SlideShare a Scribd company logo
OFFENSIVE OSINT
CHRISTIAN MARTORELLA
OSIRA SUMMIT 2014
LONDON, UK
About me
Chris&an	
  Martorella:	
  
–  I	
  work	
  in	
  Skype	
  (MS),	
  Product	
  Security	
  team	
  
–  Founder	
  of	
  Edge-­‐security.com	
  
–  Developed	
  open	
  source	
  projects	
  like	
  theHarvester,	
  
Metagoofil,	
  Wfuzz	
  and	
  Webslayer	
  
–  Presented	
  in	
  many	
  Security	
  conferences	
  (Blackhat	
  Arsenal,	
  
Hack.lu,	
  WhaNheHack,	
  OWASP,	
  Source)	
  
–  Over	
  12	
  years	
  focusing	
  on	
  offensive	
  security	
  
	
  
Disclaimer
Any views or opinions presented in this presentation
are solely those of the author and do not necessarily
represent those of the employer
OSINT - Intro
Open-­‐source	
  intelligence	
  (OSINT)	
  is	
  intelligence	
  
collected	
  from	
  publicly	
  available	
  sources.	
  
•  “Open"	
  refers	
  to	
  overt,	
  publicly	
  available	
  sources	
  
(as	
  opposed	
  to	
  covert	
  or	
  clandes&ne	
  sources)	
  
•  It	
  is	
  not	
  related	
  to	
  open-­‐source	
  soUware	
  or	
  
public	
  intelligence.	
  
OSINT
	
  
	
  
	
  
What	
  is	
  Threat	
  Intelligence	
  /	
  Cyber	
  
Intelligence	
  ?	
  
OSINT PROCESS
Source Identification
Data harvesting
Data Analysis
Data processing and
Integration
Results Delivery
Source Identification
Data Harvesting
Data processing
Data Analysis
Results Delivery
Offensive OSINT
Offensive vs. Defensive OSINT
From	
  the	
  security	
  perspec&ve	
  we	
  can	
  separate	
  
OSINT:	
  
	
  
Offensive:	
  Gathering	
  informa&on	
  before	
  an	
  
aNack.	
  
	
  
Defensive:	
  Learning	
  about	
  aNacks	
  against	
  the	
  
company	
  
Offensive OSINT
•  Finding	
  as	
  much	
  informa&on	
  as	
  possible	
  that	
  
will	
  facilitate	
  the	
  aNack	
  
•  S&ll	
  now,	
  many	
  Penetra&on	
  Tes&ng	
  
companies	
  skip	
  this	
  phase	
  
•  ANackers	
  usually	
  spend	
  more	
  &me	
  than	
  
testers	
  on	
  this	
  phase	
  
Typical Pentesting Methodology
I.G Scan Enumerate Exploit
Post-
Exploit
Cover
Tracks
Write
report
What everyone focus on:
I.G	
   Scan	
  	
  
Enumera
te	
   Exploit	
  
Post-­‐
Exploit	
  
Cover	
  
Tracks	
  
Write	
  
report	
  
Attacker Methodology
Discover	
  what	
  makes	
  
the	
  company	
  money	
  
Discover	
  what	
  is	
  
valuable	
  to	
  the	
  
aNacker	
  
Do	
  whatever	
  it	
  
takes...	
  
Steal	
  it	
  
Informa&on	
  Gathering	
  
Data	
  Harves:ng	
  
Data Harvesting
A.K.A:	
  
•  Informa:on	
  Gathering:	
  
The	
  act	
  of	
  collec&ng	
  informa&on	
  
	
  
•  Foot	
  prin:ng:	
  	
  
Is	
  the	
  technique	
  of	
  gathering	
  informa&on	
  about	
  
computer	
  systems	
  and	
  the	
  en&&es	
  they	
  belong	
  to.	
  
