SlideShare ist ein Scribd-Unternehmen logo

Passive Recon: Collapsing your target's wavefunction.

Philip Hartlieb
Philip Hartlieb

An open and accurate accounting of the available intelligence for an individual, organization, or business is typically an undervalued component of both offensive and defensive information security activities. From the defender.s perspective, it is important to understand how the source, content, and fidelity of publicly available data can affect the overall security posture of the organization. For the attacker, the gathering and analysis of publicly available data, which often includes usernames, emails, hostnames, subnets, technologies deployed, new product initiatives, employee habits, hobbies, and relationships, will provide actionable intelligence products that can be leveraged to gain a foothold in the target organization and provide the foundation for a successful attack. This presentation will cover intelligence sources, gathering and analysis methods, and the supporting toolset. Individual use cases will highlight how a specific piece of information can be developed into an actionable intelligence product that can then be incorporated into a larger attack plan. This presentation also provides suggestions for limiting, detecting, and mitigating against the information that is made available to the public.

Technologie
1 von 43
Downloaden Sie, um offline zu lesen
Passive Recon: Collapsing your target’s wavefunction. 2013.10.17 Charleston ISSA Gabe LeBlanc @gabeleblanc Philip Hartlieb @pjhartlieb Black Lantern Security Group
caveats / notes 1. 2. 3. “We are standing on the shoulders of giants.” Numerous references have been provided throughout the talk. Additional materials will be provided for further reading in an appendix. This talk is about the principles, methodology, process for performing passive reconnaissance using tools and methods developed by a community of researchers. The tools, artifacts/raw data, and intelligence products presented are not intended to be comprehensive. Every customer provides a new and interesting challenge.
outline • • • • Terminology Methodology and Objectives Establishing a baseline Case Study: Creating actionable intelligence • Risk and Mitigations • Summary and conclusions
Terminology / context • Vulnerability assessment • Penetration Test • Full Scope Red Team engagement
Test purpose and objectives • Acquiring information that would significantly impact the operational effectiveness of the business or organization. • intellectual property • trade secrets 1 • PHI 2 • PII 3 • mergers and acquisitions 4 • troop movements 5 • diplomatic cables • Gaining elevated privileges on critical systems, applications, and infrastructure in order to demonstrate the potential for impacting the operational effectiveness of the business or organization. 1. 2. 3. 4. 5. http://www.wishtv.com/news/local/two-accused-of-selling-eli-lilly-secrets-to-chinese-company http://www.secureworks.com/resources/blog/general-hackers-sell-health-insurance-credentials-bank-accounts-ssns-and-counterfeit-documents/ http://krebsonsecurity.com/2012/06/carderprofit-forum-sting-nets-26-arrests/ http://www.imdb.com/title/tt0094291/ http://www.timesofisrael.com/israel-tracked-russian-navy-in-syria/?utm_source=dlvr.it&utm_medium=twitter
Methodology / context Passive Recon Active Recon Pre Planning Test Plan Test Execution Reporting
passive recon – focus on test objectives What would most adversely impact the mission/ business /organization? [CRITICAL HIT] • Future earnings PHI PII Access to critical resources Classified Materials • • • • • • • fines ($$$) Faith (customers) Lives Political stability Force projection Diplomacy Negotiation Intellectual Property
passive recon – objective • Gather, organize, and analyze data in order to create actionable intelligence product(s) that will support – target identification; – exploitation; and – post exploitation activities
passive recon – case study Actionable Intelligence products smtp security controls pub/priv facebook, linkedin profiles Tools / Manual Labor Adv. Google Searches Social media chatter/comments activity timelines ATTACK PLAN spear phish vector n ... Raw Data Brain Maltego Keyboard Org. structure and personnel News media Document Archives Business processes MX records Facebook Graph search Verified email addresses Documents and metadata FOCA Brain
