Successfully reported this slideshow.

Tactical Information Gathering

22

Share

Oct. 01, 2009
22 likes 89,969 views
Upcoming SlideShare
LD4 Wikidata Affinity Group - Shorthouse
LD4 Wikidata Affinity Group - Shorthouse
Loading in …3
×
1 of 123
1 of 123

Tactical Information Gathering

Oct. 01, 2009
22 likes 89,969 views

22

Share

Download to read offline

Technology Travel Education

This presentation shows new sources where information could be gathered from a target victim or company. Useful for penetration testers :)

This presentation shows new sources where information could be gathered from a target victim or company. Useful for penetration testers :)

Technology Travel Education

Recommended

More Related Content

Viewers also liked

Linked Data
Danny Ayers
Brief Introduction to Linked Data
Robert Sanderson
Explaining The Semantic Web
Aditya Tuli
Osint 2ool-kit-on the-go-bag-o-tradecraft
Steph Cliche
Knowledge Integration in Practice
Peter Mika
Data, databases and what you can do with them
Browne Jacobson LLP
Semantic Web, e-commerce
Semantic Web San Diego
Information Extraction and Linked Data Cloud
Dhaval Thakker
How to Build Linked Data Sites with Drupal 7 and RDFa
scorlosquet
Spooky Halloween IT Security Lecture -- The Deep Web
Nicholas Davis
Linking Open Data with Drupal
emmanuel_jamin
Semantic Search on the Rise
Peter Mika
The Art of Social Media Analysis with Twitter & Python
Krishna Sankar
Information Extraction from Text, presented @ Deloitte
Deep Kayal
Web 3.0 Emerging
James Hendler
Semantic search: from document retrieval to virtual assistants
Peter Mika
Semantic Search tutorial at SemTech 2012
Peter Mika
Analyzing social media with Python and other tools (4/4)
Department of Communication Science, University of Amsterdam
Web Technology Trends for 2008 and Beyond, May 2008 Update
Richard MacManus

Similar to Tactical Information Gathering

A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
Pentesting drivenbyfoca slides
BIT Technologies
Enterprise Open Source Intelligence Gathering
Tom Eston
Hum t19 hum-t19
SelectedPresentations
Advanced Research Investigations for SIU Investigators
Sloan Carne
Firewalls (Distributed computing)
Sri Prasanna
Lord of the bing b-sides atl
Security B-Sides
Defcon 18: FOCA 2
Chema Alonso
Viruses Spyware and Spam, Oh My!
Joel May
2013-06-26-Is_your_company_Googling_its_privacy_away_brightalk_format_1c
Raj Goel
Consequences of Oversharing on Social Media
laurenparkk
Web 2.0世代的資安議題
Sheng-Wei (Kuan-Ta) Chen
Sourcing Innovation Lab Ryan Gillis
RecruitDC
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
Lord of the Bing - Black Hat USA 2010
Rob Ragan
Defcon 17 Tactical Fingerprinting using Foca
Chema Alonso
Hacking and its Defence
Greater Noida Institute Of Technology
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
REVULN
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
Social media research for litigation
David Whelan

More from Christian Martorella

A journey into Application Security
Christian Martorella
OSINT 2.0 - Past, present and future
Christian Martorella
Python for Penetration testers
Christian Martorella
Playing in a Satellite environment
Christian Martorella
Wfuzz for Penetration Testers
Christian Martorella
All your data are belong to us - FIST Conference 2007
Christian Martorella
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Christian Martorella

