SlideShare une entreprise Scribd logo

Open Source Information Gathering Brucon Edition

Chris Gates
Chris Gates

Open Source Information Gathering

Technologie
1  sur  68
Shameless Self Promotion  Blogger...carnal0wnage.attackresearch.com.  Metasploit Project.  Attack Research.  Security Twit  carnal0wnage.  Want more? Use what I'm about to teach you...or just ask…I like hoegaarden.
Information Gathering Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later. -Christian Martorella Edge-Security Fist Conference 2009 http://www.fistconference.org/
OSINT Open Source INTelligence “Is an information processing discipline that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.” http://en.wikipedia.org/wiki/Open_Source_Intelligence
We want to turn…
Into…
Or…
Why Do OSINT?  Open Source Intelligence Gathering is your critical first step to Full Scope Pentesting or Real World attacking.  It simulates REAL WORLD reconnaissance.  Anything on the net is in scope…. Users are fair game for client-sides.  Any boxes you own are in scope…. No boxes are off limits.  Do you know what information you, your employees, or your company has put out there?
Typical Pentesting Methodology Post- Cover Write Recon Scan Enumerate Exploit Exploit Tracks Report
What We Focus On Currently Post- Cover Recon Scan Enumerate Exploit Exploit Tracks Write Report
Real World Hacking Methodology Discover What Makes The Company Money Do Whatever Steal It It Takes… Discover What Is Valuable To The Attacker
Definitions!?  A few definitions to get out of the way...I'll try to make it as painless as possible.  But, we're going have to read...yeah sad face.
Types of Information Gathering  Passive  Semi-Passive  Active  Category Descriptions From http://www.paterva.com/web3/services/information-gathering- service/
Passive Information Gathering  Passive  Great care is taken to ensure that the target organization does not detect the profiling. This means that no packets can ever be sent to the target.  This type of profiling is typically time intensive. NO TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
Semi-Passive Information Gathering  Semi-Passive  Profiling the target with methods that would appear to the target as normal Internet traffic and behavior. NORMAL TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
Active Information Gathering  Active  This type of profiling should be detected by the target organization.  Actively seeking out new/unpublished servers, directories, files, documents along with full network visibility scans. ABNORMAL TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
Categories of Information Gathering  Two General Types  Infrastructure.  People / Organization.
Infrastructure Information Gathering  Infrastructure  Every organization with an Internet presence requires some form of infrastructure to support that presence. That information is what we want to discover.  Infrastructure profiling is far easier to do and automate than people/organization profiling which is more manual.
Categories of Information Gathering  Infrastructure
Categories of Information Gathering  Infrastructure
People/Organization Information Gathering  People / Organization  Every organization requires people to support that organization. How runs the company? Who runs IT? Who runs finance/HR? That information is what we want to discover.  People / Organization profiling is much more difficult to do and automate than infrastructure. Which John Doe is the right one?
Categories of Information Gathering  People / Organization
Where Does This Information Come From?  Web 2.0…How I <3 thee…  Public data and records.  Information that is mandatory for the Internet (DNS, whois, MX).  Private data we pay for i.e. Lexis Nexis/Choice Point/Find a Friend/Spoke/Zoominfo.  Data placed there by the target.  Data placed there by the target's users.
How Do We Find It?  Information that is mandatory for the Internet.  DNS, MX, Web.  Whois.  Data placed there by the target.  Voluntarily.  Required by State/Federal law.  Data placed there by the target's users.  Voluntarily.  Required by State/Federal law.
Considerations  Tons of Information.  Can be hard to sort through.  Some data gathering/analysis can be automated.  Maltego!  And other tools.  Other data needs a human to sort through.  Brain!  But now Maltego Mesh can help
Infrastructure Intelligence Gathering  How would you like to discover ALL networks/netblocks a target organization owns.  How would you like to discover a target organization’s presence in other countries (.co.uk, .de, .be, etc).  We want to build that infrastructure diagram without the target knowing we are doing it!
Infrastructure: Identify Other Netblocks  Identify other networks/netblocks
Infrastructure: Discover Other TLDs  Expand out to other TLDs
Infrastructure: Bruteforce DNS names  Bruteforce DNS names
Infrastructure: Identify Even More Netblocks  Find more net blocks
