SlideShare a Scribd company logo

people-information-gathering-slides.pdf

S
ssuser386139

People Information Gathering

Technology
1 of 20
Download to read offline
Ricardo Reimao, OSCP, CISSP Cybersecurity Consultant People Information Gathering
Gathering information for effective social engineering attacks
Module Scenario Gather information about key employees in Globomantics Plan and execute social engineering attacks Understand the technologies in Globomantics
Types of data that can be useful Search engine enumeration Social media scrapping Active people information gathering Tons of demos: - theHarvester, Sn1per, Maltego and The OSINT Framework Module Overview
Why Gathering People Information? Plan targeted social engineering attacks Understand the people that work in the company Enumerate the technologies being used
Types of Data Key employees Names, job titles, hierarchy, etc. Contact information Email addresses, phone numbers, social media, etc. Technology Based on LinkedIn profiles, job postings, etc. Identity information Usernames, API keys, passwords, public/private keys, etc. Public documents Containing sensitive information, people/technical information, etc.
Passive People Information Gathering
Main Techniques for Passive People Enumeration Search for people related to a company using publicly available information Main techniques: - Social media scrapping (LinkedIn, Twitter, etc.) - Whois searches - Search engine enumeration Automated searches
Sources of Data for Passive People Reconnaissance Search Engines (Google, Bing, Baidu, etc.) LinkedIn Social Media (Twitter, Instagram, Facebook, etc.) Document Metadata Job Postings Public Repositories (GitHub, PasteBins, DropBox, etc.)
Main Tools Recon-ng theHarvester SpiderFoot Maltego Sn1per
Demo Gathering people and technical information with theHarvester Enumerating search engines and scrapping social media - Subdomains, hosts and IPs - Email addresses - Twitter accounts - LinkedIn profiles
Active People Information Gathering
What is Active People Reconnaissance? Interact with your target to get the information you need Social engineering techniques Might provide you with information that is not publicly available
Main Techniques Social Media Interactions Phishing Emails Third-party People Phone Calls
Considerations for Active Information Gathering Your chances of getting caught increases People might be on the alert Some clients might not want to disturb its employees Get formal permission from your client before performing any social engineering technique
Demo Searching OSINT information with Maltego - Subdomains and IPs - Key people in the company - Email addresses - Search previous data breaches
Demo Gathering technical and people information with Sn1per Several of the active and passive techniques described in this course - Domain enumeration - Search engine enumeration - Social media scrapping - Nmap scans - etc.
Demo Exploring the OSINT Framework Finding tools and techniques
What kind of data is important for us - Names, titles, email addresses, job postings, usernames, etc. Main passive techniques for collecting people information - Social media scrapping, search engine enumeration, etc. Active techniques for people recon Several demos covering people and technical information gathering Summary
Next up: Performing Vulnerability Scans

Recommended

Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)Asif Iqbal
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)Asif Iqbal
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunk
 
How big is your shadow?
How big is your shadow?How big is your shadow?
How big is your shadow?digital_shadows
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social EngineeringVarunjeet Singh Rekhi
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Sessiontask1_PASSIVE_RECONNAISSANCE.docx
Sessiontask1_PASSIVE_RECONNAISSANCE.docxSessiontask1_PASSIVE_RECONNAISSANCE.docx
Sessiontask1_PASSIVE_RECONNAISSANCE.docxTESTERGUY1
 

Recommended

Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)Asif Iqbal
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)Asif Iqbal
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunk
 
How big is your shadow?
How big is your shadow?How big is your shadow?
How big is your shadow?digital_shadows
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social EngineeringVarunjeet Singh Rekhi
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Sessiontask1_PASSIVE_RECONNAISSANCE.docx
Sessiontask1_PASSIVE_RECONNAISSANCE.docxSessiontask1_PASSIVE_RECONNAISSANCE.docx
Sessiontask1_PASSIVE_RECONNAISSANCE.docxTESTERGUY1
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfBecky Burwell
 
Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Tips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instancesTips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instancesXNSPY
 
