SlideShare a Scribd company logo

hacking techniques and intrusion techniques useful in OSINT.pptx

Download as PPTX, PDF
S
sconalbg

Cyber reconnaissance related to OSINT. This course emphaises on the importance of reconnaisance and e-discovery , along with hacking techniques along with intrusion detection. This is a very useful course on this subject which will help many students to understand the basic concepts of cyber ssecurity and cyber intelligence.

Technology
1 of 46
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
# whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
Reconnaissance (RECON) With great knowledge, comes successful attacks!
Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
Corporate – Electronic • Document Metadata • Marketing Communications 14
Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
Individual - History • Court Records • Political Donations • Professional licenses or registries 17
Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
Cree.py 20
Cree.py 21
Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
Maltego 24
Maltego 25
NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
NetGlub 27
NetGlub 28
NetGlub 29
TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
Archived Information 35
Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
Metadata leakage - Foundstone SiteDigger 39
Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
Individual - Physical Location • Physical Location 41
Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavorSatria Ady Pradana
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic FlavorSatria Ady Pradana
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesAcademy of Science of South Africa (ASSAf)
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesIna Smith
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...Sylvain Zimmer
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
internet
internetinternet
internetRajender Singh Oberoi
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation Gianna Passarelli
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

More Related Content

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesIna Smith
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...Sylvain Zimmer
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx (20)

Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
 
internet
internetinternet
internet
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 

hacking techniques and intrusion techniques useful in OSINT.pptx

  • 1. Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
  • 2. All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
  • 3. # whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
  • 5. Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
  • 6. Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
  • 7. Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
  • 8. Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
  • 9. Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
  • 10. Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
  • 11. Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
  • 12. Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
  • 13. Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
  • 14. Corporate – Electronic • Document Metadata • Marketing Communications 14
  • 15. Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
  • 16. Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
  • 17. Individual - History • Court Records • Political Donations • Professional licenses or registries 17
  • 18. Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
  • 19. Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
  • 22. Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
  • 23. Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
  • 26. NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
  • 30. TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
  • 31. Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
  • 32. Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
  • 33. Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
  • 34. Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
  • 36. Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
  • 37. Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
  • 38. Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
  • 40. Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
  • 41. Individual - Physical Location • Physical Location 41
  • 42. Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
  • 43. Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
  • 44. Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
  • 45. Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
  • 46. Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46