Skip to content
BLACKOUT

leHACK OSINT VILLAGE is the serie of talks taking place inside the Louis Armand conference room (LVL -3)

leHACK OSINT VILLAGE offers a panorama of Open Source Intelligence technologies.
Open Source Intelligence (OSINT) is the collection, analysis, and dissemination of information that is publicly available and legally accessible.

osint TRACK

27/06/2025

11:00 - 12:00 BAYBRIDGE – Anatomy of a Chinese Information Influence Ecosystem EN

Zone 3 - Louis Armand Conference Room

The Baybridge study uses OSINT to build on previous research about a large-scale Chinese online influence operation. By digging into technical and Chinese online resources, the study aims to (1) comprehensively map the online infrastructure of the network, (2) present new evidence of possible state involvement, and (3) analyze content to reveal discursive strategies, targeting methods, and the implications of Russian stakeholders. These insights aim to improve understanding of this phenomenon and combat online information manipulation.

Côme

Côme

Côme is the Global Engagement Manager at Tadaweb, the Operating System for OSINT and PAI.

Ricci

Ricci is an analyst at Tadaweb with a background in international relations. He speaks Mandarin.

13:30 - 14:30 What can we learn about OSINT from Border Services trackers EN

Zone 3 - Louis Armand Conference Room

Robert Sell has been a certified human tracker in his capacity as a Team Leader in Search and Rescue for over a decade. Trained by border services tracking teams and Canadian Special forces, Robert has spent countless hours as a three person tracking team searching for real persons in the Pacific North West. He applies the tracker skillsets to help people improve their Open Source Intelligence Operations. As the Founder of Trace Labs he has had the opportunity to see the OSINT strategy and techniques of thousands of investigators. He uses this knowledge to compare and show best practises from the tracking field to help OSINT investigators. Robert lowers the curtain on the skillsets and approach real trackers take. This includes everything from detecting state of mind to sign cutting concepts. This talk will allow you to see what was previously invisible to you.

Robert Sell

Robert Sell

Robert is the founder and president of the Trace Labs, a non profit organization that crowdsources open source intelligence (OSINT) to help locate missing persons. He is also the founder of his new project, the Alpha Omega Agency which focusses on teaching how to defend against corporate espionage. He has spoken at conferences and podcasts around the world on subjects such as social engineering, open source intelligence, physical security, insider threats, operational security and other topics. In 2017 and 2018 he competed at the Social Engineering Village Capture the Flag contest. He placed third in this contest (both years). In 2018, he actually ran his own Trace Labs OSINT CTF while participating (and placing 3rd) in the SECTF at Defcon Vegas. Robert is also a ten year volunteer with Search and Rescue in British Columbia, Canada. In his search & rescue capacity, Robert specializes in physically tracking lost persons and teaching first responders how to leverage OSINT. https://www.tracelabs.org/ https://www.linkedin.com/company/tracelabs/

14:30 - 15:30 UNO Reverse Card: Exposing threat actors Through Their Own Infected Devices EN

Zone 3 - Louis Armand Conference Room

This talk presents an original investigation at the crossroads of OSINT and cybercrime: the analysis of stealer logs — not from victims, but from the cybercriminals themselves.
Infostealers are malware designed to exfiltrate sensitive data to Command-and-Control (C2) servers. However, our research reveals that due to negligence or lack of operational security, some threat actors end up falling victim to their own tools. By analyzing these “leaked” or compromised stealer logs, we’ve been able to profile a wide range of actors — from inexperienced users exposing their personal credentials, to advanced operators managing multiple malware campaigns simultaneously.
Through concrete case studies, we will demonstrate how OSINT techniques can be used to turn attackers’ tools against them, exposing their practices, mistakes, and even parts of their infrastructure. This talk offers a rare behind-the-scenes look at the infostealer ecosystem and highlights how intelligence gathering can reveal the human flaws behind cybercrime.