passive recon – establish baseline Grunt Work Search Engines • • • • Google Yandex 2 Yahoo Blekko • • • • • • • • Metagoofil FOCA * Exiftool SearchDiggity Doc archives Network Resources Specialty Sources4 Documents and Metadata EDGAR database SEC filings www.defense.gov/contract s/ • • • • • • Whois Fierce.pl* Dnsrecon* Pentbox Centralops Robtex.com OSINT Frameworks • • Maltego* Recon-ng* 3 Raw Data 1 Key Public points of contact (POCs) Partnerships 1. 2. 3. 4. Market Vertical Key Network/Physical Products, services, Mission statement Leadership footprint and offerings and purpose http://www.pentest-standard.org/index.php/Intelligence_Gathering http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.irongeek.com/i.php?page=videos/derbycon3/1104-look-ma-no-exploits-the-recon-ng-framework-tim-lanmaster53-tomes http://http://rr.reuser.biz/
passive recon – establishing baseline • Let’s not forget passive physical/human engineering (yes you can!) • Recon Routes – Smoking area – Gym – Local eatery – After hours hot spots (dig, madra..anybody?) – Parking lot
passive recon – establishing baseline • What you ‘need’ (this is the short list) – Camera (duh!) – Monocular (depth perception and peripheral) – Proper bag – Space pen – Waterproof notebook – Street smarts • Optional - Attire
passive recon – establishing baseline • What you ‘need’ to do (this is the short list) – Camera && be natural/use cover + conceal – Monocular (depth perception and peripheral) && see camera + consider surroundings – Proper bag && (I’m biased but this IS REALLY important) – Space pen && no-brainer – Waterproof notebook && see pen + learn sniper/infantry techniques – Street smarts • Optional - Attire
passive recon – establishing baseline RESOURCE: Warrick RAW DATA: Archived web resources and documents INTELLIGENCE PRODUCT(S): Descriptions of products / services, culture, customers, technologies used, financials, etc. NOTES: The number of archived resources is heavily dependent on target Mirror (approximate) web sites for viewing offline • • A utility for reconstructing or recovering a website when a back-up is not available. Downloads the pages and images and will save them to your filesystem. > ./warrick.pl -D ~/Desktop/cisco -k http://www.cisco.com/ 1. http://warrick.cs.odu.edu//about.php
passive recon – establishing baseline RESOURCE: Warrick RAW DATA: Archived web resources and documents INTELLIGENCE PRODUCT(S): Descriptions of products / services, culture, customer profiles, technologies used, financial outlook, etc. NOTES: The number of archived resources is heavily dependent on target original resource archived resource new local file
passive recon – establishing baseline RESOURCE: Search engines RAW DATA: inbound links from partners and customer organizations INTELLIGENCE PRODUCT(S): Key Partnerships and customer profiles NOTE: Search string = inanchor: <target site> -site: <target site> keyword “The anchor text, link label, link text, or link title is the visible, clickable text in a hyperlink.” – wikipedia.org
passive recon – establishing baseline RESOURCE: Maltego / Website Incoming Links Transform RAW DATA: inbound links from partners and customer organizations INTELLIGENCE PRODUCT(S): Key Partnerships and customer profiles NOTE: Mixed Success
passive recon – establishing baseline RESOURCE: Search engines RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): Organizational structure (usernames) and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, etc. NOTE: Search string = filetype: <ppt, pdf, xls, doc> -site: <target site> <keyword> 1. 2. 3. 4. http://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974?show=document-metadata-silent-killer-32974&cat=privacy http://jwebnet.net/advancedgooglesearch.html http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
passive recon – establishing baseline RESOURCE: Document Archives1 RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): Organizational structure (usernames) and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, etc. NOTE: Search string = filetype: <ppt, pdf, xls, doc> -site: <target site> <keyword> Docstoc http://www.docstoc.com/ Scribd http://www.scribd.com/ (RSS feed of results) SlideShare http://www.slideshare.net/ (RSS feed of results) PDF Search Engine http://www.pdf-search-engine.com/ Toodoc http://www.toodoc.com/ http://www.docs-archive.com/ 1. http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
passive recon – establishing baseline RESOURCE: FOCA RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): categorized usernames and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, organizational structure, etc NOTE: Provides document paths, OS, software used, email, usernames, printers, etc.