	
  
•  Web	
  mining:	
  	
  
The	
  act	
  of	
  collec&ng	
  informa&on	
  from	
  the	
  web	
  
	
  
	
  
	
  
Data Harvesting – How?
Techniques:	
  
	
  
•  Scraping	
  (raw)	
  
•  Open	
  APIs	
  
•  Commercial	
  APIS	
  
•  Network	
  Scanning	
  
•  Purchasing	
  data	
  
•  Open	
  source	
  Data	
  sets	
  
•  Databases	
  
•  Logfiles	
  
	
  
Data	
  Harves&ng	
  	
  -­‐	
  Passive	
  vs	
  Ac&ve	
  
•  Passive	
  data	
  harves:ng:	
  Our	
  ac&ons	
  can’t	
  be	
  
detected	
  by	
  the	
  target	
  (Non	
  aNribu&on)	
  
•  Ac:ve	
  data	
  harves:ng:	
  our	
  ac&ons	
  leave	
  
traces	
  that	
  can	
  be	
  detected	
  by	
  the	
  target	
  
Offensive OSINT targets
Offensive OSINT – end goals
•  Phishing	
  	
  
•  Social	
  Engineering	
  
•  Denial	
  of	
  Services	
  
•  Password	
  brute	
  force	
  aNacks	
  
•  Target	
  infiltra&on	
  
	
  
What	
  data is interesting?
Emails
Users / Employees names
-Interests
-People relationships
-Alias
	
  
	
  
	
  
Emails
•  PGP	
  servers	
  
•  Search	
  engines	
  
•  Whois	
  	
  
Employees / Usernames / Alias
linkedin.com	
  
jigsaw.com	
  
people123.com	
  
pipl.com	
  
peekyou.com	
  
Google	
  Finance	
  /	
  Etc.	
  
	
  
Usernamecheck.com	
  
checkusernames.com	
  
	
  
Glassdoor.com	
  
Hoovers.com	
  
Corpwatch.org	
  
intelius.com	
  
Username checks
Social Media
	
  
•  Employees	
  of	
  a	
  company	
  
•  Profile	
  picture	
  
•  Special&es	
  
•  Role	
  
•  Country	
  
•  Emails	
  
Linkedin	
  
Simon	
  LongboNom	
  
Simon.LongboNom@amazon.com	
  
	
  
Product	
  defini&on,	
  proposi&on	
  research,	
  pricing,	
  
product	
  marke&ng,	
  product	
  promo&on,	
  market	
  
research,	
  new	
  product	
  introduc&on	
  
	
  
pictureUrl':	
  'hNp://m.c.lnkd.licdn.com/mpr/mprz/’}	
  
Linkedin	
  
Google+	
  
 
GRAPH	
  SEARCH:	
  
	
  
“People	
  who	
  work	
  at	
  Amazon.com”	
  
	
  
“People	
  who	
  work	
  at	
  Amazon.com	
  and	
  live	
  in	
  
SeaNle	
  Washington”	
  
@google.	
  News	
  and	
  updates	
  from	
  Google.	
  Mountain	
  
@googlenexus.	
  Phones	
  and	
  tablets	
  from	
  Google	
  
@GoogleDoodles	
  
@googlewmc.	
  News	
  and	
  resources	
  from	
  
@googleindia	
  
@GoogleChat.	
  Twee&ng	
  about	
  all	
  things	
  Google	
  
@googleaccess.	
  The	
  official	
  TwiNer	
  
@googleglass.	
  Geing	
  technology	
  out	
  of	
  the	
  way.	
  
@googlenonprofit.	
  News	
  and	
  updates	
  from	
  
@googlewallet.	
  News	
  
@googlereader.	
  News	
  
@googlefiber	
  
@googleio.	
  Google	
  
@googledevs	
  for	
  updates.	
  San	
  Francisco	
  
@GoogleIO	
  for	
  ...	
  If	
  you	
  
@GoogleMsia.	
  Official	
  Google	
  Malaysia	
  on	
  TwiNer.	
  Kuala	
  
@googlejobs.	
  Have	
  you	
  heard	
  we	
  
@googleapps.	
  Google	
  Apps	
  news	
  for	
  ISVs	
  
@GooglePlay.	
  Music	
  
@GoogleAtWork.	
  The	
  official	
  TwiNer	
  home	
  of	
  
Google	
  Enterprise.	
  Mountain	
  View	
  
@FaktaGoogle.	
  Googling	
  Random	
  Facts.	
  Don	
  
@googlemobileads.	
  Official	
  Google	
  Mobile	
  
@googlepoli&cs.	
  Trends	
  
@ericschmidt.	
  Execu&ve	
  Chairman	
  
@GoogleMobile.	
  News	
  
@googledownunder.	
  Google	
  Australia	
  and	
  
@AdSense.	
  News	
  and	
  updates	
  from	
  the	
  Google	
  
AdSense	
  
@googlecalendar.	
  The	
  official	
  TwiNer	
  home	
  of	
  
@googledevs.	
  News	
  about	
  and	
  from	
  
@googlenews.	
  Breaking	
  news	
  
@GoogleB2BTeam.	
  
