 Okay. So I'm just going to really briefly introduce Mika Hoffman. His web handle is Web Breacher and if you look online, like I've been looking at recently, he calls himself both a hiker and a hacker. I've also learned that he broke his fifth metatarsal, playing volleyball in March of this year. This is going to be a live demo of yoga and without further ado, I'll hand it over to Mika to introduce yoga. Thank you very much. Hi, everybody. Thank you. All right. First off, my name is Mika. Not to call you out in front of everybody, but I'm very happy to be here and thank you for so much for spending some time with me. It's going to be a demo, but I also want to challenge you because what I'm finding in the innocent world is that we're getting caught up in the wield of suck and I want to break out of that. All right. So before we do that, there's the obligatory who the heck is this guy? I am an O-Center, an open source person. I am a SANS instructor. I wrote a course on open source intelligence for SANS and I just love anything and everything O-Cint. And with that, that said, I have a question. Anybody here know how to cook? Like really cook or bake? Right? Yeah. Okay. Some hands went up. Now, when you learned how to cook or bake, did you start out by learning every single fruit or vegetable, every single piece of meat, every single type of flower? No. You learn what you needed to do to get that recipe made. And then you worked according to that recipe in order to create the product you were going to then eat. And yet in O-Cint now, we are caught in this cycle of resource after resource, cataloging these wonderful URLs that can help us track ships or find things on the dark web. And so we have these lists. You've probably seen some of them. This is TechNazette's website. Great. Oh, by the way, this talk is, these slides are already posted on my GitHub. You're welcome to take pictures if you want, but the slides are already on GitHub and I'll give you that URL at the end. Okay? So TechNazette has an amazing website out there in the Netherlands, start.me page, and it has all of these wonderful resources that are categorized according to how she wanted to categorize them. It's great. And in fact, Bruno Mortier, he did the same thing, but he has even more links. In fact, he has links to sites that have more links. Do you see where I'm going here? Because it's not only that, we've got O-Cint framework by Justin Nordin. Good buddy of mine. He's got a lot of links. And I think we have a problem. That problem is, is we're stuck describing every single type of ingredient instead of understanding how to use those ingredients to create a wonderful O-Cint assessment. And so what I did was I looked at each one of those sites, each one of those start.me pages, O-Cint framework and some other sites. And what I found is that we've got hundreds and thousands of links out there that people are categorizing the way they want that are duplicative and it's confusing. In fact, we have over 6,000 links across these sites. Now, you think about this. Have you ever done an O-Cint assessment? Or pentest, recon, or stalked, done some research on a friend or something like that? Yeah. Knowing where to get that information is great, but being overwhelmed by the ingredients, that's overwhelming. So what I challenge you to do is figure out a way to understand how these ingredients, how these URLs, how this flight tracker and how that Bitcoin tracking app, how those things fit together. And in fact, the way I was thinking of it is, you know, if you use if, this, then that. You know, it's kind of just like that. It's like, if I have this information, what do I do with it? How do I get that? And what is that? And we need to do it at a level that we can understand and work through. It's kind of a methodology, but at an abstracted level. So without further ado, I present to you yoga. Yoga is your O-Cint graphical analyzer. It's on the internet right now. Mobile devices work really well with this. And all it is is a web page with some JavaScript in it. That's it. But the thing about yoga is, is I don't go and tell you, do a duck-duck-go search. I don't tell you to go ahead and do a who is on this site. What we talk about here is we have a certain type of information. Like maybe you found an image in your assessment. What do you do with it? Well, we might need to do a reverse image search. Okay. It says go do a reverse image search. And there's an arrow from image to reverse image search. So it's kind of like that methodology of connecting the dots. And it connects a lot of dots. In fact, it's available on the internet. The source code you can pull down. And the thing about it, I tried to keep it simple. I tried to keep it just very, very easy to use. And so all it is is HTML and JavaScript. You download it onto your web, onto your system. And you can run it locally without even having access to the internet. It's pretty cool. So let me show you a little bit about yoga. So this is yoga. When you go to the page, I got somebody who's really nice, actually Pelicans. Shout out to my buddy Pelicans. He created this beautiful little logo. And this is an interactive site. So when you pull it up, you can zoom in with your mouse or use these little icons at the bottom to move the diagram around. Let's just take something here like GPS coordinates. You click on the GPS coordinates and all of the connections to and from the GPS coordinates are highlighted. And you see that with the GPS coordinates, I'll zoom in there for you. With GPS coordinates, we might, oh, and you can move these around. Yeah. If you ever want to kill time, you can just like move them around and see how they, I don't know. I had a lot of fun with this. So if you have GPS coordinates, you can go over here and get a physical address. Kind of makes sense, right? You have something, you get something. Now I'm not telling you where to go to get that address. You can go to Google Maps or Yandex or Bing or whatever. But that's the thought process. And that is the power of yoga. It helps you figure out what's my next step. And everything here is mouse over a bowl. It's a word. And in fact, so if I mouse over here, it says resolve GPS coordinates to an address and back. Cool. If you mouse over a node like physical address, it gives you an example of what a physical address might look like if you've never seen one. Let's take a look a little bit about what the code actually looks like since this is a demonstration. And I show you this because somebody hit me up on Twitter and said, hey, Micah, I'm not really doing OSINT, but I love the visualization thing. And can I take that and do that and do the same thing you did here