Uploaded on

null Mumbai April 2012 Meet

null Mumbai April 2012 Meet

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,874
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
28
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Leveraging OSINT inPenetration Testing By: Ashish Mistry
  • 2. #whoami● Ashish Mistry● Individual infosec researcher & trainer● www.Hcon.in● HconSTF open source security framework● Hcon Library initiative● Contact : – Fb : Root.hcon – Tw : @hconmedia
  • 3. OSINT – Open Source INTelligence● It is NOT related to open source software● It is NOT related to open source licenses● It is NOT related to artificial intelligence
  • 4. What Is OSINT ?Wikipedia :“Open-source intelligence (OSINT) is aform of intelligence collection managementthat involves finding, selecting, andacquiring information from publiclyavailable sources and analyzing it toproduce actionable intelligence”
  • 5. What is OSINT ? Publicly available information Select / Collecting and storing itAnalysis and relating and filtering it More target specific information ATTACKS
  • 6. Why OSINT works ?
  • 7. Humans are social beingswe love to share information
  • 8. We share information that we are not suppose to share
  • 9. Sometime it is necessary to give out that much information
  • 10. So what is the problem ??
  • 11. internet
  • 12. Why OSINT for pentesting ?
  • 13. Some things to consider● Passive (most of it)● Legally provides much larger and wider view towards the target company / person● Uncovers more attack surface● Narrow downs many attack vectors● Helps when you dont have 0days● More specific social engineering attack vector can be crafted● Helps in other steps in a pentest
  • 14. Leveraging OSINT● Reconnaissance● Vulnerability analysis● Privilege escalation● Social engineering/ profiling people
  • 15. Reconnaissance● We can have information like – OS – IP – Software / Versions – Geo location
  • 16. From :● Metadata : – Foca , metagoofil , maltego, exiftool● Online sites : – Shodanhq, Serversniff, netcraft,centralops● Dns/who is info● FF extensions – wappalyzer – Passive recon
  • 17. Vulnerability analysis● Path discloser● Footholds● Web Server Detection● Vulnerable Files● Vulnerable Servers● Error Messages● Network or vulnerability data● Various Online Devices● Advisories and Vulnerabilities● XSS / LFI / RFI
  • 18. from● Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress● FF extension: – Meta generator version check● Metadata● http://www.1337day.com/webapps
  • 19. Privilege escalationWe can have potential● User names● Passwords● Login panelsfor more useful & accurate wordlistgeneration
  • 20. From ?● Metadata : – Foca , metagoofil , maltego● Emails : – Theharvester , esearchy● Public profiling information – Social media ● Phone numbers ● Family member names ● Birth dates
  • 21. From cont..● Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals● Wordlist generation : – wyd , cupp, crunch
  • 22. Social engineering / profiling people● All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures
  • 23. From ?● People lookup databases● Social networks● Local yellow pages● Mtnl / bsnl tele. Dir● Public mobile info. services
  • 24. What can we have from OSINT ?
  • 25. ● Email addresses● Phone numbers● User names / password● OS info● IP info● Softwares / version● Geo location● Personal details● vulnerabilities
  • 26. tools● Foca , metagoofil, exiftool, wyd● Theharvester, esearchy● FF extentions – Pasive recon, meta generator, wappalyzer, exiftool● Sitedigger, seat, search diggity● Creepy, fbpwn● Maltego , netglub
  • 27. Online resources● Netcraft, centralops, shodanhq, serversniff● Ghdb● foca online, regex.info/exif.cgi● http://tineye.com , http://picfog.com● https://twitpic.com/search ,http://www.pixsy.com/● Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text
  • 28. Online resources cont...● document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:
  • 29. Online resources cont...● Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/● People search – 123people – Pipl – openbook
  • 30. Online resources cont...● Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm
  • 31. Prevention / counter measures● Policies for social networks – Hr , pr , marketing● Sanitize documents – Remove metadata ● Metadata anonymizing toolkit – MAT ● Oometa extractor , Doc scrubber ● Exiftool ● openDLP , myDLP● Websites – Block UA , dir, custom error msg
  • 32. Thank youQuestions ??