@GoogleB2BTeam	
  Google	
  
@Jus&nCutroni	
  
Google	
  query:	
  site:twiNer.com	
  in&tle:"on	
  TwiNer"	
  
”Google"	
  
	
  
Domain	
  name	
  
Geo-location
•  People	
  loca&on	
  
•  Servers	
  loca&on	
  
•  Wireless	
  AP	
  loca&on	
  
	
  
	
  
Geo-location
Social	
  media	
  posts	
  
Foursquare	
  
Pictures	
  
TwiNer	
  
Facebook	
  
	
  
Twitter - Creepy
Images
Reverse	
  image	
  search	
  
Face	
  iden&fica&on	
  
Exif	
  Metadata	
  analysis:	
  
	
  Profile	
  pictures	
  
	
  ANachments	
  
	
  
	
  
Images
•  Pic from
Novartis
search on
TwwepSearch
INFRASTRUCTURE
IP
Hostnames
Services
Networks
Geo-location
Software version
CDN
Multitenant Hosting
Infrastructure
Internet	
  Census	
  project	
  
Whois	
  
ServerSniff	
  
Jobsites	
  
Search	
  engines	
  
ShodanHQ	
  
	
  
Infrastructure	
  	
  
•  Once	
  we	
  have	
  iden&fied	
  the	
  Infrastructure	
  
components,	
  what	
  can	
  we	
  do?	
  
ShodanHQ
Bugs databases
INDICATORS OF COMPROMISE
(IOC)
IP addresses
Domains
URLs
Hashes
Stolen Passwords
IOC
Collec&ve	
  Intelligence	
  Framework	
  sources	
  (70)	
  
Abuse.CH	
  
Shadowserver.org	
  
Nothink.org	
  
Virustotal.com	
  
Malwr	
  
Seculert	
  
DATA LEAKS
	
  
Pastebin.com	
  	
  
@pastebindorks	
  
	
  
Pastebin	
  clones	
  
	
  
Infrastructure
•  	
  	
  DNS	
  
o  Bruteforce	
  
o  Zone	
  Transfer	
  
•  SMTP	
  
o  Header	
  analysis	
  
o  Vrfy,	
  expn	
  
•  Web	
  sites	
  
o  Hidden	
  files	
  /	
  directories	
  bruteforce	
  
•  Network	
  scanning	
  
•  Metadata	
  
Metadata
	
  
•  Office	
  documents	
  
•  Openoffice	
  documents	
  
•  PDF	
  documents	
  	
  
•  Images	
  EXIF	
  metadata	
  
•  Others	
  
	
  
Metadata:	
  is	
  data	
  about	
  data.	
  	
  	
  	
  
	
  
	
  
Is	
  used	
  to	
  facilitate	
  the	
  understanding,	
  use	
  and	
  management	
  
of	
  data.	
  
	
  
Cat Schwartz - Tech TV
Washington Post
Botmaster location exposed by the Washington Post
SLUG: mag/hacker!
DATE: 12/19/2005!
PHOTOGRAPHER: Sarah L. Voisin/TWP!
id#: LOCATION: Roland, OK!
CAPTION:!
PICTURED: Canon Canon EOS 20D!
Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah
L. Voisin!
There are only 1.500 males in Roland Oklahoma
Metagoofil - Results
Metagoofil - Results
Metagoofil - results
INFORMATION GATHERING
TOOLS
•  FOCA	
  
•  Spiderfoot	
  
•  Tapir	
  
•  Creepy	
  
•  theHarvester	
  
•  Metagoofil	
  
	
  
This	
  tool	
  is	
  intended	
  to	
  help	
  Penetra&on	
  testers	
  in	
  the	
  early	
  
stages	
  of	
  the	
  penetra&on	
  test	
  in	
  order	
  to	
  understand	
  the	
  
customer	
  footprint	
  on	
  the	
  Internet.	
  	
