SlideShare a Scribd company logo

hacking techniques and intrusion techniques useful in OSINT.pptx

Download as PPTX, PDF
S
sconalbg

Cyber reconnaissance related to OSINT. This course emphaises on the importance of reconnaisance and e-discovery , along with hacking techniques along with intrusion detection. This is a very useful course on this subject which will help many students to understand the basic concepts of cyber ssecurity and cyber intelligence.

Technology
1 of 46
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
# whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
Reconnaissance (RECON) With great knowledge, comes successful attacks!
Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
Corporate – Electronic • Document Metadata • Marketing Communications 14
Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
Individual - History • Court Records • Political Donations • Professional licenses or registries 17
Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
Cree.py 20
Cree.py 21
Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
Maltego 24
Maltego 25
NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
NetGlub 27
NetGlub 28
NetGlub 29
TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
Archived Information 35
Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
Metadata leakage - Foundstone SiteDigger 39
Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
Individual - Physical Location • Physical Location 41
Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavorSatria Ady Pradana
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic FlavorSatria Ady Pradana
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesAcademy of Science of South Africa (ASSAf)
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesIna Smith
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityAliAlwesabi
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...Sylvain Zimmer
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
internet
internetinternet
internetRajender Singh Oberoi
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation Gianna Passarelli
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 

More Related Content

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesIna Smith
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityAliAlwesabi
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...Sylvain Zimmer
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx (20)

Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurity
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
 
internet
internetinternet
internet
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 

Recently uploaded

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsVlad Stirbu
 

Recently uploaded (20)

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 

hacking techniques and intrusion techniques useful in OSINT.pptx

  • 1. Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
  • 2. All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
  • 3. # whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
  • 5. Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
  • 6. Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
  • 7. Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
  • 8. Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
  • 9. Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
  • 10. Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
  • 11. Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
  • 12. Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
  • 13. Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
  • 14. Corporate – Electronic • Document Metadata • Marketing Communications 14
  • 15. Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
  • 16. Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
  • 17. Individual - History • Court Records • Political Donations • Professional licenses or registries 17
  • 18. Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
  • 19. Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
  • 22. Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
  • 23. Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
  • 26. NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
  • 30. TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
  • 31. Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
  • 32. Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
  • 33. Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
  • 34. Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
  • 36. Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
  • 37. Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
  • 38. Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
  • 40. Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
  • 41. Individual - Physical Location • Physical Location 41
  • 42. Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
  • 43. Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
  • 44. Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
  • 45. Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
  • 46. Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46