SlideShare ist ein Scribd-Unternehmen logo

Osint ashish mistry

•
•
n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai April 2012 Meet

BildungTechnologie
1 von 32
Downloaden Sie, um offline zu lesen
Leveraging OSINT in Penetration Testing By: Ashish Mistry
#whoami ● Ashish Mistry ● Individual infosec researcher & trainer ● www.Hcon.in ● HconSTF open source security framework ● Hcon Library initiative ● Contact : – Fb : Root.hcon – Tw : @hconmedia
OSINT – Open Source INTelligence ● It is NOT related to open source software ● It is NOT related to open source licenses ● It is NOT related to artificial intelligence
What Is OSINT ? Wikipedia : “Open-source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence”
What is OSINT ? Publicly available information Select / Collecting and storing it Analysis and relating and filtering it More target specific information ATTACKS
Why OSINT works ?
Humans are social beings we love to share information
We share information that we are not suppose to share
Sometime it is necessary to give out that much information
So what is the problem ??
internet
Why OSINT for pentesting ?
Some things to consider â—Ź Passive (most of it) â—Ź Legally provides much larger and wider view towards the target company / person â—Ź Uncovers more attack surface â—Ź Narrow downs many attack vectors â—Ź Helps when you don't have 0days â—Ź More specific social engineering attack vector can be crafted â—Ź Helps in other steps in a pentest
Leveraging OSINT â—Ź Reconnaissance â—Ź Vulnerability analysis â—Ź Privilege escalation â—Ź Social engineering/ profiling people
Reconnaissance ● We can have information like – OS – IP – Software / Versions – Geo location
From : ● Metadata : – Foca , metagoofil , maltego, exiftool ● Online sites : – Shodanhq, Serversniff, netcraft,centralops ● Dns/who is info ● FF extensions – wappalyzer – Passive recon
Vulnerability analysis â—Ź Path discloser â—Ź Footholds â—Ź Web Server Detection â—Ź Vulnerable Files â—Ź Vulnerable Servers â—Ź Error Messages â—Ź Network or vulnerability data â—Ź Various Online Devices â—Ź Advisories and Vulnerabilities â—Ź XSS / LFI / RFI
from ● Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress ● FF extension: – Meta generator version check ● Metadata ● http://www.1337day.com/webapps
Privilege escalation We can have potential â—Ź User names â—Ź Passwords â—Ź Login panels for more useful & accurate wordlist generation
From ? ● Metadata : – Foca , metagoofil , maltego ● Emails : – Theharvester , esearchy ● Public profiling information – Social media ● Phone numbers ● Family member names ● Birth dates
From cont.. ● Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals ● Wordlist generation : – wyd , cupp, crunch
Social engineering / profiling people ● All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures
From ? â—Ź People lookup databases â—Ź Social networks â—Ź Local yellow pages â—Ź Mtnl / bsnl tele. Dir â—Ź Public mobile info. services
What can we have from OSINT ?
â—Ź Email addresses â—Ź Phone numbers â—Ź User names / password â—Ź OS info â—Ź IP info â—Ź Softwares / version â—Ź Geo location â—Ź Personal details â—Ź vulnerabilities
tools ● Foca , metagoofil, exiftool, wyd ● Theharvester, esearchy ● FF extentions – Pasive recon, meta generator, wappalyzer, exiftool ● Sitedigger, seat, search diggity ● Creepy, fbpwn ● Maltego , netglub
Online resources â—Ź Netcraft, centralops, shodanhq, serversniff â—Ź Ghdb â—Ź foca online, regex.info/exif.cgi â—Ź http://tineye.com , http://picfog.com â—Ź https://twitpic.com/search ,http://www.pixsy.com/ â—Ź Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text
Online resources cont... ● document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:
Online resources cont... ● Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/ ● People search – 123people – Pipl – openbook
Online resources cont... ● Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm
Prevention / counter measures ● Policies for social networks – Hr , pr , marketing ● Sanitize documents – Remove metadata ● Metadata anonymizing toolkit – MAT ● Oometa extractor , Doc scrubber ● Exiftool ● openDLP , myDLP ● Websites – Block UA , dir, custom error msg
Thank you Questions ??