  
	
  
It	
  is	
  also	
  useful	
  for	
  anyone	
  that	
  wants	
  to	
  know	
  what	
  an	
  aNacker	
  
can	
  see	
  about	
  their	
  organiza&on	
  and	
  reduce	
  exposure	
  of	
  the	
  
company.	
  
	
  
 -­‐	
  Sources	
  
	
   	
   	
  	
  	
  	
  	
  google	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  googleCSE	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  bing	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  bingapi	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  pgp	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  linkedin	
  
	
   	
   	
  	
  	
  	
  	
  people123	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  jigsaw	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  twiNer	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  GooglePlus	
  
	
   	
   	
  	
  	
  	
  	
  shodanhq	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
•  Open	
  source	
  soUware	
  
•  Command	
  line	
  	
  
•  Extendable	
  
•  python	
  theHarvester.py	
  -­‐d	
  lacaixa.es	
  -­‐b	
  
googleCSE	
  -­‐l	
  500	
  -­‐v	
  -­‐h	
  
- Intelligence
Implement	
  en&&es	
  
Cross	
  reference	
  en&&es	
  
Image	
  reverse	
  search	
  /	
  profile	
  pictures	
  
Geo-­‐loca&on	
  
Iden&fy	
  vulnerable	
  services	
  
Username	
  search	
  in	
  other	
  services	
  
Target	
  priori&za&on	
  	
  
Challenges
•  Source	
  availability	
  	
  (APIs)	
  
•  Changes	
  in	
  Terms	
  of	
  Use	
  
•  Genera&ng	
  valid	
  intelligence	
  
?
TwiNer:	
  @laramies	
  
Email:	
  cmartorellaW@edge-­‐security.com	
  

More Related Content

What's hot

Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
phexcom1
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
Adam Nurudini
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
balakumaran779
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
Falgun Rathod
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
Jeremiah Tillman
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
OSINT
OSINTOSINT
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and future
Christian Martorella
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
Adam Compton
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
anonymousanonymous428352
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life Examples
SyedAmoz
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
Case IQ
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 

What's hot (20)

Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
OSINT
OSINTOSINT
OSINT
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and future
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life Examples
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 

Similar to Offensive OSINT

Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
How Can Analytics Improve Business?
How Can Analytics Improve Business?How Can Analytics Improve Business?
How Can Analytics Improve Business?
Inside Analysis
 
RDBMS to Graph Webinar
RDBMS to Graph WebinarRDBMS to Graph Webinar
RDBMS to Graph Webinar
Neo4j
 
Public private-cloud
Public private-cloudPublic private-cloud
Public private-cloud
Jamie Taylor
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
ISSA LA
 
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4jAI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
Ivan Zoratti
 
Rapid Data Exploration With Hadoop
Rapid Data Exploration With HadoopRapid Data Exploration With Hadoop
Rapid Data Exploration With Hadoop
Peter Skomoroch
 
Thinkful - Intro to Data Science - Washington DC
Thinkful - Intro to Data Science - Washington DCThinkful - Intro to Data Science - Washington DC
Thinkful - Intro to Data Science - Washington DC
TJ Stalcup
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
 
Data Infused Product Design and Insights at LinkedIn
Data Infused Product Design and Insights at LinkedInData Infused Product Design and Insights at LinkedIn
Data Infused Product Design and Insights at LinkedIn
Yael Garten
 
Thinkful DC - Intro to Data Science
Thinkful DC - Intro to Data Science Thinkful DC - Intro to Data Science
Thinkful DC - Intro to Data Science
TJ Stalcup
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
A6 big data_in_the_cloud
A6 big data_in_the_cloudA6 big data_in_the_cloud
A6 big data_in_the_cloud
Dr. Wilfred Lin (Ph.D.)
 
