Osint ashish mistry

2,488 views
2,294 views

Published on

null Mumbai April 2012 Meet

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,488
On SlideShare
0
From Embeds
0
Number of Embeds
375
Actions
Shares
0
Downloads
43
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Osint ashish mistry

  1. 1. Leveraging OSINT inPenetration Testing By: Ashish Mistry
  2. 2. #whoami● Ashish Mistry● Individual infosec researcher & trainer● www.Hcon.in● HconSTF open source security framework● Hcon Library initiative● Contact : – Fb : Root.hcon – Tw : @hconmedia
  3. 3. OSINT – Open Source INTelligence● It is NOT related to open source software● It is NOT related to open source licenses● It is NOT related to artificial intelligence
  4. 4. What Is OSINT ?Wikipedia :“Open-source intelligence (OSINT) is aform of intelligence collection managementthat involves finding, selecting, andacquiring information from publiclyavailable sources and analyzing it toproduce actionable intelligence”
  5. 5. What is OSINT ? Publicly available information Select / Collecting and storing itAnalysis and relating and filtering it More target specific information ATTACKS
  6. 6. Why OSINT works ?
  7. 7. Humans are social beingswe love to share information
  8. 8. We share information that we are not suppose to share
  9. 9. Sometime it is necessary to give out that much information
  10. 10. So what is the problem ??
  11. 11. internet
  12. 12. Why OSINT for pentesting ?
  13. 13. Some things to consider● Passive (most of it)● Legally provides much larger and wider view towards the target company / person● Uncovers more attack surface● Narrow downs many attack vectors● Helps when you dont have 0days● More specific social engineering attack vector can be crafted● Helps in other steps in a pentest
  14. 14. Leveraging OSINT● Reconnaissance● Vulnerability analysis● Privilege escalation● Social engineering/ profiling people
  15. 15. Reconnaissance● We can have information like – OS – IP – Software / Versions – Geo location
  16. 16. From :● Metadata : – Foca , metagoofil , maltego, exiftool● Online sites : – Shodanhq, Serversniff, netcraft,centralops● Dns/who is info● FF extensions – wappalyzer – Passive recon
  17. 17. Vulnerability analysis● Path discloser● Footholds● Web Server Detection● Vulnerable Files● Vulnerable Servers● Error Messages● Network or vulnerability data● Various Online Devices● Advisories and Vulnerabilities● XSS / LFI / RFI
  18. 18. from● Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress● FF extension: – Meta generator version check● Metadata● http://www.1337day.com/webapps
  19. 19. Privilege escalationWe can have potential● User names● Passwords● Login panelsfor more useful & accurate wordlistgeneration
  20. 20. From ?● Metadata : – Foca , metagoofil , maltego● Emails : – Theharvester , esearchy● Public profiling information – Social media ● Phone numbers ● Family member names ● Birth dates
  21. 21. From cont..● Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals● Wordlist generation : – wyd , cupp, crunch
  22. 22. Social engineering / profiling people● All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures
  23. 23. From ?● People lookup databases● Social networks● Local yellow pages● Mtnl / bsnl tele. Dir● Public mobile info. services
  24. 24. What can we have from OSINT ?
  25. 25. ● Email addresses● Phone numbers● User names / password● OS info● IP info● Softwares / version● Geo location● Personal details● vulnerabilities
  26. 26. tools● Foca , metagoofil, exiftool, wyd● Theharvester, esearchy● FF extentions – Pasive recon, meta generator, wappalyzer, exiftool● Sitedigger, seat, search diggity● Creepy, fbpwn● Maltego , netglub
  27. 27. Online resources● Netcraft, centralops, shodanhq, serversniff● Ghdb● foca online, regex.info/exif.cgi● http://tineye.com , http://picfog.com● https://twitpic.com/search ,http://www.pixsy.com/● Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text
  28. 28. Online resources cont...● document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:
  29. 29. Online resources cont...● Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/● People search – 123people – Pipl – openbook
  30. 30. Online resources cont...● Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm
  31. 31. Prevention / counter measures● Policies for social networks – Hr , pr , marketing● Sanitize documents – Remove metadata ● Metadata anonymizing toolkit – MAT ● Oometa extractor , Doc scrubber ● Exiftool ● openDLP , myDLP● Websites – Block UA , dir, custom error msg
  32. 32. Thank youQuestions ??

×