Estelle Ruellan

Estelle Ruellan

Estelle is a Threat Intelligence Researcher at Flare. With a background in Mathematics and Criminology, Estelle lost her way into cybercrime and is now playing with lines of codes to help computers make sense of the cyber threat landscape. Estelle presented at conferences like NorthSec2025, ShmooCon 2025, Hack.lu 2024, eCrime APWG 2024 in Boston and the 23rd Annual European Society of Criminology Conference (EUROCRIM 2023) in Florence.

Oleg O.

Oleg O.

Oleg O. is a French cyber threat intelligence analyst specializing in Russian-speaking cybercrime and the broader Russian-language cybercriminal ecosystem. His research focuses on all aspects of this underground ecosystem, including ransomware operations, underground forums, bulletproof hosting services (BPH), illicit cryptocurrency exchanges, and money laundering techniques. He is the founder and editor of CybercrimeDiaries.com blog, where he publishes in-depth analyses and case studies based on my investigations. He is also a member of the Curated Intelligence research group, a collective of threat intelligence professionals sharing open-source research. LinkedIn: https://www.linkedin.com/in/oleg-oleg/ Blog: https://www.cybercrimediaries.com/ X/Twitter: https://x.com/Cyber_0leg

15:30 - 16:30 Hunting the Fake Brad Pitts: OSINT Against a Global Romance Scam EN

Zone 3 - Louis Armand Conference Room

In this talk, Marwan Ouarab, founder of Find My Scammer, reveals how open-source intelligence (OSINT) techniques helped him uncover the real identities behind a global romance scam in which fraudsters posed as Brad Pitt to deceive and extort victims worldwide. By tracing digital breadcrumbs, analyzing infrastructure, and pivoting through online identities, Marwan dismantled a network of scammers who operated with shocking coordination. This talk dives into the technical methods, investigative challenges, and the human stories at the heart of one of the most bizarre celebrity impersonation scams in recent years.

Marwan Ouarab

Marwan Ouarab

Marwan Ouarab is an OSINT investigator and founder of Find My Scammer, an independent investigation unit focused on uncovering online fraud and cybercrime. He specializes in tracking digital scammers across international borders, helping victims seek justice, and raising awareness of how social engineering schemes operate. His work has led to the exposure of multiple large-scale fraud networks — including the high-profile case of scammers impersonating actor Brad Pitt to manipulate victims emotionally and financially. LinkedIn: linkedin.com/in/marwanouarab Twitter/X: twitter.com/FindMyScammer Website: findmyscammer.com

17:00 - 21:00 Tracelabs Search Party CTF IRL EN

Zone 3 - Louis Armand Conference Room

We'll be running Tracelabs Search Party CTF live in Paris during leHACK! The event will be live from 17:00 to 21:00 Paris time and will be available only for in-person attendees. More details will come soon.Cost: FreeRegistration: To be definedWe need volunteer OSINT CoachMore information : https://docs.google.com/forms/d/e/1FAIpQLScKCb7108-BxouwkQv7SHGrCbztsxFTSey45QEd-tzyzSv31A/viewform

28/06/2025

10:00 - 11:00 “AI-Freak”: An Informational Modus Operandi EN

Zone 3 - Louis Armand Conference Room

Since the disappearance of Yevgeny Prigozhin in August 2023, the future of the Wagner PMC's digital influence operations—particularly in Africa—has raised many questions. Recent analyses suggest that these activities persist, though in a transformed manner, and now appear to be integrated into the Russian state’s broader informational influence strategy.

A key player in this new dynamic is African Initiative, a Russian news agency founded in Moscow in September 2023. It presents itself as an information bridge between Russia and Africa. Through its various channels, it disseminates pro-Russian and anti-Western content in multiple languages, including French.

This talk will detail the TTPs (Tactics, Techniques, and Procedures) of the “AI-Freak” modus operandi associated with African Initiative and will showcase several original OSINT pivots used in the investigation.

Herve Letoqueux - Viginum

Herve Letoqueux - Viginum

Hervé Letoqueux is a former judicial investigator and the founder of the association OpenFacto. He currently serves as Head of Operations at VIGINUM, a branch of the SGDSN (General Secretariat for Defence and National Security), which is responsible for detecting and analyzing foreign digital interference.  