passive recon – establishing baseline RESOURCE: SearchDiggity RAW DATA: Misconfigurations, default web pages, login pages, user credentials, leakage, etc INTELLIGENCE PRODUCT(S): vulnerable web applications, collections of valid default user credentials, back-up data, etc. NOTE:
passive recon – establishing baseline RESOURCE: Fierce Domain Scanner 1 RAW DATA: subnets, IPs, hostnames, FQDNs INTELLIGENCE PRODUCT(S): Systems categorized according to name/function, network footprint NOTE: Designed to locate hosts in non-contiguous IP space >./fierce.pl -wide -dns <target domain> -dnsserver <dns server> -wordlist <custom wordlist> -file <output file> brute list attempts domain xfer no joy? OUTPUT file http://ha.ckers.org/fierce/ hit? no yes! 1. yes! forward lookup additional reverse lookups
passive recon – establishing baseline RESOURCE: Robtex.com RAW DATA: subnets, IPs, hostnames, FQDNs INTELLIGENCE PRODUCT(S): Systems categorized according to name/function, network footprint NOTE: describe scripted approach >for i in {0..255}; do wget https://route.robtex.com/72.23.${i}.0-24.html#sites; sleep 2; done
passive recon – establishing baseline RESOURCE: Yatedo.com / Advanced Google searching “site:linkedin.com cisco administrator” RAW DATA: human targets / seed accounts INTELLIGENCE PRODUCT(S): Organizational Structure (usernames) NOTE: A small perl script will quickly return csv formatted first name, last name, org, role Seed Names
passive recon – case study RESOURCE: LinkedIn / Facebook Account creation and data mining RAW DATA: human targets / seed accounts INTELLIGENCE PRODUCT(S): Organizational structure and personnel, key relationships, culture, friendships, insider bullshit jargon, speech patterns. NOTE: ** May violate ToS. .... Recursively Harvest and Catalogue Key groups of individuals INTEL: System Admins INTEL: Help Desk INTEL: Sharepoint Admins INTEL: Database Admins INTEL: Mgmt C-level
passive recon – case study View Contacts: Recursive Harvesting new target 1 new target 2 INTEL: New LinkedIn Connection new target 3 Request Connection(s) new target n ... Senior leadership “About” section INTEL: work email format ! LastFiMi@x.y.z
passive recon – case study RESOURCE: namechk.com RAW DATA: user footprint, account enumeration INTELLIGENCE PRODUCT: Relationships, friendships, hobbies, speech patterns, bad behavior NOTE:
passive recon – case study INTEL: John D. LinkedIn account Facebook Graph Search John D. Facebook account Recursively Harvesting Friends Gerry L. (mgr.) Facebook account Monitoring Monitoring John Posts Link to article describing upgrade INTEL: Activity timeline, resources, and leadership for upgrade Link Public Article INTEL: Every Windows Admin on FB Gerry posts congrats! to team and tags all direct reports
passive recon – case study INTEL: work email format ! LastFiMi@x.y.z TO: <TARGETS> FROM: <SENDER> EMAIL BODY INTEL: Every Windows Admin on FB INTEL: Activity timeline, leadership, and resources for upgrade. PHISH! ATTACHMENT LINK
passive recon – case study Actionable Intelligence products Raw Data pub/priv facebook, linkedin profiles Tools / Manual Labor Adv. Google Searches activity timelines ATTACK PLAN spear phish vector n ... Social media chatter/comments Brain Maltego Keyboard Org. structure and personnel News media Document Archives Business processes MX records Facebook Graph search Verified email addresses Documents and metadata FOCA Brain
passive recon: process notes • Native search functions will miss data (Facebook graph and LinkedIn search) • Hacker tools will miss data • Take ridiculously detailed notes • Don’t underestimate the importance of taking the time to use Google/Bing advanced search functions in new and creative ways • Be prepared to change objectives based on newly returned data • Take ridiculously detailed notes • Always be working towards an intelligence-product • Organize your notes so they will still make sense 30 days from now [ Evernote (local), Zim, Keepnote, etc.] • Some of our most interesting finds have fallen out of extremely tedious long term manual search methods.
passive recon – mitigations [org.] - Be at least as knowledgeable as the attacker. - Perform passive recon against your own organization. - Do you know how you make money? - Where are your critical resources? What would be the death blow for the organization? - How would you plan an attack? - Acceptable Use policy (AUP) for social media - Monitoring of Social Media 1,2 - Public Affairs Office (PAO) - Is there a process for the public release of information. Are there people involved other than sales and marketing? How do they handle metadata? - Use the free monitoring tools: - google alerts, yahoo pipes, RSS readers - twitter search, social media APIs - SearchDiggity - Consider one or more paid services 3 1. 2. 3. http://sproutsocial.com/features/social-media-monitoring http://www.cnn.com/2013/09/14/us/california-schools-monitor-social-media/index.html https://pwnedlist.com/services
passive recon – mitigations [individual] - LinkedIn security settings - Keep your connections private. [Really annoying when enumerating] - Avoid connections with people you have never met. [mutual connections != trust ] - Do not publish email information. [Make it difficult to map out your digital footprint] - Facebook privacy settings - Don’t allow followers - Avoid public posts like the plague. [ We personally monitor and analyze these daily for long term engagements] - Avoid routinely checking in at your work address! - Avoid those hookah pictures [ No one will ever believe that it was flavored tobacco anyway .. cmon man ] - Vanity is an attackers best friend ... truly my favorite sin. - Forums - How much are you revealing about technologies you use? - Bugs in the software? - Maintenance periods? - Organizational deficiencies?