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
Spirit of Place: Letters and Essays on Travel Lawrence Durrell
(0/5)
Free
Someone Else's Garden: A Novel Dipika Rai
(4/5)
Free
Everything Is Going to Be Great: An Underfunded and Overexposed European Grand Tour Rachel Shukert
(4/5)
Free
Paris, My Sweet: A Year in the City of Light (and Dark Chocolate) Amy Thomas
(3.5/5)
Free
Off the Beaten Page: The Best Trips for Lit Lovers, Book Clubs, and Girls on Getaways Terri Peterson Smith
(3/5)
Free
As the Romans Do: The Delights, Dramas, And Daily Diversio Alan Epstein
(4/5)
Free
Traveling While Married Mary-Lou Weisman
(3.5/5)
Free
Londoners: The Days and Nights of London Now--As Told by Those Who Love It, Hate It, Live It, Left It, and Long for It Craig Taylor
(4/5)
Free
Around the World in 80 Dinners Bill Jamison
(4/5)
Free
Forgotten Footprints: Lost Stories in the Discovery of Antarctica John Harrison
(3.5/5)
Free
River Town: Two Years on the Yangtze Peter Hessler
(4/5)
Free
Cuba Diaries: An American Housewife in Havana Isadora Tattlin
(4/5)
Free
The Cure for Anything Is Salt Water: How I Threw My Life Overboard and Found Happiness at Sea Mary South
(4/5)
Free
Summers in Supino: Becoming Italian Maria Coletta McLean
(3.5/5)
Free
Learning to Bow: An American Teacher in a Japanese School Bruce Feiler
(4.5/5)
Free
Wildwood: A Journey Through Trees Roger Deakin
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
On Trails: An Exploration Robert Moor
(4/5)
Free
Life Lessons Harry Potter Taught Me: Discover the Magic of Friendship, Family, Courage, and Love in Your Life Jill Kolongowski
(3/5)
Free
Golden: The Power of Silence in a World of Noise Justin Zorn
(0/5)
Free
The unBalanced Life: 10 Principles for a More Balanced Life Pierre Quinn
(3.5/5)
Free
You're Cute When You're Mad: Simple Steps for Confronting Sexism Scribd Originals Audio
(4/5)
Free
The Four Keys to Sustainable Success Patricia Grabarek PhD
(4.5/5)
Free
Endure: How to Work Hard, Outlast, and Keep Hammering Cameron Hanes
(5/5)
Free
I Guess I Haven't Learned That Yet: Discovering New Ways of Living When the Old Ways Stop Working Shauna Niequist
(4.5/5)
Free
Radical Confidence: 10 No-BS Lessons on Becoming the Hero of Your Own Life Lisa Bilyeu
(5/5)
Free
Be the Love: Seven Ways to Unlock Your Heart and Manifest Happiness Sarah Prout
(0/5)
Free
Already Enough: A Path to Self-Acceptance Lisa Olivera
(4.5/5)
Free
Enter the Zone: Three Steps for Accessing Peak Performance Jari Roomer
(4.5/5)
Free
The Expectation Effect: How Your Mindset Can Change Your World David Robson
(4.5/5)
Free
How to Notice and Name Emotions Emma McAdam
(4.5/5)
Free
Reshape Your Body Image Stacie Garland
(4/5)
Free
Dad on Pills: Fatherhood and Mental Illness Scribd Originals Audio
(5/5)
Free