for OSINT with my internal processes, my incident response and incident handling processes? I thought, well, yeah, absolutely. Why the heck not? And it's really simple. Again, I've tried to keep the code simple. I've tried to keep it easy to read. This stuff up here is that's the code for not easy to read. But down here is where we get into the actual nodes. Now, a node is one of these dots, okay? And an edge is the connection between those dots. So here's a node hashtag. And here's a connection right here from hashtag to just a wedding site or wedding site to a hashtag. Because you know, some people have wedding sites and they say, oh, hey, you know, go to hashtag Micah's wedding or something like that. So these types of things. So we have edges and nodes. And if we switch back over here to the code, I'm going to zoom out just a little bit so you can see how just beautifully formatted it is. I've separated out into different types of code. So the group one stuff, the blue nodes are facts and data like physical addresses, audio files, business names and such like that. And then we have other types of nodes. And as you go down the list, we take those nodes and we make the edges and connect things together. You can do this too. You can download this and then add to it whatever you want to do in your process. And then you have a living document that you can use. So if we scroll down, scroll down, scroll down, scroll down, down here, we have the edges back online 83. I'm going to zoom out just so you can see that if you do like it at normal resolution. You can see up here, we've got these, I mean, it's nicely, nicely formatted there. And all it is is it says, hey, go from, don't let's see, go from archive site search, wait, here we go, from business name to HTTPS certs, right? Because one of the things we do is if you have a business name like Google, Google probably has HTTPS certs. In those HTTPS certs, we might have email addresses, people's names and other internal information. So we need to do that search. So I'm connecting one node to another node. And I'm putting an arrow to, and then inside here is the pop up information. And you could take this document, download it, customize it however you want, and use it in your internal organization. And so that's yoga. I mean, that's, that's really the heart of it. And as I was doing this, as I was making this application, and I thought, well, this is really cool. Now we have the, the, the, I have this, and I, I can look for this, or I can look for this, or I can look for this. I thought, well, now we've got it putting together. And now we have another problem, right? Because if you remember back to all of these links, we've essentially created this wonderful tower of Babel for ourselves. Because those links, each person that has the site, OSIN framework, whatever, categorizes their links according to how they want to categorize their links, right? I mean, my site, I put it however I want. So when you are doing your OSIN assessment, and you are trying to find how to track this ship, or how to look up information on a license plate, you go to OSIN framework, and you're like, okay, well, that's going to be in vehicles, and then here, and then that. And then on TechNazette's site, it's totally different. That's a problem. And then the other problem is, is that I really, I really wanted to make a Venn diagram here, and I tried. I care about you so much. I tried. I spent all like a whole half hour on the plane. What? I actually downloaded all of those StartMe pages, and I looked in the websites and saw the JSON files of all the links, and I was going to take all those links and map them and see what the overlap is between all of those different sites. Create a mind map or a GEPI file, because I thought you might appreciate that. And I failed. But as a thought experiment, if you have hundreds and hundreds and hundreds of these links, these URLs, I guarantee you there's a huge amount of overlap. And so what we really need now, now that we have that I have this, I get this, and now we understand that all of these things, that making lists of resources is good, but it's also complicated. What we've got to do is we've got to come together as a community and figure out some kind of oscent taxonomy. We need to come up with a classification system for links. So when Justin Nordin goes ahead and creates that, that link for a great mission ship tracker and Technazette does the same. They're using the same words to describe it to make it easier for you to use the there's tools. I love naming projects. So I present to you orcs. Yes, orcs. Orcs is the oscent resource classification system. And I wish it was 100% done. My goal was to make it 100% done. But I don't know if any of you saw, I kind of busted my leg, like you mentioned. And I had some surgery and some a little bit behind on things. But the neat thing about this is if you have a, is that you all have a voice in how we do classification, how we name and categorize sites. The community is working right now on the oscent team rocket chat application. And you can join that rocket chat and you can join in the conversation about how we're going to start categorizing all of these sites. And then my hope, my dream one day is that we will take Technazette site and Bruno Mortier's site and that wonderful eye intelligence oscent handbook that they release every year. Has anybody seen that PDF? Yeah, I didn't put it in here because that PDF has 5,000 links in it. And it totally screwed up the scaling for the bar chart. 5,000 links in a PDF. So my goal is to help bring the community together, help create a system so that we can talk the same way, tag the resources, create some kind of centralized system. And then when you go to talk about something, you can go to anybody's site and we're all talking the same language. That's my goal. It's going to take some time. It's going to take some work. We've got some great people on the project already. I'm very, very excited about it. But I did want to let you know about it. Okay. Now, that is the end of my talk. So I know I sped it up a little because I know we're behind. That's the end of my talk. Here's my contact information. Again, there's where the presentations are. And I put all of my presentation shows up there. So tomorrow's presentations up there too. Also, there's a link to the sans class that I'm teaching the sec 487, which is six days of open source intelligence gathering. And I love to talk to anybody about that. Since we have a little bit of time. Are there any questions that you have for me? Of course not. It's just the website, right? All right. Well, thank you for your time, everybody. I appreciate it.