further reading 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.irongeek.com/i.php?page=videos/derbycon2/1-2-2-jordan-harbinger-social-engineeringdefense-contractors-on-linkedin-and-facebook-whos-plugged-into-your-employees http://www.irongeek.com/i.php?page=videos/derbycon2/1-1-6-rob-fuller-chris-gates-dirty-little-secretspart-2 http://raidersec.blogspot.com/2012/12/automated-open-source-intelligence.html http://maltego.blogspot.com/ http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://www.informatica64.com/foca.aspx http://www.sans.org/reading-room/whitepapers/privacy/document-metadata-the-silent-killer-32974?show=document-metadata-the-silent-killer--32974&cat=privacy https://secdiary.com/forensics/social-network-analysis-and-object-attribution-with-maltego-3/ http://dataiku.com/blog/2012/12/07/visualizing-your-linkedin-graph-using-gephi-part-1.html http://socnetv.sourceforge.net/index.html http://www.express.co.uk/news/uk/434636/Hackers-target-patient-records https://www.ethicalhacker.net/columns/gates/maltego-part-ii-infrastructure-enumeration http://www.youtube.com/watch?v=3zlbUck_BLk&feature=share&list=PLC9DB3E7C258CD215 http://rr.reuser.biz/ Silent Warfare “Understanding the World of Intelligence”, Abram N. Shulsky, Gary J. Schmitt http://www.wolframalpha.com/facebook/ https://top-hat-sec.com/forum/index.php?topic=3175.0 http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ http://www.csoonline.com/article/737662/dating-guru-resurrects-robin-sage-by-social-engineering-tssci-holders-on-linkedin?source=csosotd http://engineering.linkedin.com/linkedinlabs/ http://resources.infosecinstitute.com/peeping-the-social-media/
What else are we working on? November 1-2 2013 RYAN WINCEY - Java Shellcode Execution MICHEAL RESKI - Using MLP to classify Encrypted Network Traffic
EXTRA SLIDES
passive recon – baseline data Gathering baseline information for understanding the organization / business – ACTION: Scouring publicly available web resources to gather: – • Mission statement and purpose • Products and services available • Key Leadership [Command Structure / C-level executives] • POC information [ Public facing contacts or forms] • Key partnerships • Market Vertical • Network Footprint • Documents and metadata • Web resources • Seed accounts for personnel TOOLS / RESOURCES: • • • • • • • • • • • • • • • Public facing web pages and portals Corporate pages EDGAR online database SEC filings Org charts Maltego Search engines (advanced operators) Robtex / CentralOps / deepmagic (coming soon!) Warrick Internet Archives Document archives FOCA Facebook graph search Yatedo.com Spokeo.com
osint - human targets Harvesting, mapping, and categorizing human targets – ACTION: gathering and analyzing data to create target packages • • • • • Publicly available social media profiles [pedigree, private email, role, responsibility, org, etc.] Existing connections within artificial accounts [seed accounts] News articles [recent projects, milestones, promotions, awards etc.] Blogs and other forms of online publications [information leakage, physical addresses, phone #s] Alumni pages [friendships, hobbies, habits, sports] – TOOLS • • • • • • • • • • • • • • • • • Search engines (Google, Bing, Baidu, Duck Duck Go, Blekko, Yandex, etc.) Facebook graph and LinkedIn search functions Automated scripts Yatedo Spokeo PiPL Recon-ng Foca Scythe Maltego Namechk.com Wayback machine Google cache SearchDiggity Paste sites TheHarvester Uberharvester
osint – detailed data Gathering detailed information for understanding products, services, processes, technologies used, critical resources, markets, partnerships, and competitors • ACTION: Gathering and analyzing data from: – – – – – – – • Spidered web content [services/products offered, external links (partners), etc.] Publicly available documents [metadata: users, IPs, OS, email, printers, etc.)] Social media pages [latest product offerings and announcements, partners, fans, key personnel] News releases and marketing announcements [ new products, defective products, lawsuits, hirings.firings, acquisitions] Trade publications [employee/departmental highlights, technical product specifications, products or technologies used] Job announcements [technologies used, skill shortages, under staffed departments] Forum postings [email addresses, technologies used, information leakage, deficient areas] TOOLS / RESOURCES: – – – – – – – – – Search Engines (Google, Bing, Baidu, Duck Duck Go, Blekko, etc.) FOCA (document collection and metadata analysis) SearchDiggity (google dorks, document collection and analysis) SiteDigger (google dorks, document collection and analysis) Recon-Ng Goofile Metagoofil Httrack / ZED attack proxy / Burp / wget / curl Maltego
osint - products • Products include – Users categorized according to: • • • • Role / Responsibility Organization Time in position Physical location – Email addresses – Vulnerable product/technology used – Spear fishing themes [recent promotion, new requirement, gossip, new acquisition etc.] – Communication patterns amongst employees or partners – Social Engineering script based on good/bad user habits/interests – Target subnets, hosts, applications – Vulnerable web page / form – Protected or default web pages – Sensitive documents – Building layouts – Cohabitants – Threat vectors / Agents – Password policy – Hub users – Bridged users
footprinting – process notes • Don’t underestimate the importance of **native** administrative tools • Understand exactly what a tool will do before you run it – – – – – What are you after? What Snort signatures may fire? What kind of load does it put on the target system What is the frequency of requests? For web requests, what User agents are used? • Investigate **every** finding no matter how esoteric • Take ridiculously detailed notes [ date, time, tool used, command run, switches used, file saved ] • Organize your notes so they will still make sense 30 days from now [ Evernote (local), Zim, Keepnote, etc.] • Mind your surroundings – – – – Is this system in scope? What makes this system an attractive target? Should I trust my results? Do they make sense? What do I hope to gain? PHI, PII, beachhead, user credentials?