Tactical Information Gathering

  1. Christian Martorella Source Conference Barcelona 2009
  2. Tactical Information Gathering Christian Martorella Source Conference Barcelona 2009
  3. Who am i ? Christian Martorella Security Services S21sec CISSP, CISA, CISM, OPST, OPSA, C|EH OWASP WebSlayer Project Leader Edge-Security.com
  4. Information Gathering “Is the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later.”
  5. Tactical “Designed or implemented to gain a temporary limited advantage” Wikipedia
  6. I.G Why use it? It’s what the real attackers are doing Attackers doesn’t have a restricted scope Knowing what information about you or your company is available online Spear Phishing: 15.000 infected users, as results of 66 campaings.
  7. I.G what for? Infrastructure: Information for discovering new targets, to get a description of the hosts (NS,MX, AS,etc), shared resources, applications, software, etc. People and organizations : For performing brute force attacks on available services, Spear phishing, social engineering, investigations, background checks, information leaks
  8. Typical Pentesting Methodology Post- Cover Write I.G Scan Enumerate Exploit Exploit Tracks report
  9. What everyone focus on: Enumera Post- Cover Write I.G Scan Exploit te Exploit Tracks report
  10. Real world Methodology I.G Discover what makes the company money Do whatever it Steal it takes... Discover what is valuable to the attacker
  11. Types of I.G
  12. Types of I.G Passive Active Semi Passive
  13. Where / how can we obtain this kind of info?
  14. Obtaining info - Old School way DNS Zone Transfer (active) DNS Reverse Lookup Search engines (active) PGP Key Servers DNS BruteForce (active++) Whois Mail headers (active) smtp Bruteforcing (active++)
  15. Obtaining info - Old School way Active Passive DNS Zone Transfer (active) DNS Reverse Lookup Search engines (active) PGP Key Servers DNS BruteForce (active++) Whois Mail headers (active) smtp Bruteforcing (active++)
  16. New sources for I.G
  17. Obtaining - New sources Web 2.0 - Social Networks and Search engines (passive) Metadata (passive) Private data (passive paid) Intelius, Lexis Nexis
  18. Obtaining people info - New sources Professional and Business Social networks
  19. Obtaining people info - New sources
  20. Obtaining people info - New sources Current Job Pasts Jobs Education Job description Etc...
  21. Obtaining employees names from a company
  22. Obtaining employees names from a company
  23. Linkedin I.G example
  24. Linkedin I.G example I L FA
  25. Obtaining people info - New sources
  26. Obtaining Emails from a company
  27. Obtaining Emails from a company
  28. Google Finance & Reuters
  29. People information:
  30. People search
  31. People search
  32. People search Name Username Email Phone Business
  33. Nick name / username verification
  34. Nick name / username verification
  35. Nick name / username verification
  36. Nick name / username verification
  37. Private data - pay per view
  38. Microblogs Small posts up to 140 characters
  39. Microblogs Small posts up to 140 characters
  40. Bookmarks
  41. Bookmarks
  42. Bookmarks
  43. Bookmarks A IL F
  44. Reverse Image search Pic from “Novartis” search on TwwepSearch
  45. Reverse Image search Pic from “Novartis” search on TwwepSearch
  46. WikiScanner When you edit the wikipedia: You can edit leaving your username You can edit anonymous using your IP address
  47. WikiScanner Company IP ranges Anonymous Wikipedia edits, from interesting organizations Provide an ip for a wikipedia username http://wikiscanner.virgil.gr/
  48. WikiScanner - IP ranges
  49. WikiScanner - Wikipedia edits
  50. Poor Man Check User Provide an ip for a wikipedia username
  51. New sources - Metadata Metadata: is data about data.
  52. New sources - Metadata Metadata: is data about data. Is used to facilitate the understanding, use and management of data.
  53. Obtaining more data - Metadata Provides basic information such as the author of a work, the date of creation, links to any related works, etc.
  54. Metadata - Dublin Core (schema) Content & about the Intellectual Property Electronic or Physical Resource manifestation Title Author or Creator Date Subject Publisher Type Description Contributor Format Language Rights Identifier Relation Coverage
  55. Metadata example
  56. Metadata example
  57. Metadata - Images EXIF Exchangeable Image File Format • GPS coordinates • Time • Camera type • Serial number • Sometimes unaltered original photo can be found in thumbnail Online exif viewer.
  58. Metadata - Images EXIF Exchangeable Image File Format • GPS coordinates • Time • Camera type • Serial number • Sometimes unaltered original photo can be found in thumbnail Online exif viewer.
  59. Metadata - example
  60. Metadata - example logo-Kubuntu.png logo-Ubuntu.png software - www.inkscape.org software - Adobe ImageReady size - 1501x379 size - 1501x391 mimetype - image/png mimetype - image/png
  61. Metadata - example logo-Kubuntu.png logo-Ubuntu.png software - www.inkscape.org software - Adobe ImageReady size - 1501x379 size - 1501x391 mimetype - image/png mimetype - image/png :/
  62. Metadata - EXIF- Harry Pwner Deathly EXIF?
  63. Cat Schwartz - Tech TV
  64. Cat Schwartz - Tech TV
  65. Cat Schwartz - Tech TV
  66. Cat Schwartz - Tech TV I L FA