Agile data science
Agile data scienceAgile data science
Agile data science
Joel Horwitz
 
2017 06-14-getting started with data science
2017 06-14-getting started with data science2017 06-14-getting started with data science
2017 06-14-getting started with data science
Thinkful
 
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use CaseApache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
Mo Patel
 
Graph Thinking: Why it Matters
Graph Thinking: Why it MattersGraph Thinking: Why it Matters
Graph Thinking: Why it Matters
Neo4j
 
People, process, platform, presented by Adam Singer
People, process, platform, presented by Adam SingerPeople, process, platform, presented by Adam Singer
People, process, platform, presented by Adam Singer
SocialMedia.org
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
MaryLudloff
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
ikanow
 

Similar to Offensive OSINT (20)

Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint   c0c0n 2017Empowering red and blue teams with osint   c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
How Can Analytics Improve Business?
How Can Analytics Improve Business?How Can Analytics Improve Business?
How Can Analytics Improve Business?
 
RDBMS to Graph Webinar
RDBMS to Graph WebinarRDBMS to Graph Webinar
RDBMS to Graph Webinar
 
Public private-cloud
Public private-cloudPublic private-cloud
Public private-cloud
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4jAI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
 
Rapid Data Exploration With Hadoop
Rapid Data Exploration With HadoopRapid Data Exploration With Hadoop
Rapid Data Exploration With Hadoop
 
Thinkful - Intro to Data Science - Washington DC
Thinkful - Intro to Data Science - Washington DCThinkful - Intro to Data Science - Washington DC
Thinkful - Intro to Data Science - Washington DC
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
 
Data Infused Product Design and Insights at LinkedIn
Data Infused Product Design and Insights at LinkedInData Infused Product Design and Insights at LinkedIn
Data Infused Product Design and Insights at LinkedIn
 
Thinkful DC - Intro to Data Science
Thinkful DC - Intro to Data Science Thinkful DC - Intro to Data Science
Thinkful DC - Intro to Data Science
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
A6 big data_in_the_cloud
A6 big data_in_the_cloudA6 big data_in_the_cloud
A6 big data_in_the_cloud
 
Agile data science
Agile data scienceAgile data science
Agile data science
 
2017 06-14-getting started with data science
2017 06-14-getting started with data science2017 06-14-getting started with data science
2017 06-14-getting started with data science
 
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use CaseApache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
Apache Spark GraphX & GraphFrame Synthetic ID Fraud Use Case
 
Graph Thinking: Why it Matters
Graph Thinking: Why it MattersGraph Thinking: Why it Matters
Graph Thinking: Why it Matters
 
People, process, platform, presented by Adam Singer
People, process, platform, presented by Adam SingerPeople, process, platform, presented by Adam Singer
People, process, platform, presented by Adam Singer
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 

More from Christian Martorella

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application Security
Christian Martorella
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
Christian Martorella
 
Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environment
Christian Martorella
 
Wfuzz for Penetration Testers
Wfuzz for Penetration TestersWfuzz for Penetration Testers
Wfuzz for Penetration Testers
Christian Martorella
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
 
All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007
Christian Martorella
 
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Christian Martorella
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
Christian Martorella
 

More from Christian Martorella (8)

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application Security
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
 
Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environment
 
Wfuzz for Penetration Testers
Wfuzz for Penetration TestersWfuzz for Penetration Testers
Wfuzz for Penetration Testers
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
 
All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007
 
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 

Recently uploaded

重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 

Recently uploaded (20)