Empfohlen

OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 

Empfohlen

OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
Osint
OsintOsint
OsintKamal Rathaur
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Osint primer
Osint primerOsint primer
Osint primern|u - The Open Security Community
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegumJamieMcMurray
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
20070317 Osint Presentation
20070317 Osint Presentation20070317 Osint Presentation
20070317 Osint PresentationMats Björe
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015Mats Björe
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegumJamieMcMurray
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 

Was ist angesagt? (20)

Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
Osint
OsintOsint
Osint
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
 
Osint primer
Osint primerOsint primer
Osint primer
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegum
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 

Andere mochten auch

20070317 Osint Presentation
20070317 Osint Presentation20070317 Osint Presentation
20070317 Osint PresentationMats Björe
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Put Numbers 2Work: Data-driven recruiting (3B)
Put Numbers 2Work: Data-driven recruiting (3B)Put Numbers 2Work: Data-driven recruiting (3B)
Put Numbers 2Work: Data-driven recruiting (3B)Jobvite
 
Projeto Venda Brasil e Plano Futuro
Projeto Venda Brasil e Plano FuturoProjeto Venda Brasil e Plano Futuro
Projeto Venda Brasil e Plano Futurosheskrock
 
Resumen prensa Encuentro candidaturas unidad popular
Resumen prensa Encuentro candidaturas unidad popularResumen prensa Encuentro candidaturas unidad popular
Resumen prensa Encuentro candidaturas unidad popularmiciudadreal
 
Angel Day 2013 - Lean Startup: How to get business value earlier with less risks
Angel Day 2013 - Lean Startup: How to get business value earlier with less risksAngel Day 2013 - Lean Startup: How to get business value earlier with less risks
Angel Day 2013 - Lean Startup: How to get business value earlier with less riskspragmatic solutions gmbh
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Markengeschichte im Ăśberblick: von der Industrialisierung zur Digitalisierung
Markengeschichte im Ăśberblick: von der Industrialisierung zur DigitalisierungMarkengeschichte im Ăśberblick: von der Industrialisierung zur Digitalisierung
Markengeschichte im Ăśberblick: von der Industrialisierung zur DigitalisierungTWT
 
OtterBox for HTC ONE
OtterBox for HTC ONEOtterBox for HTC ONE
OtterBox for HTC ONEgabrielkjellen
 
World Music by Americo Baptista
World Music by Americo BaptistaWorld Music by Americo Baptista
World Music by Americo BaptistaAmerico Baptista
 
Eurosint Forum Presentation
Eurosint Forum PresentationEurosint Forum Presentation
Eurosint Forum PresentationAxel Dyevre
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
Boletín de noticias riet n° 6 – noviembre 2015
Boletín de noticias riet n° 6 – noviembre 2015Boletín de noticias riet n° 6 – noviembre 2015
Boletín de noticias riet n° 6 – noviembre 2015RIET_INEW
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringChris Gates
 
Competitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAECompetitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAEKHALID DALIL
 
Nato osint reader final 11 oct02
Nato osint reader final 11 oct02Nato osint reader final 11 oct02
Nato osint reader final 11 oct02Steph Cliche
 
Deriving Intelligence from Open Source Information
Deriving Intelligence from Open Source InformationDeriving Intelligence from Open Source Information
Deriving Intelligence from Open Source InformationAdrianPBTaylor
 
CiT Seesion 6 gesamt
CiT Seesion 6 gesamtCiT Seesion 6 gesamt
CiT Seesion 6 gesamtbfnd
 

Andere mochten auch (20)

20070317 Osint Presentation
20070317 Osint Presentation20070317 Osint Presentation
20070317 Osint Presentation
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Put Numbers 2Work: Data-driven recruiting (3B)
Put Numbers 2Work: Data-driven recruiting (3B)Put Numbers 2Work: Data-driven recruiting (3B)
Put Numbers 2Work: Data-driven recruiting (3B)
 
Deportes Urbanos: Skate 1
Deportes Urbanos: Skate 1Deportes Urbanos: Skate 1
Deportes Urbanos: Skate 1
 
Projeto Venda Brasil e Plano Futuro
Projeto Venda Brasil e Plano FuturoProjeto Venda Brasil e Plano Futuro
Projeto Venda Brasil e Plano Futuro
 
LibreOffice Magazine 05
LibreOffice Magazine 05LibreOffice Magazine 05
LibreOffice Magazine 05
 
Resumen prensa Encuentro candidaturas unidad popular
Resumen prensa Encuentro candidaturas unidad popularResumen prensa Encuentro candidaturas unidad popular
Resumen prensa Encuentro candidaturas unidad popular
 