footprinting – detailed data Foot printing the organization and its partners (external / internal) – ACTION: gathering and analyzing data from: • • • • • Discovered subnets and hosts Running services and applications Open ports Hostnames (forward/reverse DNS) Protection mechanisms – TOOLS • • • • • • • • • • • • • • Maltego [ hostnames, IPs, subnets, and much more ] WHOIS / WHOIS by IP nslookup / dig / fierce / dnsrecon / dnsenum / deepmagic / robtex [ DNS ] Goohost [ target hosts ] recon-ng [ target hosts, subnets, users, and more ] Portqry [ port scanning ldap, smb, smtp, mssql, netbios, rpc, isa ] nmap / nse scripts [ port scanning, enumeration, banner grabbing ] Msf [ port scanning, enumeration ] Sqlmap / burp suite / zed attack proxy / nikto / w3af / skipfish / dirbuster [ web apps ] Nessus / OpenVAS [ vulnerability scanning ] Winfo / enum / nbtscan / nbtdump / nbtenum / net commands [ smb enumeration ] Ike scan [ vpn scanning and enumeration ] Smtp_enum_user [ smpt user identification ] Blue Pill / Red Pill
footprinting - products • Products include – Hostnames – Hosts categorized according to: • • • – – – – – – – – – – – – – – – – – – Program of record (PORs) Function (workstation, database, application, name server, mail server, etc.) Trust relationships Open ports Misconfigured services Interesting error messages Unpatched systems and/or applications Vulnerable web applications Lockout thresholds Major/Minor version numbers Email addresses Outdated systems Test systems Default credentials Virtualization platforms / systems Load Balancers Web application firewalls Internal IP address space Trust relationships Nature and frequency of communications between systems Host and Network based protection mechanisms

Empfohlen

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

Empfohlen

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Kürzlich hochgeladen (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Empfohlen

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 

Empfohlen (20)

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 

Passive Recon: Collapsing your target's wavefunction.

  • 1. Passive Recon: Collapsing your target’s wavefunction. 2013.10.17 Charleston ISSA Gabe LeBlanc @gabeleblanc Philip Hartlieb @pjhartlieb Black Lantern Security Group
  • 2. caveats / notes 1. 2. 3. “We are standing on the shoulders of giants.” Numerous references have been provided throughout the talk. Additional materials will be provided for further reading in an appendix. This talk is about the principles, methodology, process for performing passive reconnaissance using tools and methods developed by a community of researchers. The tools, artifacts/raw data, and intelligence products presented are not intended to be comprehensive. Every customer provides a new and interesting challenge.