Infrastructure: Using Maltego Mesh
Infrastructure: Useful Tools  Tools to get it done  Maltego  ServerSniff.net  Robtex.com  Clez.net  CentralOps.net  Rsnake’s fierce.pl  PassiveRecon Firefox Plugin
People/Organization Intelligence Gathering  To create personnel & organization profiles, deliver client-side attacks, or prepare for Social Engineering engagements we gather information on a organization's users or a particular user.  What information has been placed in the public domain by the company or its users?  Can I identify key personnel? Can I develop an understanding of corporate culture?
People / Organization: Email Harvesting  Harvest Email Addresses
People / Organization: Email Harvesting  Harvest Email Addresses
People / Organization: Email Harvesting  Harvest Email Addresses  Searching for other TLDs was handy.
People / Organization: Email Harvesting  Emails can be turned into users.
People / Organization: Email Harvesting  Which can be turned into new friends and associates.
People / Organization: Email Harvesting Tools  Tools to get it done  Maltego  theHarvester  PassiveRecon Firefox Plugin
People / Organization: Document Metadata  Documents contain all sort of useful information  Useful Extensions. .pst .cfg .pcf .pdf .qmd .tax .dif .doc .docx .xls .xlsx .ppt .pptx .dbf .qdb .qsd .qtx .idx .qif .mny .txt .odt .ods .odp .ofx .ofc .vcf .rtf  **Not a full list**
People / Organization: Document Metadata  Documents contain all sort of useful information
People / Organization: Document Metadata  Documents contain all sort of useful information
People / Organization: Document Metadata  FOCA
People / Organization: Document Metadata  FOCA
People / Organization: Document Metadata  Metadata to discover usernames
People / Organization: Document Metadata  Metadata to discover usernames  Use Maltego to link usernames to people on the web.
People / Organization: Document Metadata  Metadata to discover versions of software being used.
People / Organization: Document Metadata  Office on Windows vs Office on Mac vs OpenOffice
People / Organization: Document Metadata  Issues.  Libextract sux for newer pdfs. Telrad_ArchitecturePatent_PR.pdf Creator=>"Acrobat PDFMaker 7.0.7 for Word", _EmailSubject=>"MVNO", Producer=>"Acrobat Distiller 7.0.5 (Windows)", SourceModified=>"D20060907143303", _AuthorEmailDisplayName=>"Itshak Aizner", ModDate=>"D20060907173408+03'00'", _AuthorEmail=>"itshak.aizner@telrad.com", Title=>"For Immediate Release",  Ruby + pdf-parse can _AdHocReviewCycleID=>"-169073906", CreationDate=>"D20060907173340+03'00'", help us with that problem. Company=>"Telrad Networks Ltd.", _PreviousAdHocReviewCycleID=>"1049106379", Author=>"Rebecca Rachmany“  FOCA too.
People / Organization: Doc Metadata Tools  Tools to get it done  Maltego  Metagoofil  PassiveRecon Firefox Plugin  FOCA  Goolag  Roll your own with ruby & rubygem pdf-reader
People / Organization: Organization Profiling  Online tools to find employees of companies  Most have APIs  Write your own tools to script infogathering  Write local transforms for Maltego
People / Organization: Org Profiling Tools  Tools to get it done  Maltego  Zoominfo  Spoke  Xing  Spokeo  123people  Pipl
People / Organization: People Profiling  Handles are awesome and usually unique.
People / Organization: People Profiling  Handles are awesome and usually unique.
People / Organization: People Profiling  Especially if you can turn them into twitter usernames or other social network profiles.
People / Organization: People Profiling  Then we can see who they write tweets to and receive tweets from.
People / Organization: People Profiling  Then we can see who they write tweets to and receive tweets from.
People / Organization: People Profiling  Then we can see who are common friends.
People / Organization: People Profiling  Tons of information is placed into the public domain.
People / Organization: People Profiling  Tons of information is placed into the public domain.
People / Organization: People Profiling  Tons of information is placed into the public domain.
People / Organization: People Profiling Tools  Tools to get it done  Maltego  Maltego Mesh  knowem.com  friendscall.me  namechk.com  usernamecheck.com  tweepz.com  tweepsearch.com
Final Considerations  If someone doesn’t have strong Internet presence can I become them?  Create gmail accounts.  Register them on Linkedin.  Skype/Gtalk/MSN/be them on IRC or SILC.  Register them on Facebook/Myspace/Twitter/etc.  Create their blog.  Or can I create a company employee and “make new friends”?
Educate Yourself  Useful Resources  Paterva  Maltego. Go Buy It!  http://www.paterva.com/web4/index.php/media/presentations  Christian Martorella (Edge-Security)  http://laramies.blogspot.com/  http://www.edge-security.com/presentations.php  Larry Pesche  Document Metadata, the Silent Killer  P2P Information Disclosure  Rob Fuller (mubix)  http://www.room362.com/
Open Source Information Gathering Brucon Edition