11:00 - 12:00 Red Alert in Geneva EN

Zone 3 - Louis Armand Conference Room

The Federal intelligence service says in its annual report around 20% of Russian diplomats in Switzerland are spies. Is it possible to fact-check that using open source information or leaks ? Using the sources we found, we will try to explain our research strategy, the tools we used and who knows, find some guys or interesting profiles.

Leo and Dimitri from Inpact

Leo and Dimitri from Inpact

Inpact is more know for their leading project All Eyes On Wagner. This project focuses on Wagner and other mercenaries: tracking their activities and verifying claims of human and economic abuses. Inpact team also focuses on investigations related to Russia and its Partners, hybrid warfare. Inpact relies on open source information and witnesses account/leads sent to the team which are collected and verified. Bluesky : @aeowinpact.bsky.social X : @aeowinpact URL : alleyesonwagner.org

13:30 - 14:30 OSINT Goes To War EN

Zone 3 - Louis Armand Conference Room

Bread & butter of defence OSINT, OSINT goes to war in the Black Sea, the risks of revealing sources, and deception & countering OSINT

H I Sutton

H I Sutton

H I Sutton is an independent defence analyst, writer, and illustrator who specialises in unconventional naval strategy, capabilities and tactics. In particular, submarines and sub-surface systems, and the uncrewed revolution. To do this he combines the latest Open Source Intelligence (OSINT) with the traditional art and science of defence analysis. BlueSky: @covertshores.bsky.social Youtube: @HISuttonCovertShores Website: http://www.hisutton.com

14:30 - 15:30 Scraping the Chinese Internet: Challenges, opportunities and approaches EN

Zone 3 - Louis Armand Conference Room

This talk discusses web scraping techniques for the Chinese internet, covering sources like social media and official government websites. It highlights that, contrary to popular belief, China's political processes do not need to be a black box. Millions of government documents can be found online that can illuminate developments in the country, sometimes even on sensitive affairs. Web scraping techniques can help pry open this black box and help see the forest for the trees. Yet, the talk also focuses on how extensive challenges remain, ranging from geo-blocking to "real-name registration".

Vincent Brussee

Vincent Brussee

Combining a deep understanding of China’s political and legal system with innovative data-driven approaches, Vincent Brussee helps stakeholders understand crucial developments in China and their impact on the world. His analyses have been featured in popular media like BBC World News and Foreign Policy as well as leading academic journals like The China Quarterly. Most recently, his acclaimed book Social Credit (Palgrave Macmillan, 2023) provides a fresh and engaging analysis of China’s oft-misunderstood Social Credit System.

15:30 - 16:30 OSINT & KLEPTOCRATS EN

Zone 3 - Louis Armand Conference Room

Criminals want to own their villa on french riviera or their apartment in Dubai. No need to have police powers to find out where they invest their money. It only takes some open data and OSINT technics for journalists to follow the money. This talk covers how journalists from Le Monde investigate russian oligarchs, drug traffickers and other kleptocrats real estate assets, and why open source is so important.

Jérémie BARUCH

Jérémie BARUCH

Jeremie and Abdelhak are investigative journalists working on financial and white collars crime. They use to work on international collaborative investigations.

Abdelhak EL IDRISSI

Abdelhak EL IDRISSI

16:30 - 18:30 Russian Embargo: How to Circumvent Sanctions EN

Zone 3 - Louis Armand Conference Room

As OSINT investigative journalists, we sometimes need to combine open-source techniques with on-the-ground reporting to take our investigations further. Journalists from the program SOURCES on ARTE.tv spent months analyzing customs records, European sanctions regulations, and the technical specifications of CNC machines, which are high-precision tools used to manufacture parts for civilian and military applications. Their investigation revealed that European machines were imported into Russia via third countries in Central Asia. However, one European company flatly denied the open-source findings and the customs records available online. That’s when journalist Maëva Poulet traveled to their headquarters. There, she accessed internal documents and used open-source data to prove that the company’s records about the machine and its destination had been forged.

