3. Module Scenario
Gather information about key employees in
Globomantics
Plan and execute social engineering attacks
Understand the technologies in Globomantics
4. Types of data that can be useful
Search engine enumeration
Social media scrapping
Active people information gathering
Tons of demos:
- theHarvester, Sn1per, Maltego and The
OSINT Framework
Module Overview
5. Why Gathering People Information?
Plan targeted social engineering attacks
Understand the people that work in the company
Enumerate the technologies being used
6. Types of Data
Key employees
Names, job titles, hierarchy, etc.
Contact information
Email addresses, phone numbers, social media, etc.
Technology
Based on LinkedIn profiles, job postings, etc.
Identity information
Usernames, API keys, passwords, public/private keys, etc.
Public documents
Containing sensitive information, people/technical information, etc.
8. Main Techniques for
Passive People Enumeration
Search for people related to a company using
publicly available information
Main techniques:
- Social media scrapping
(LinkedIn, Twitter, etc.)
- Whois searches
- Search engine enumeration
Automated searches
9. Sources of Data for Passive
People Reconnaissance
Search Engines
(Google, Bing, Baidu, etc.)
LinkedIn
Social Media
(Twitter, Instagram,
Facebook, etc.)
Document
Metadata
Job Postings
Public Repositories
(GitHub, PasteBins,
DropBox, etc.)
11. Demo
Gathering people and technical
information with theHarvester
Enumerating search engines and scrapping
social media
- Subdomains, hosts and IPs
- Email addresses
- Twitter accounts
- LinkedIn profiles
13. What is Active People Reconnaissance?
Interact with your target to get the
information you need
Social engineering techniques
Might provide you with information that is not
publicly available
15. Considerations for Active Information Gathering
Your chances of getting caught increases
People might be on the alert
Some clients might not want to disturb its
employees
Get formal permission from your client before
performing any social engineering technique
16. Demo Searching OSINT information with Maltego
- Subdomains and IPs
- Key people in the company
- Email addresses
- Search previous data breaches
17. Demo
Gathering technical and people
information with Sn1per
Several of the active and passive
techniques described in this course
- Domain enumeration
- Search engine enumeration
- Social media scrapping
- Nmap scans
- etc.
19. What kind of data is important for us
- Names, titles, email addresses, job
postings, usernames, etc.
Main passive techniques for collecting
people information
- Social media scrapping, search engine
enumeration, etc.
Active techniques for people recon
Several demos covering people and
technical information gathering
Summary