase 3Phase 4INFILTRATIONNegotiated access to a private Discord server