  67. Washington Post Botmaster location exposed by the Washington Post
  68. Washington Post Botmaster location exposed by the Washington Post SLUG: mag/hacker DATE: 12/19/2005 PHOTOGRAPHER: Sarah L. Voisin/TWP id#: LOCATION: Roland, OK CAPTION: PICTURED: Canon Canon EOS 20D Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah L. Voisin
  69. Washington Post Botmaster location exposed by the Washington Post SLUG: mag/hacker DATE: 12/19/2005 PHOTOGRAPHER: Sarah L. Voisin/TWP id#: LOCATION: Roland, OK CAPTION: PICTURED: Canon Canon EOS 20D Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah L. Voisin There are only 1.500 males in Roland Oklahoma
  70. Metadata Ok, I understand metadata... so what?
  71. Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.
  72. Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.
  73. Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.
  74. Metagoofil Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.
  75. Metagoofil
  76. Metagoofil Workers User names Server names names Software Paths versions + Date Mac Address
  77. Metagoofil Workers User names Server names names Computer Software Paths names versions + Date Mac Address
  78. Metagoofil
  79. Metagoofil site:nasa.gov filetype:ppt
  80. Metagoofil site:nasa.gov filetype:ppt
  81. Metagoofil Downloaded files
  82. Metagoofil Downloaded files ppt 1 pptx 2 parsers / Results.html doc 3 filtering Libextractor docx 3 Hachoir Regexp pdf n Own libs
  83. Metagoofil - results
  84. Metagoofil - results
  85. Metagoofil - results
  86. Metagoofil - results
  87. Metagoofil - results
  88. Metagoofil - results
  89. Metadata - The Revisionist Tool developed by Michal Zalewski, this tool will extract comments and “Track changes” from Word documents. http://download.microsoft.com/download/3/4/9/349c2166-4d53-43f6-b1fd-970090e23216/PARTNER/MSFreeShop.doc
  90. Metagoofil & Linkedin results Now we have a lot of information, what can i do? • User profiling
  91. Using results
  92. Using results User profiling • User list creation John Doe john.doe jdoe j.doe johndoe johnd john.d jd doe john
  93. Using results User profiling • User list creation John Doe john.doe jdoe j.doe johndoe johnd john.d jd doe john
  94. Using results User profiling • User list creation John Doe john.doe jdoe j.doe johndoe johnd ATTACK! john.d jd doe john
  95. Using results
  96. Using results Password profiling Dictionary creation: words from the different user sites magic serra angel necropotence Shivan dragon elf brainstorm ... ...
  97. Using results Password profiling Dictionary creation: words from the different user sites magic serra angel necropotence Shivan dragon elf brainstorm ... ...
  98. Using results Password profiling Dictionary creation: words from the different user sites magic serra angel necropotence Shivan dragon Brute force elf ATTACK brainstorm ... ...
  99. One password to rule them all
  100. Maltego the ultimate I.G Tool
  101. Maltego the ultimate I.G Tool
  102. Maltego the ultimate I.G Tool
  103. Maltego the ultimate I.G Tool
  104. Other examples
  105. Phone in sick and treat himself to a day in bed. Kyle Doyle's Facebook profile makes it quite obvious he was not off work for a 'valid medical reason'
  106. Phone in sick and treat himself to a day in bed. I L FA Kyle Doyle's Facebook profile makes it quite obvious he was not off work for a 'valid medical reason'
  107. Was shown the door after posting that her job was 'boring' on her Facebook page
  108. I L FA Was shown the door after posting that her job was 'boring' on her Facebook page
  109. More than meet the eyes
  110. More than meet the eyes
  111. More than meet the eyes
  112. Daily life I.G Looking for a Housekeeper on Craiglist, 3 interesting resumes came up:
  113. Daily life I.G Looking for a Housekeeper on Craiglist, 3 interesting resumes came up: Myspace page, applicant drinking beer from a funnel
  114. Daily life I.G Looking for a Housekeeper on Craiglist, 3 interesting resumes came up: Myspace page, applicant drinking beer from a funnel Local police, applicant arrested 2 years before for shoplifting
  115. Daily life I.G Looking for a Housekeeper on Craiglist, 3 interesting resumes came up: Myspace page, applicant drinking beer from a funnel Local police, applicant arrested 2 years before for shoplifting Personal blog, saying that she is applying for menial jobs, and will quit as soon she sells some paintings
  116. Final thoughts Be careful what you post/send, all stay online Think twice what you post Check the privacy configuration of your tools/sites Too much information, difficult to classify This is growing, more information is being indexed, more search engines
  117. References www.edge-security.com blog.s21sec.com www.s21sec.com carnal0wnage.blogspot.com www.gnunet.org/libextractor lcamtuf.coredump.cx/strikeout/ www.paterva.com http://sethgodin.typepad.com/seths_blog/2009/02/personal-branding-in-the-age- of-google.html laramies.blogspot.com http://www.eweek.com/c/a/Security/Washington-Post-Caught-in-Metadata-Gaffe/ Chris Gates Carnal0wnage Brucon 2009 Presentation http://www.neuroproductions.be/twitter_friends_network_browser/
  118. ?
  119. Thank you for coming cmartorella@s21sec.com http://laramies.blogspot.com cmartorella@edge-security.com http://twitter.com/laramies

×