重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 

Offensive OSINT

  • 2. About me Chris&an  Martorella:   –  I  work  in  Skype  (MS),  Product  Security  team   –  Founder  of  Edge-­‐security.com   –  Developed  open  source  projects  like  theHarvester,   Metagoofil,  Wfuzz  and  Webslayer   –  Presented  in  many  Security  conferences  (Blackhat  Arsenal,   Hack.lu,  WhaNheHack,  OWASP,  Source)   –  Over  12  years  focusing  on  offensive  security    
  • 3. Disclaimer Any views or opinions presented in this presentation are solely those of the author and do not necessarily represent those of the employer
  • 4. OSINT - Intro Open-­‐source  intelligence  (OSINT)  is  intelligence   collected  from  publicly  available  sources.   •  “Open"  refers  to  overt,  publicly  available  sources   (as  opposed  to  covert  or  clandes&ne  sources)   •  It  is  not  related  to  open-­‐source  soUware  or   public  intelligence.  
  • 5. OSINT       What  is  Threat  Intelligence  /  Cyber   Intelligence  ?  
  • 6. OSINT PROCESS Source Identification Data harvesting Data Analysis Data processing and Integration Results Delivery
  • 13. Offensive vs. Defensive OSINT From  the  security  perspec&ve  we  can  separate   OSINT:     Offensive:  Gathering  informa&on  before  an   aNack.     Defensive:  Learning  about  aNacks  against  the   company  
  • 14. Offensive OSINT •  Finding  as  much  informa&on  as  possible  that   will  facilitate  the  aNack   •  S&ll  now,  many  Penetra&on  Tes&ng   companies  skip  this  phase   •  ANackers  usually  spend  more  &me  than   testers  on  this  phase  
  • 15. Typical Pentesting Methodology I.G Scan Enumerate Exploit Post- Exploit Cover Tracks Write report
  • 16. What everyone focus on: I.G   Scan     Enumera te   Exploit   Post-­‐ Exploit   Cover   Tracks   Write   report  
  • 17. Attacker Methodology Discover  what  makes   the  company  money   Discover  what  is   valuable  to  the   aNacker   Do  whatever  it   takes...   Steal  it   Informa&on  Gathering  
  • 19. Data Harvesting A.K.A:   •  Informa:on  Gathering:   The  act  of  collec&ng  informa&on     •  Foot  prin:ng:     Is  the  technique  of  gathering  informa&on  about   computer  systems  and  the  en&&es  they  belong  to.     •  Web  mining:     The  act  of  collec&ng  informa&on  from  the  web        
  • 20. Data Harvesting – How? Techniques:     •  Scraping  (raw)   •  Open  APIs   •  Commercial  APIS   •  Network  Scanning   •  Purchasing  data   •  Open  source  Data  sets   •  Databases   •  Logfiles    
  • 21.
  • 22. Data  Harves&ng    -­‐  Passive  vs  Ac&ve   •  Passive  data  harves:ng:  Our  ac&ons  can’t  be   detected  by  the  target  (Non  aNribu&on)   •  Ac:ve  data  harves:ng:  our  ac&ons  leave   traces  that  can  be  detected  by  the  target  
  • 24. Offensive OSINT – end goals •  Phishing     •  Social  Engineering   •  Denial  of  Services   •  Password  brute  force  aNacks   •  Target  infiltra&on    
  • 25. What  data is interesting? Emails Users / Employees names -Interests -People relationships -Alias      
  • 26. Emails •  PGP  servers   •  Search  engines   •  Whois    
  • 27. Employees / Usernames / Alias linkedin.com   jigsaw.com   people123.com   pipl.com   peekyou.com   Google  Finance  /  Etc.     Usernamecheck.com   checkusernames.com     Glassdoor.com   Hoovers.com   Corpwatch.org   intelius.com  
  • 30. •  Employees  of  a  company   •  Profile  picture   •  Special&es   •  Role   •  Country   •  Emails  
  • 31. Linkedin   Simon  LongboNom   Simon.LongboNom@amazon.com     Product  defini&on,  proposi&on  research,  pricing,   product  marke&ng,  product  promo&on,  market   research,  new  product  introduc&on     pictureUrl':  'hNp://m.c.lnkd.licdn.com/mpr/mprz/’}  
  • 34.   GRAPH  SEARCH:     “People  who  work  at  Amazon.com”     “People  who  work  at  Amazon.com  and  live  in   SeaNle  Washington”  