  • 3. outline • • • • Terminology Methodology and Objectives Establishing a baseline Case Study: Creating actionable intelligence • Risk and Mitigations • Summary and conclusions
  • 4. Terminology / context • Vulnerability assessment • Penetration Test • Full Scope Red Team engagement
  • 5. Test purpose and objectives • Acquiring information that would significantly impact the operational effectiveness of the business or organization. • intellectual property • trade secrets 1 • PHI 2 • PII 3 • mergers and acquisitions 4 • troop movements 5 • diplomatic cables • Gaining elevated privileges on critical systems, applications, and infrastructure in order to demonstrate the potential for impacting the operational effectiveness of the business or organization. 1. 2. 3. 4. 5. http://www.wishtv.com/news/local/two-accused-of-selling-eli-lilly-secrets-to-chinese-company http://www.secureworks.com/resources/blog/general-hackers-sell-health-insurance-credentials-bank-accounts-ssns-and-counterfeit-documents/ http://krebsonsecurity.com/2012/06/carderprofit-forum-sting-nets-26-arrests/ http://www.imdb.com/title/tt0094291/ http://www.timesofisrael.com/israel-tracked-russian-navy-in-syria/?utm_source=dlvr.it&utm_medium=twitter
  • 6. Methodology / context Passive Recon Active Recon Pre Planning Test Plan Test Execution Reporting
  • 7. passive recon – focus on test objectives What would most adversely impact the mission/ business /organization? [CRITICAL HIT] • Future earnings PHI PII Access to critical resources Classified Materials • • • • • • • fines ($$$) Faith (customers) Lives Political stability Force projection Diplomacy Negotiation Intellectual Property
  • 8. passive recon – objective • Gather, organize, and analyze data in order to create actionable intelligence product(s) that will support – target identification; – exploitation; and – post exploitation activities
  • 9. passive recon – case study Actionable Intelligence products smtp security controls pub/priv facebook, linkedin profiles Tools / Manual Labor Adv. Google Searches Social media chatter/comments activity timelines ATTACK PLAN spear phish vector n ... Raw Data Brain Maltego Keyboard Org. structure and personnel News media Document Archives Business processes MX records Facebook Graph search Verified email addresses Documents and metadata FOCA Brain
  • 10. passive recon – establish baseline Grunt Work Search Engines • • • • Google Yandex 2 Yahoo Blekko • • • • • • • • Metagoofil FOCA * Exiftool SearchDiggity Doc archives Network Resources Specialty Sources4 Documents and Metadata EDGAR database SEC filings www.defense.gov/contract s/ • • • • • • Whois Fierce.pl* Dnsrecon* Pentbox Centralops Robtex.com OSINT Frameworks • • Maltego* Recon-ng* 3 Raw Data 1 Key Public points of contact (POCs) Partnerships 1. 2. 3. 4. Market Vertical Key Network/Physical Products, services, Mission statement Leadership footprint and offerings and purpose http://www.pentest-standard.org/index.php/Intelligence_Gathering http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.irongeek.com/i.php?page=videos/derbycon3/1104-look-ma-no-exploits-the-recon-ng-framework-tim-lanmaster53-tomes http://http://rr.reuser.biz/
  • 11. passive recon – establishing baseline • Let’s not forget passive physical/human engineering (yes you can!) • Recon Routes – Smoking area – Gym – Local eatery – After hours hot spots (dig, madra..anybody?) – Parking lot
  • 12. passive recon – establishing baseline • What you ‘need’ (this is the short list) – Camera (duh!) – Monocular (depth perception and peripheral) – Proper bag – Space pen – Waterproof notebook – Street smarts • Optional - Attire
  • 13. passive recon – establishing baseline • What you ‘need’ to do (this is the short list) – Camera && be natural/use cover + conceal – Monocular (depth perception and peripheral) && see camera + consider surroundings – Proper bag && (I’m biased but this IS REALLY important) – Space pen && no-brainer – Waterproof notebook && see pen + learn sniper/infantry techniques – Street smarts • Optional - Attire
  • 14. passive recon – establishing baseline RESOURCE: Warrick RAW DATA: Archived web resources and documents INTELLIGENCE PRODUCT(S): Descriptions of products / services, culture, customers, technologies used, financials, etc. NOTES: The number of archived resources is heavily dependent on target Mirror (approximate) web sites for viewing offline • • A utility for reconstructing or recovering a website when a back-up is not available. Downloads the pages and images and will save them to your filesystem. > ./warrick.pl -D ~/Desktop/cisco -k http://www.cisco.com/ 1. http://warrick.cs.odu.edu//about.php
  • 15. passive recon – establishing baseline RESOURCE: Warrick RAW DATA: Archived web resources and documents INTELLIGENCE PRODUCT(S): Descriptions of products / services, culture, customer profiles, technologies used, financial outlook, etc. NOTES: The number of archived resources is heavily dependent on target original resource archived resource new local file
  • 16. passive recon – establishing baseline RESOURCE: Search engines RAW DATA: inbound links from partners and customer organizations INTELLIGENCE PRODUCT(S): Key Partnerships and customer profiles NOTE: Search string = inanchor: <target site> -site: <target site> keyword “The anchor text, link label, link text, or link title is the visible, clickable text in a hyperlink.” – wikipedia.org
  • 17. passive recon – establishing baseline RESOURCE: Maltego / Website Incoming Links Transform RAW DATA: inbound links from partners and customer organizations INTELLIGENCE PRODUCT(S): Key Partnerships and customer profiles NOTE: Mixed Success
  • 18. passive recon – establishing baseline RESOURCE: Search engines RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): Organizational structure (usernames) and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, etc. NOTE: Search string = filetype: <ppt, pdf, xls, doc> -site: <target site> <keyword> 1. 2. 3. 4. http://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974?show=document-metadata-silent-killer-32974&cat=privacy http://jwebnet.net/advancedgooglesearch.html http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
  • 19. passive recon – establishing baseline RESOURCE: Document Archives1 RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): Organizational structure (usernames) and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, etc. NOTE: Search string = filetype: <ppt, pdf, xls, doc> -site: <target site> <keyword> Docstoc http://www.docstoc.com/ Scribd http://www.scribd.com/ (RSS feed of results) SlideShare http://www.slideshare.net/ (RSS feed of results) PDF Search Engine http://www.pdf-search-engine.com/ Toodoc http://www.toodoc.com/ http://www.docs-archive.com/ 1. http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
  • 20. passive recon – establishing baseline RESOURCE: FOCA RAW DATA: Documents and Metadata INTELLIGENCE PRODUCT(S): categorized usernames and emails, passwords, software, OS, major/minor version numbers, internal IP address space, PII, PHI, financial outlook, organizational structure, etc NOTE: Provides document paths, OS, software used, email, usernames, printers, etc.