Recommandé

Information gathering
Information gatheringInformation gathering
Information gatheringMaulik Kotak
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainChristian Martorella
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 

Recommandé

Information gathering
Information gatheringInformation gathering
Information gatheringMaulik Kotak
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainChristian Martorella
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegumJamieMcMurray
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 Shubham Mittal
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new DefensesGoogle Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new DefensesFlavio Toffalini
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltegoChris Hammond-Thrasher
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1robin_bene
 
Information as its source
Information as its sourceInformation as its source
Information as its sourceCheldy S, Elumba-Pableo
 

Contenu connexe

Tendances

OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegumJamieMcMurray
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 Shubham Mittal
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new DefensesGoogle Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new DefensesFlavio Toffalini
 

Tendances (20)

OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google Hacking
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistry
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegum
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017 DataSploit - BlackHat Asia 2017
DataSploit - BlackHat Asia 2017
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Google Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new DefensesGoogle Dorks: Analysis, Creation, and new Defenses
Google Dorks: Analysis, Creation, and new Defenses
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
 

En vedette

Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1robin_bene
 
Cyber Security Experts Forum
Cyber Security Experts ForumCyber Security Experts Forum
Cyber Security Experts ForumMelissa Krasnow
 
Originales y pre impresi
Originales y pre impresiOriginales y pre impresi
Originales y pre impresianunciarte
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Sources of information
Sources of informationSources of information
Sources of informationshemilore
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Lateral Movement - Hacker Halted 2016
Lateral Movement - Hacker Halted 2016Lateral Movement - Hacker Halted 2016
Lateral Movement - Hacker Halted 2016Xavier Ashe
 
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the YearJeremiah Grossman
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into ItCTruncer
 

En vedette (20)

Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
 
Information as its source
Information as its sourceInformation as its source
Information as its source
 
Brit India Wiki
Brit India WikiBrit India Wiki
Brit India Wiki
 
Cyber Security Experts Forum
Cyber Security Experts ForumCyber Security Experts Forum
Cyber Security Experts Forum
 
Originales y pre impresi
Originales y pre impresiOriginales y pre impresi
Originales y pre impresi
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Sources of information
Sources of informationSources of information
Sources of information
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Lateral Movement - Hacker Halted 2016
Lateral Movement - Hacker Halted 2016Lateral Movement - Hacker Halted 2016
Lateral Movement - Hacker Halted 2016
 
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
2010: A Web Hacking Odyssey - Top Ten Hacks of the Year
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
 

Similaire à Open Source Information Gathering Brucon Edition

Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Maximiliano Soler
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC PresentationTara Hunt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Alexander Kot
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyeBoost Consulting
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
"Using Web 2.0 as a Weapon Against Corruption"
"Using Web 2.0 as a Weapon Against Corruption" "Using Web 2.0 as a Weapon Against Corruption"
"Using Web 2.0 as a Weapon Against Corruption" J T "Tom" Johnson
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 

Similaire à Open Source Information Gathering Brucon Edition (20)

Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkill
 
ACTIVITY1 FCS.pptx
ACTIVITY1 FCS.pptxACTIVITY1 FCS.pptx
ACTIVITY1 FCS.pptx
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC Presentation
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet Privacy
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
"Using Web 2.0 as a Weapon Against Corruption"
"Using Web 2.0 as a Weapon Against Corruption" "Using Web 2.0 as a Weapon Against Corruption"
"Using Web 2.0 as a Weapon Against Corruption"
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 

Plus de Chris Gates

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVChris Gates
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018Chris Gates
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 

Plus de Chris Gates (20)

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library)
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 

Dernier

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Dernier (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Open Source Information Gathering Brucon Edition

