Your SlideShare is downloading. ×

Osint ashish mistry

2,004

Published on

null Mumbai April 2012 Meet

null Mumbai April 2012 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,004
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Leveraging OSINT inPenetration Testing By: Ashish Mistry
  • 2. #whoami● Ashish Mistry● Individual infosec researcher & trainer● www.Hcon.in● HconSTF open source security framework● Hcon Library initiative● Contact : – Fb : Root.hcon – Tw : @hconmedia
  • 3. OSINT – Open Source INTelligence● It is NOT related to open source software● It is NOT related to open source licenses● It is NOT related to artificial intelligence
  • 4. What Is OSINT ?Wikipedia :“Open-source intelligence (OSINT) is aform of intelligence collection managementthat involves finding, selecting, andacquiring information from publiclyavailable sources and analyzing it toproduce actionable intelligence”
  • 5. What is OSINT ? Publicly available information Select / Collecting and storing itAnalysis and relating and filtering it More target specific information ATTACKS
  • 6. Why OSINT works ?
  • 7. Humans are social beingswe love to share information
  • 8. We share information that we are not suppose to share
  • 9. Sometime it is necessary to give out that much information
  • 10. So what is the problem ??
  • 11. internet
  • 12. Why OSINT for pentesting ?
  • 13. Some things to consider● Passive (most of it)● Legally provides much larger and wider view towards the target company / person● Uncovers more attack surface● Narrow downs many attack vectors● Helps when you dont have 0days● More specific social engineering attack vector can be crafted● Helps in other steps in a pentest
  • 14. Leveraging OSINT● Reconnaissance● Vulnerability analysis● Privilege escalation● Social engineering/ profiling people
  • 15. Reconnaissance● We can have information like – OS – IP – Software / Versions – Geo location
  • 16. From :● Metadata : – Foca , metagoofil , maltego, exiftool● Online sites : – Shodanhq, Serversniff, netcraft,centralops● Dns/who is info● FF extensions – wappalyzer – Passive recon
  • 17. Vulnerability analysis● Path discloser● Footholds● Web Server Detection● Vulnerable Files● Vulnerable Servers● Error Messages● Network or vulnerability data● Various Online Devices● Advisories and Vulnerabilities● XSS / LFI / RFI
  • 18. from● Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress● FF extension: – Meta generator version check● Metadata● http://www.1337day.com/webapps
  • 19. Privilege escalationWe can have potential● User names● Passwords● Login panelsfor more useful & accurate wordlistgeneration
  • 20. From ?● Metadata : – Foca , metagoofil , maltego● Emails : – Theharvester , esearchy● Public profiling information – Social media ● Phone numbers ● Family member names ● Birth dates
  • 21. From cont..● Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals● Wordlist generation : – wyd , cupp, crunch
  • 22. Social engineering / profiling people● All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures
  • 23. From ?● People lookup databases● Social networks● Local yellow pages● Mtnl / bsnl tele. Dir● Public mobile info. services
  • 24. What can we have from OSINT ?
  • 25. ● Email addresses● Phone numbers● User names / password● OS info● IP info● Softwares / version● Geo location● Personal details● vulnerabilities
  • 26. tools● Foca , metagoofil, exiftool, wyd● Theharvester, esearchy● FF extentions – Pasive recon, meta generator, wappalyzer, exiftool● Sitedigger, seat, search diggity● Creepy, fbpwn● Maltego , netglub
  • 27. Online resources● Netcraft, centralops, shodanhq, serversniff● Ghdb● foca online, regex.info/exif.cgi● http://tineye.com , http://picfog.com● https://twitpic.com/search ,http://www.pixsy.com/● Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text
  • 28. Online resources cont...● document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:
  • 29. Online resources cont...● Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/● People search – 123people – Pipl – openbook
  • 30. Online resources cont...● Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm
  • 31. Prevention / counter measures● Policies for social networks – Hr , pr , marketing● Sanitize documents – Remove metadata ● Metadata anonymizing toolkit – MAT ● Oometa extractor , Doc scrubber ● Exiftool ● openDLP , myDLP● Websites – Block UA , dir, custom error msg
  • 32. Thank youQuestions ??

×