  • 21. passive recon – establishing baseline RESOURCE: SearchDiggity RAW DATA: Misconfigurations, default web pages, login pages, user credentials, leakage, etc INTELLIGENCE PRODUCT(S): vulnerable web applications, collections of valid default user credentials, back-up data, etc. NOTE:
  • 22. passive recon – establishing baseline RESOURCE: Fierce Domain Scanner 1 RAW DATA: subnets, IPs, hostnames, FQDNs INTELLIGENCE PRODUCT(S): Systems categorized according to name/function, network footprint NOTE: Designed to locate hosts in non-contiguous IP space >./fierce.pl -wide -dns <target domain> -dnsserver <dns server> -wordlist <custom wordlist> -file <output file> brute list attempts domain xfer no joy? OUTPUT file http://ha.ckers.org/fierce/ hit? no yes! 1. yes! forward lookup additional reverse lookups
  • 23. passive recon – establishing baseline RESOURCE: Robtex.com RAW DATA: subnets, IPs, hostnames, FQDNs INTELLIGENCE PRODUCT(S): Systems categorized according to name/function, network footprint NOTE: describe scripted approach >for i in {0..255}; do wget https://route.robtex.com/72.23.${i}.0-24.html#sites; sleep 2; done
  • 24. passive recon – establishing baseline RESOURCE: Yatedo.com / Advanced Google searching “site:linkedin.com cisco administrator” RAW DATA: human targets / seed accounts INTELLIGENCE PRODUCT(S): Organizational Structure (usernames) NOTE: A small perl script will quickly return csv formatted first name, last name, org, role Seed Names
  • 25. passive recon – case study RESOURCE: LinkedIn / Facebook Account creation and data mining RAW DATA: human targets / seed accounts INTELLIGENCE PRODUCT(S): Organizational structure and personnel, key relationships, culture, friendships, insider bullshit jargon, speech patterns. NOTE: ** May violate ToS. .... Recursively Harvest and Catalogue Key groups of individuals INTEL: System Admins INTEL: Help Desk INTEL: Sharepoint Admins INTEL: Database Admins INTEL: Mgmt C-level
  • 26. passive recon – case study View Contacts: Recursive Harvesting new target 1 new target 2 INTEL: New LinkedIn Connection new target 3 Request Connection(s) new target n ... Senior leadership “About” section INTEL: work email format ! LastFiMi@x.y.z
  • 27. passive recon – case study RESOURCE: namechk.com RAW DATA: user footprint, account enumeration INTELLIGENCE PRODUCT: Relationships, friendships, hobbies, speech patterns, bad behavior NOTE:
  • 28. passive recon – case study INTEL: John D. LinkedIn account Facebook Graph Search John D. Facebook account Recursively Harvesting Friends Gerry L. (mgr.) Facebook account Monitoring Monitoring John Posts Link to article describing upgrade INTEL: Activity timeline, resources, and leadership for upgrade Link Public Article INTEL: Every Windows Admin on FB Gerry posts congrats! to team and tags all direct reports
  • 29. passive recon – case study INTEL: work email format ! LastFiMi@x.y.z TO: <TARGETS> FROM: <SENDER> EMAIL BODY INTEL: Every Windows Admin on FB INTEL: Activity timeline, leadership, and resources for upgrade. PHISH! ATTACHMENT LINK
  • 30. passive recon – case study Actionable Intelligence products Raw Data pub/priv facebook, linkedin profiles Tools / Manual Labor Adv. Google Searches activity timelines ATTACK PLAN spear phish vector n ... Social media chatter/comments Brain Maltego Keyboard Org. structure and personnel News media Document Archives Business processes MX records Facebook Graph search Verified email addresses Documents and metadata FOCA Brain
  • 31. passive recon: process notes • Native search functions will miss data (Facebook graph and LinkedIn search) • Hacker tools will miss data • Take ridiculously detailed notes • Don’t underestimate the importance of taking the time to use Google/Bing advanced search functions in new and creative ways • Be prepared to change objectives based on newly returned data • Take ridiculously detailed notes • Always be working towards an intelligence-product • Organize your notes so they will still make sense 30 days from now [ Evernote (local), Zim, Keepnote, etc.] • Some of our most interesting finds have fallen out of extremely tedious long term manual search methods.