Bridging the Gap: Securing IP
Bridging the Gap: Securing IPBridging the Gap: Securing IP
Bridging the Gap: Securing IPipspat
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
 
data analytics lecture2.pptx
data analytics lecture2.pptxdata analytics lecture2.pptx
data analytics lecture2.pptxNamrataBhatt8
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxanonymousanonymous428352
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority reportEliahu (Eli) Assif (Amar)
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17SelectedPresentations
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7Veronica Pereira
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA SensePost
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 

More Related Content

Similar to people-information-gathering-slides.pdf

Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfBecky Burwell
 
Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Tips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instancesTips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instancesXNSPY
 
Bridging the Gap: Securing IP
Bridging the Gap: Securing IPBridging the Gap: Securing IP
Bridging the Gap: Securing IPipspat
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
 
data analytics lecture2.pptx
data analytics lecture2.pptxdata analytics lecture2.pptx
data analytics lecture2.pptxNamrataBhatt8
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA SensePost
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 

Similar to people-information-gathering-slides.pdf (20)

Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdf
 
Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Tips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instancesTips for businesses to minimize employee data theft instances
Tips for businesses to minimize employee data theft instances
 
Bridging the Gap: Securing IP
Bridging the Gap: Securing IPBridging the Gap: Securing IP
Bridging the Gap: Securing IP
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
Vulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using WebkillVulnerability Assessment and Penetration Testing using Webkill
Vulnerability Assessment and Penetration Testing using Webkill
 
data analytics lecture2.pptx
data analytics lecture2.pptxdata analytics lecture2.pptx
data analytics lecture2.pptx
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 

Recently uploaded

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 

Recently uploaded (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 

people-information-gathering-slides.pdf

  • 1. Ricardo Reimao, OSCP, CISSP Cybersecurity Consultant People Information Gathering
  • 2. Gathering information for effective social engineering attacks
  • 3. Module Scenario Gather information about key employees in Globomantics Plan and execute social engineering attacks Understand the technologies in Globomantics
  • 4. Types of data that can be useful Search engine enumeration Social media scrapping Active people information gathering Tons of demos: - theHarvester, Sn1per, Maltego and The OSINT Framework Module Overview
  • 5. Why Gathering People Information? Plan targeted social engineering attacks Understand the people that work in the company Enumerate the technologies being used
  • 6. Types of Data Key employees Names, job titles, hierarchy, etc. Contact information Email addresses, phone numbers, social media, etc. Technology Based on LinkedIn profiles, job postings, etc. Identity information Usernames, API keys, passwords, public/private keys, etc. Public documents Containing sensitive information, people/technical information, etc.
  • 8. Main Techniques for Passive People Enumeration Search for people related to a company using publicly available information Main techniques: - Social media scrapping (LinkedIn, Twitter, etc.) - Whois searches - Search engine enumeration Automated searches
  • 9. Sources of Data for Passive People Reconnaissance Search Engines (Google, Bing, Baidu, etc.) LinkedIn Social Media (Twitter, Instagram, Facebook, etc.) Document Metadata Job Postings Public Repositories (GitHub, PasteBins, DropBox, etc.)
  • 11. Demo Gathering people and technical information with theHarvester Enumerating search engines and scrapping social media - Subdomains, hosts and IPs - Email addresses - Twitter accounts - LinkedIn profiles
  • 13. What is Active People Reconnaissance? Interact with your target to get the information you need Social engineering techniques Might provide you with information that is not publicly available
  • 14. Main Techniques Social Media Interactions Phishing Emails Third-party People Phone Calls
  • 15. Considerations for Active Information Gathering Your chances of getting caught increases People might be on the alert Some clients might not want to disturb its employees Get formal permission from your client before performing any social engineering technique
  • 16. Demo Searching OSINT information with Maltego - Subdomains and IPs - Key people in the company - Email addresses - Search previous data breaches
  • 17. Demo Gathering technical and people information with Sn1per Several of the active and passive techniques described in this course - Domain enumeration - Search engine enumeration - Social media scrapping - Nmap scans - etc.
  • 18. Demo Exploring the OSINT Framework Finding tools and techniques
  • 19. What kind of data is important for us - Names, titles, email addresses, job postings, usernames, etc. Main passive techniques for collecting people information - Social media scrapping, search engine enumeration, etc. Active techniques for people recon Several demos covering people and technical information gathering Summary