Angel Day 2013 - Lean Startup: How to get business value earlier with less risks
Angel Day 2013 - Lean Startup: How to get business value earlier with less risksAngel Day 2013 - Lean Startup: How to get business value earlier with less risks
Angel Day 2013 - Lean Startup: How to get business value earlier with less risks
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Markengeschichte im Ăśberblick: von der Industrialisierung zur Digitalisierung
Markengeschichte im Ăśberblick: von der Industrialisierung zur DigitalisierungMarkengeschichte im Ăśberblick: von der Industrialisierung zur Digitalisierung
Markengeschichte im Ăśberblick: von der Industrialisierung zur Digitalisierung
 
OtterBox for HTC ONE
OtterBox for HTC ONEOtterBox for HTC ONE
OtterBox for HTC ONE
 
World Music by Americo Baptista
World Music by Americo BaptistaWorld Music by Americo Baptista
World Music by Americo Baptista
 
Eurosint Forum Presentation
Eurosint Forum PresentationEurosint Forum Presentation
Eurosint Forum Presentation
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
 
Boletín de noticias riet n° 6 – noviembre 2015
Boletín de noticias riet n° 6 – noviembre 2015Boletín de noticias riet n° 6 – noviembre 2015
Boletín de noticias riet n° 6 – noviembre 2015
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Competitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAECompetitive Intelligence Abu Dhabi UAE
Competitive Intelligence Abu Dhabi UAE
 
Nato osint reader final 11 oct02
Nato osint reader final 11 oct02Nato osint reader final 11 oct02
Nato osint reader final 11 oct02
 
Deriving Intelligence from Open Source Information
Deriving Intelligence from Open Source InformationDeriving Intelligence from Open Source Information
Deriving Intelligence from Open Source Information
 
CiT Seesion 6 gesamt
CiT Seesion 6 gesamtCiT Seesion 6 gesamt
CiT Seesion 6 gesamt
 

Ă„hnlich wie Osint ashish mistry

hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!CTruncer
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internetVong Borey
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internetVong Borey
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysisikanow
 
OpenFest 2012 : Leveraging the public internet
OpenFest 2012 : Leveraging the public internetOpenFest 2012 : Leveraging the public internet
OpenFest 2012 : Leveraging the public internettkisason
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
Big Data Analytics - Introduction
Big Data Analytics - IntroductionBig Data Analytics - Introduction
Big Data Analytics - IntroductionAlex Meadows
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfnetisBin
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisOpen Analytics
 

Ă„hnlich wie Osint ashish mistry (20)

hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
 
Anonymous internet
Anonymous internetAnonymous internet
Anonymous internet
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
OpenFest 2012 : Leveraging the public internet
OpenFest 2012 : Leveraging the public internetOpenFest 2012 : Leveraging the public internet
OpenFest 2012 : Leveraging the public internet
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
Big Data Analytics - Introduction
Big Data Analytics - IntroductionBig Data Analytics - Introduction
Big Data Analytics - Introduction
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
 
Fun & profit with bug bounties
Fun & profit with bug bountiesFun & profit with bug bounties
Fun & profit with bug bounties
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

KĂĽrzlich hochgeladen

ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 

KĂĽrzlich hochgeladen (20)

ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 

Osint ashish mistry

  • 1. Leveraging OSINT in Penetration Testing By: Ashish Mistry
  • 2. #whoami â—Ź Ashish Mistry â—Ź Individual infosec researcher & trainer â—Ź www.Hcon.in â—Ź HconSTF open source security framework â—Ź Hcon Library initiative â—Ź Contact : – Fb : Root.hcon – Tw : @hconmedia
  • 3. OSINT – Open Source INTelligence â—Ź It is NOT related to open source software â—Ź It is NOT related to open source licenses â—Ź It is NOT related to artificial intelligence
  • 4. What Is OSINT ? Wikipedia : “Open-source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence”
  • 5. What is OSINT ? Publicly available information Select / Collecting and storing it Analysis and relating and filtering it More target specific information ATTACKS
  • 7. Humans are social beings we love to share information
  • 8. We share information that we are not suppose to share
  • 9. Sometime it is necessary to give out that much information
  • 10. So what is the problem ??
  • 12. Why OSINT for pentesting ?
  • 13. Some things to consider â—Ź Passive (most of it) â—Ź Legally provides much larger and wider view towards the target company / person â—Ź Uncovers more attack surface â—Ź Narrow downs many attack vectors â—Ź Helps when you don't have 0days â—Ź More specific social engineering attack vector can be crafted â—Ź Helps in other steps in a pentest
  • 14. Leveraging OSINT â—Ź Reconnaissance â—Ź Vulnerability analysis â—Ź Privilege escalation â—Ź Social engineering/ profiling people
  • 15. Reconnaissance â—Ź We can have information like – OS – IP – Software / Versions – Geo location
  • 16. From : â—Ź Metadata : – Foca , metagoofil , maltego, exiftool â—Ź Online sites : – Shodanhq, Serversniff, netcraft,centralops â—Ź Dns/who is info â—Ź FF extensions – wappalyzer – Passive recon
  • 17. Vulnerability analysis â—Ź Path discloser â—Ź Footholds â—Ź Web Server Detection â—Ź Vulnerable Files â—Ź Vulnerable Servers â—Ź Error Messages â—Ź Network or vulnerability data â—Ź Various Online Devices â—Ź Advisories and Vulnerabilities â—Ź XSS / LFI / RFI
  • 18. from â—Ź Dorks : sitedigger , search diggity, seat – GHDB – BHDB – FSHDB – Web = sqli / Lfi / Rfi / Wordpress â—Ź FF extension: – Meta generator version check â—Ź Metadata â—Ź http://www.1337day.com/webapps
  • 19. Privilege escalation We can have potential â—Ź User names â—Ź Passwords â—Ź Login panels for more useful & accurate wordlist generation
  • 20. From ? â—Ź Metadata : – Foca , metagoofil , maltego â—Ź Emails : – Theharvester , esearchy â—Ź Public profiling information – Social media â—Ź Phone numbers â—Ź Family member names â—Ź Birth dates
  • 21. From cont.. â—Ź Dorks : – Files containing usernames – Files containing passwords – Files containing juicy info – Pages containing login portals â—Ź Wordlist generation : – wyd , cupp, crunch
  • 22. Social engineering / profiling people â—Ź All kind of personal and professional info – Names - dob – Residence address – Phone no. – Emails – Close associates / friends – Interest / hobbies – Pictures
  • 23. From ? â—Ź People lookup databases â—Ź Social networks â—Ź Local yellow pages â—Ź Mtnl / bsnl tele. Dir â—Ź Public mobile info. services
  • 24. What can we have from OSINT ?
  • 25. â—Ź Email addresses â—Ź Phone numbers â—Ź User names / password â—Ź OS info â—Ź IP info â—Ź Softwares / version â—Ź Geo location â—Ź Personal details â—Ź vulnerabilities
  • 26. tools â—Ź Foca , metagoofil, exiftool, wyd â—Ź Theharvester, esearchy â—Ź FF extentions – Pasive recon, meta generator, wappalyzer, exiftool â—Ź Sitedigger, seat, search diggity â—Ź Creepy, fbpwn â—Ź Maltego , netglub
  • 27. Online resources â—Ź Netcraft, centralops, shodanhq, serversniff â—Ź Ghdb â—Ź foca online, regex.info/exif.cgi â—Ź http://tineye.com , http://picfog.com â—Ź https://twitpic.com/search ,http://www.pixsy.com/ â—Ź Flickr Photo Search http://www.flickr.com/search/? s=rec&w=all&q=comapny name&m=text
  • 28. Online resources cont... â—Ź document search: – Docstoc http://www.docstoc.com/ – Scribd http://www.scribd.com/ – SlideShare http://www.slideshare.net/ – PDF Search Engine http://www.pdf- search-engine.com/ – Toodoc http://www.toodoc.com/ – google filetype:
  • 29. Online resources cont... â—Ź Check Usernames: – http://www.checkusernames.com/ – http://knowem.com/ ,www.namechk.com – http://webmii.com/ â—Ź People search – 123people – Pipl – openbook
  • 30. Online resources cont... â—Ź Geo location – Infosnipper – http://twittermap.appspot.com – http://www.geobytes.com/iplocator.htm
  • 31. Prevention / counter measures â—Ź Policies for social networks – Hr , pr , marketing â—Ź Sanitize documents – Remove metadata â—Ź Metadata anonymizing toolkit – MAT â—Ź Oometa extractor , Doc scrubber â—Ź Exiftool â—Ź openDLP , myDLP â—Ź Websites – Block UA , dir, custom error msg