  • 1.
  • 2. Shameless Self Promotion  Blogger...carnal0wnage.attackresearch.com.  Metasploit Project.  Attack Research.  Security Twit  carnal0wnage.  Want more? Use what I'm about to teach you...or just ask…I like hoegaarden.
  • 3. Information Gathering Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later. -Christian Martorella Edge-Security Fist Conference 2009 http://www.fistconference.org/
  • 4. OSINT Open Source INTelligence “Is an information processing discipline that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.” http://en.wikipedia.org/wiki/Open_Source_Intelligence
  • 5. We want to turn…
  • 8. Why Do OSINT?  Open Source Intelligence Gathering is your critical first step to Full Scope Pentesting or Real World attacking.  It simulates REAL WORLD reconnaissance.  Anything on the net is in scope…. Users are fair game for client-sides.  Any boxes you own are in scope…. No boxes are off limits.  Do you know what information you, your employees, or your company has put out there?
  • 9. Typical Pentesting Methodology Post- Cover Write Recon Scan Enumerate Exploit Exploit Tracks Report
  • 10. What We Focus On Currently Post- Cover Recon Scan Enumerate Exploit Exploit Tracks Write Report
  • 11. Real World Hacking Methodology Discover What Makes The Company Money Do Whatever Steal It It Takes… Discover What Is Valuable To The Attacker
  • 12. Definitions!?  A few definitions to get out of the way...I'll try to make it as painless as possible.  But, we're going have to read...yeah sad face.
  • 13. Types of Information Gathering  Passive  Semi-Passive  Active  Category Descriptions From http://www.paterva.com/web3/services/information-gathering- service/
  • 14. Passive Information Gathering  Passive  Great care is taken to ensure that the target organization does not detect the profiling. This means that no packets can ever be sent to the target.  This type of profiling is typically time intensive. NO TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
  • 15. Semi-Passive Information Gathering  Semi-Passive  Profiling the target with methods that would appear to the target as normal Internet traffic and behavior. NORMAL TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
  • 16. Active Information Gathering  Active  This type of profiling should be detected by the target organization.  Actively seeking out new/unpublished servers, directories, files, documents along with full network visibility scans. ABNORMAL TRAFFIC  From http://www.paterva.com/web3/services/information-gathering-service/
  • 17. Categories of Information Gathering  Two General Types  Infrastructure.  People / Organization.
  • 18. Infrastructure Information Gathering  Infrastructure  Every organization with an Internet presence requires some form of infrastructure to support that presence. That information is what we want to discover.  Infrastructure profiling is far easier to do and automate than people/organization profiling which is more manual.
  • 19. Categories of Information Gathering  Infrastructure
  • 20. Categories of Information Gathering  Infrastructure
  • 21. People/Organization Information Gathering  People / Organization  Every organization requires people to support that organization. How runs the company? Who runs IT? Who runs finance/HR? That information is what we want to discover.  People / Organization profiling is much more difficult to do and automate than infrastructure. Which John Doe is the right one?
  • 22. Categories of Information Gathering  People / Organization
  • 23. Where Does This Information Come From?  Web 2.0…How I <3 thee…  Public data and records.  Information that is mandatory for the Internet (DNS, whois, MX).  Private data we pay for i.e. Lexis Nexis/Choice Point/Find a Friend/Spoke/Zoominfo.  Data placed there by the target.  Data placed there by the target's users.
  • 24. How Do We Find It?  Information that is mandatory for the Internet.  DNS, MX, Web.  Whois.  Data placed there by the target.  Voluntarily.  Required by State/Federal law.  Data placed there by the target's users.  Voluntarily.  Required by State/Federal law.
  • 25. Considerations  Tons of Information.  Can be hard to sort through.  Some data gathering/analysis can be automated.  Maltego!  And other tools.  Other data needs a human to sort through.  Brain!  But now Maltego Mesh can help
  • 26.
  • 27. Infrastructure Intelligence Gathering  How would you like to discover ALL networks/netblocks a target organization owns.  How would you like to discover a target organization’s presence in other countries (.co.uk, .de, .be, etc).  We want to build that infrastructure diagram without the target knowing we are doing it!
  • 28. Infrastructure: Identify Other Netblocks  Identify other networks/netblocks
  • 29. Infrastructure: Discover Other TLDs  Expand out to other TLDs
  • 30. Infrastructure: Bruteforce DNS names  Bruteforce DNS names
  • 31. Infrastructure: Identify Even More Netblocks  Find more net blocks
