Joe Gray

Joe is currently a Senior OSINT Specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, Joe has placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT CTF, and 3rd Place in the 2018 & 2019 NOLACon OSINT CTFs. Joe has independently placed 2nd in the HackFest Quebec SECTF, 4th Place in the DerbyCon OSINT CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris. Joe has contributed material for the likes of TripWire, AlienVault, ITSP Magazine, CSO Online, Forbes, and Dark Reading as well as his own platforms.

The speaker's profile picture

Sessions

09-04
16:30
40min
A DECEPTICON and AUTOBOT walk into a bar: Python for enhanced OPSEC
Joe Gray

When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. As someone who unapologetically loses their mind at vendor FUD and buzzword bingo, I was reluctant to use those terms in a submission. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that is 100% FUD free.

Topics that I have frequently spoken about in past years is disinformation, deception, OSINT, and OPSEC in a framework I often call DECEPTICON. When working through learning NLP and ML in Python, it dawned on me: marry these technologies with DECEPTICON for good. Enter the DECEPTICON bot. The DECEPTICON bot is a python-based tool that connects to social media via APIs to read posts/tweets to determine patterns of posting intervals and content then takes over to autonomously post for the user. What is the application you ask: people who are trying to enhance their OPSEC and abandon social media accounts that have been targeted without setting off alarms to their adversaries. Use case scenarios include public figures, executives, and, most importantly – domestic violence and trafficking victims.

Main stream