  • 35. @google.  News  and  updates  from  Google.  Mountain   @googlenexus.  Phones  and  tablets  from  Google   @GoogleDoodles   @googlewmc.  News  and  resources  from   @googleindia   @GoogleChat.  Twee&ng  about  all  things  Google   @googleaccess.  The  official  TwiNer   @googleglass.  Geing  technology  out  of  the  way.   @googlenonprofit.  News  and  updates  from   @googlewallet.  News   @googlereader.  News   @googlefiber   @googleio.  Google   @googledevs  for  updates.  San  Francisco   @GoogleIO  for  ...  If  you   @GoogleMsia.  Official  Google  Malaysia  on  TwiNer.  Kuala   @googlejobs.  Have  you  heard  we   @googleapps.  Google  Apps  news  for  ISVs   @GooglePlay.  Music   @GoogleAtWork.  The  official  TwiNer  home  of   Google  Enterprise.  Mountain  View   @FaktaGoogle.  Googling  Random  Facts.  Don   @googlemobileads.  Official  Google  Mobile   @googlepoli&cs.  Trends   @ericschmidt.  Execu&ve  Chairman   @GoogleMobile.  News   @googledownunder.  Google  Australia  and   @AdSense.  News  and  updates  from  the  Google   AdSense   @googlecalendar.  The  official  TwiNer  home  of   @googledevs.  News  about  and  from   @googlenews.  Breaking  news   @GoogleB2BTeam.   @GoogleB2BTeam  Google   @Jus&nCutroni   Google  query:  site:twiNer.com  in&tle:"on  TwiNer"   ”Google"    
  • 37. Geo-location •  People  loca&on   •  Servers  loca&on   •  Wireless  AP  loca&on      
  • 38. Geo-location Social  media  posts   Foursquare   Pictures   TwiNer   Facebook    
  • 40. Images Reverse  image  search   Face  iden&fica&on   Exif  Metadata  analysis:    Profile  pictures    ANachments      
  • 42.
  • 44. Infrastructure Internet  Census  project   Whois   ServerSniff   Jobsites   Search  engines   ShodanHQ    
  • 45. Infrastructure     •  Once  we  have  iden&fied  the  Infrastructure   components,  what  can  we  do?  
  • 47.
  • 49. INDICATORS OF COMPROMISE (IOC) IP addresses Domains URLs Hashes Stolen Passwords
  • 50. IOC Collec&ve  Intelligence  Framework  sources  (70)   Abuse.CH   Shadowserver.org   Nothink.org   Virustotal.com   Malwr   Seculert  
  • 51. DATA LEAKS   Pastebin.com     @pastebindorks     Pastebin  clones    
  • 52.
  • 53. Infrastructure •     DNS   o  Bruteforce   o  Zone  Transfer   •  SMTP   o  Header  analysis   o  Vrfy,  expn   •  Web  sites   o  Hidden  files  /  directories  bruteforce   •  Network  scanning   •  Metadata  
  • 54. Metadata   •  Office  documents   •  Openoffice  documents   •  PDF  documents     •  Images  EXIF  metadata   •  Others     Metadata:  is  data  about  data.             Is  used  to  facilitate  the  understanding,  use  and  management   of  data.    
  • 55. Cat Schwartz - Tech TV
  • 56. Washington Post Botmaster location exposed by the Washington Post SLUG: mag/hacker! DATE: 12/19/2005! PHOTOGRAPHER: Sarah L. Voisin/TWP! id#: LOCATION: Roland, OK! CAPTION:! PICTURED: Canon Canon EOS 20D! Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah L. Voisin! There are only 1.500 males in Roland Oklahoma
  • 60.
  • 61. INFORMATION GATHERING TOOLS •  FOCA   •  Spiderfoot   •  Tapir   •  Creepy   •  theHarvester   •  Metagoofil    
  • 62. This  tool  is  intended  to  help  Penetra&on  testers  in  the  early   stages  of  the  penetra&on  test  in  order  to  understand  the   customer  footprint  on  the  Internet.       It  is  also  useful  for  anyone  that  wants  to  know  what  an  aNacker   can  see  about  their  organiza&on  and  reduce  exposure  of  the   company.    
  • 63.  -­‐  Sources                google                                                  googleCSE                                                  bing                                                  bingapi                                                  pgp                                                  linkedin                people123                                                  jigsaw                                                  twiNer                                                  GooglePlus                shodanhq                                                     •  Open  source  soUware   •  Command  line     •  Extendable  
  • 64.
  • 65.
  • 66. •  python  theHarvester.py  -­‐d  lacaixa.es  -­‐b   googleCSE  -­‐l  500  -­‐v  -­‐h  
  • 67. - Intelligence Implement  en&&es   Cross  reference  en&&es   Image  reverse  search  /  profile  pictures   Geo-­‐loca&on   Iden&fy  vulnerable  services   Username  search  in  other  services   Target  priori&za&on    
  • 68. Challenges •  Source  availability    (APIs)   •  Changes  in  Terms  of  Use   •  Genera&ng  valid  intelligence  
  • 69. ? TwiNer:  @laramies   Email:  cmartorellaW@edge-­‐security.com