  • 33. Infrastructure: Useful Tools  Tools to get it done  Maltego  ServerSniff.net  Robtex.com  Clez.net  CentralOps.net  Rsnake’s fierce.pl  PassiveRecon Firefox Plugin
  • 34. People/Organization Intelligence Gathering  To create personnel & organization profiles, deliver client-side attacks, or prepare for Social Engineering engagements we gather information on a organization's users or a particular user.  What information has been placed in the public domain by the company or its users?  Can I identify key personnel? Can I develop an understanding of corporate culture?
  • 35. People / Organization: Email Harvesting  Harvest Email Addresses
  • 36. People / Organization: Email Harvesting  Harvest Email Addresses
  • 37. People / Organization: Email Harvesting  Harvest Email Addresses  Searching for other TLDs was handy.
  • 38. People / Organization: Email Harvesting  Emails can be turned into users.
  • 39. People / Organization: Email Harvesting  Which can be turned into new friends and associates.
  • 40. People / Organization: Email Harvesting Tools  Tools to get it done  Maltego  theHarvester  PassiveRecon Firefox Plugin
  • 41. People / Organization: Document Metadata  Documents contain all sort of useful information  Useful Extensions. .pst .cfg .pcf .pdf .qmd .tax .dif .doc .docx .xls .xlsx .ppt .pptx .dbf .qdb .qsd .qtx .idx .qif .mny .txt .odt .ods .odp .ofx .ofc .vcf .rtf  **Not a full list**
  • 42. People / Organization: Document Metadata  Documents contain all sort of useful information
  • 43. People / Organization: Document Metadata  Documents contain all sort of useful information
  • 44. People / Organization: Document Metadata  FOCA
  • 45. People / Organization: Document Metadata  FOCA
  • 46. People / Organization: Document Metadata  Metadata to discover usernames
  • 47. People / Organization: Document Metadata  Metadata to discover usernames  Use Maltego to link usernames to people on the web.
  • 48. People / Organization: Document Metadata  Metadata to discover versions of software being used.
  • 49. People / Organization: Document Metadata  Office on Windows vs Office on Mac vs OpenOffice
  • 50. People / Organization: Document Metadata  Issues.  Libextract sux for newer pdfs. Telrad_ArchitecturePatent_PR.pdf Creator=>"Acrobat PDFMaker 7.0.7 for Word", _EmailSubject=>"MVNO", Producer=>"Acrobat Distiller 7.0.5 (Windows)", SourceModified=>"D20060907143303", _AuthorEmailDisplayName=>"Itshak Aizner", ModDate=>"D20060907173408+03'00'", _AuthorEmail=>"itshak.aizner@telrad.com", Title=>"For Immediate Release",  Ruby + pdf-parse can _AdHocReviewCycleID=>"-169073906", CreationDate=>"D20060907173340+03'00'", help us with that problem. Company=>"Telrad Networks Ltd.", _PreviousAdHocReviewCycleID=>"1049106379", Author=>"Rebecca Rachmany“  FOCA too.
  • 51. People / Organization: Doc Metadata Tools  Tools to get it done  Maltego  Metagoofil  PassiveRecon Firefox Plugin  FOCA  Goolag  Roll your own with ruby & rubygem pdf-reader
  • 52. People / Organization: Organization Profiling  Online tools to find employees of companies  Most have APIs  Write your own tools to script infogathering  Write local transforms for Maltego
  • 53. People / Organization: Org Profiling Tools  Tools to get it done  Maltego  Zoominfo  Spoke  Xing  Spokeo  123people  Pipl
  • 54. People / Organization: People Profiling  Handles are awesome and usually unique.
  • 55. People / Organization: People Profiling  Handles are awesome and usually unique.
  • 56. People / Organization: People Profiling  Especially if you can turn them into twitter usernames or other social network profiles.
  • 57. People / Organization: People Profiling  Then we can see who they write tweets to and receive tweets from.
  • 58. People / Organization: People Profiling  Then we can see who they write tweets to and receive tweets from.
  • 59. People / Organization: People Profiling  Then we can see who are common friends.
  • 60. People / Organization: People Profiling  Tons of information is placed into the public domain.
  • 61. People / Organization: People Profiling  Tons of information is placed into the public domain.
  • 62. People / Organization: People Profiling  Tons of information is placed into the public domain.
  • 63. People / Organization: People Profiling Tools  Tools to get it done  Maltego  Maltego Mesh  knowem.com  friendscall.me  namechk.com  usernamecheck.com  tweepz.com  tweepsearch.com
  • 64. Final Considerations  If someone doesn’t have strong Internet presence can I become them?  Create gmail accounts.  Register them on Linkedin.  Skype/Gtalk/MSN/be them on IRC or SILC.  Register them on Facebook/Myspace/Twitter/etc.  Create their blog.  Or can I create a company employee and “make new friends”?
  • 65.
  • 66.
  • 67. Educate Yourself  Useful Resources  Paterva  Maltego. Go Buy It!  http://www.paterva.com/web4/index.php/media/presentations  Christian Martorella (Edge-Security)  http://laramies.blogspot.com/  http://www.edge-security.com/presentations.php  Larry Pesche  Document Metadata, the Silent Killer  P2P Information Disclosure  Rob Fuller (mubix)  http://www.room362.com/