Maëva POULET

Maëva Poulet is an investigative journalist specializing in OSINT techniques. She began her career in 2015 at the international news channel France 24, where she spent seven years reporting on migration in Europe and conducting open-source investigations. In 2022, she joined the CAPA agency to work on Sources, a monthly investigative magazine broadcast on ARTE.TV.

21:00 - 23:55 OSINT 101: an introduction to Windows malware analysis and OSINT EN

Zone 2 - Workshop Rooms

Join us for a thrilling workshop where you’ll learn the basics of Windows malware analysis, OSINT and CTI, by extracting interesting information from a malware and using it to track down cybercriminals.

Ever wondered how people could make malicious binaries talk? Or how from a single string in a code an analyst could find its developer’s favorite music band? We bring you the best of two worlds, malware analysis and OSINT, in this introduction workshop.

By using some basic malware analysis techniques, you’ll be able to easily extract interesting information from a malware and its functionalities. With OSINT methods, you’ll find how to use the information found in the malware to pivot on data from websites, social networks, and media to extract hidden or forgotten information on your target.

With this 3 hours workshop targeting absolute beginners, you won’t become an expert in both fields, but you’ll have the opportunity to better understand how they work and discover how they can interact with each other.

Anso

OpenFacto member and CTI analyst specialised in OSINT investigations. https://bsky.app/profile/openfacto.bsky.social https://www.linkedin.com/company/open-facto/ anso@openfacto.fr

Cora

CTI analyst specialised in malware analysis. cora.reversing@proton.me

29/06/2025

00:05 - 02:00 Tracing Crypto and Understanding Context in a Decentralized World EN

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

Tanguy Laucournet

Tanguy Laucournet

Tanguy is a security engineer currently working as a Blockchain/OSINT expert at FuzzingLabs. He has five years of hands-on experience in blockchain technology, gained through multiple projects at leading tech companies and French research institutions. In addition to his expertise in blockchain, Tanguy possesses a deep knowledge of OSINT. At FuzzingLabs, he focuses on developing tools to facilitate investigations, profiling, and de-anonymization related to blockchains. Tanguy has also given talks and workshops at several conferences, including leHack, Hacklu, CTI Summit, and FirstCTI.

Mohammed Benhelli

Blockchain Security Expert

Jonathan Tondellier

Web3 – Osint

02:00 - 04:00 Phishing detection and investigation with OSINT feeds and free softwares. EN

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.

Thomas 'tAd' Damonneville

Thomas 'tAd' Damonneville

Thomas Damonneville is a security expert, founder at StalkPhish, CERT analyst. He do tools, investigations, awareness, since some years now. https://www.linkedin.com/in/thdamon/ https://bsky.app/profile/o0tad0o.bsky.social

Home
https://www.linkedin.com/company/stalkphish https://bsky.app/profile/stalkphish.bsky.social

workshops TRACK

29/06/2025

00:05 - 02:00 Tracing Crypto and Understanding Context in a Decentralized World EN

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

Tanguy Laucournet

Tanguy Laucournet

Tanguy is a security engineer currently working as a Blockchain/OSINT expert at FuzzingLabs. He has five years of hands-on experience in blockchain technology, gained through multiple projects at leading tech companies and French research institutions. In addition to his expertise in blockchain, Tanguy possesses a deep knowledge of OSINT. At FuzzingLabs, he focuses on developing tools to facilitate investigations, profiling, and de-anonymization related to blockchains. Tanguy has also given talks and workshops at several conferences, including leHack, Hacklu, CTI Summit, and FirstCTI.

Mohammed Benhelli

Blockchain Security Expert

Jonathan Tondellier

Web3 – Osint

02:00 - 04:00 Phishing detection and investigation with OSINT feeds and free softwares. EN

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.

Thomas 'tAd' Damonneville

Thomas 'tAd' Damonneville

Thomas Damonneville is a security expert, founder at StalkPhish, CERT analyst. He do tools, investigations, awareness, since some years now. https://www.linkedin.com/in/thdamon/ https://bsky.app/profile/o0tad0o.bsky.social

Home
https://www.linkedin.com/company/stalkphish https://bsky.app/profile/stalkphish.bsky.social