This undated presentation from NSA’s UK-based Menwith Hill station describes the various uses of open source intelligence (OSINT) in computer network operations, including the monitoring of hacker forums and spotting opportunities for so-called “Fourth Party Collection”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
These three slides, taken from a 11 April 2013 NSA presentation show screenshots from a tool called CyberCOP, which appears to monitor botnets and the DDOS attacks they perform: see the NDR.de article Cyberkrieg: Wie gefährdet ist Deutschland?, 12 January 2015.
This GCHQ presentation, given to the 2012 SigDev Conference by a representatives of the Joint Threat Research and Intelligence Group (JTRIG) and Cyber Defence Operations (CDO) describes how JTRIG attempts to “deny, disrupt, degrade and deceive” its targets. Speaker notes are included: see the NBC News article Snowden Docs: British Spies Used Sex and ‘Dirty Tricks’, 7 February 2014.