  • 32. passive recon – mitigations [org.] - Be at least as knowledgeable as the attacker. - Perform passive recon against your own organization. - Do you know how you make money? - Where are your critical resources? What would be the death blow for the organization? - How would you plan an attack? - Acceptable Use policy (AUP) for social media - Monitoring of Social Media 1,2 - Public Affairs Office (PAO) - Is there a process for the public release of information. Are there people involved other than sales and marketing? How do they handle metadata? - Use the free monitoring tools: - google alerts, yahoo pipes, RSS readers - twitter search, social media APIs - SearchDiggity - Consider one or more paid services 3 1. 2. 3. http://sproutsocial.com/features/social-media-monitoring http://www.cnn.com/2013/09/14/us/california-schools-monitor-social-media/index.html https://pwnedlist.com/services
  • 33. passive recon – mitigations [individual] - LinkedIn security settings - Keep your connections private. [Really annoying when enumerating] - Avoid connections with people you have never met. [mutual connections != trust ] - Do not publish email information. [Make it difficult to map out your digital footprint] - Facebook privacy settings - Don’t allow followers - Avoid public posts like the plague. [ We personally monitor and analyze these daily for long term engagements] - Avoid routinely checking in at your work address! - Avoid those hookah pictures [ No one will ever believe that it was flavored tobacco anyway .. cmon man ] - Vanity is an attackers best friend ... truly my favorite sin. - Forums - How much are you revealing about technologies you use? - Bugs in the software? - Maintenance periods? - Organizational deficiencies?
  • 34. further reading 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. http://www.irongeek.com/i.php?page=videos/derbycon3/2304-practical-osint-shane-macdougall http://www.irongeek.com/i.php?page=videos/derbycon2/1-2-2-jordan-harbinger-social-engineeringdefense-contractors-on-linkedin-and-facebook-whos-plugged-into-your-employees http://www.irongeek.com/i.php?page=videos/derbycon2/1-1-6-rob-fuller-chris-gates-dirty-little-secretspart-2 http://raidersec.blogspot.com/2012/12/automated-open-source-intelligence.html http://maltego.blogspot.com/ http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://www.informatica64.com/foca.aspx http://www.sans.org/reading-room/whitepapers/privacy/document-metadata-the-silent-killer-32974?show=document-metadata-the-silent-killer--32974&cat=privacy https://secdiary.com/forensics/social-network-analysis-and-object-attribution-with-maltego-3/ http://dataiku.com/blog/2012/12/07/visualizing-your-linkedin-graph-using-gephi-part-1.html http://socnetv.sourceforge.net/index.html http://www.express.co.uk/news/uk/434636/Hackers-target-patient-records https://www.ethicalhacker.net/columns/gates/maltego-part-ii-infrastructure-enumeration http://www.youtube.com/watch?v=3zlbUck_BLk&feature=share&list=PLC9DB3E7C258CD215 http://rr.reuser.biz/ Silent Warfare “Understanding the World of Intelligence”, Abram N. Shulsky, Gary J. Schmitt http://www.wolframalpha.com/facebook/ https://top-hat-sec.com/forum/index.php?topic=3175.0 http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ http://www.csoonline.com/article/737662/dating-guru-resurrects-robin-sage-by-social-engineering-tssci-holders-on-linkedin?source=csosotd http://engineering.linkedin.com/linkedinlabs/ http://resources.infosecinstitute.com/peeping-the-social-media/
  • 35. What else are we working on? November 1-2 2013 RYAN WINCEY - Java Shellcode Execution MICHEAL RESKI - Using MLP to classify Encrypted Network Traffic
  • 37. passive recon – baseline data Gathering baseline information for understanding the organization / business – ACTION: Scouring publicly available web resources to gather: – • Mission statement and purpose • Products and services available • Key Leadership [Command Structure / C-level executives] • POC information [ Public facing contacts or forms] • Key partnerships • Market Vertical • Network Footprint • Documents and metadata • Web resources • Seed accounts for personnel TOOLS / RESOURCES: • • • • • • • • • • • • • • • Public facing web pages and portals Corporate pages EDGAR online database SEC filings Org charts Maltego Search engines (advanced operators) Robtex / CentralOps / deepmagic (coming soon!) Warrick Internet Archives Document archives FOCA Facebook graph search Yatedo.com Spokeo.com
  • 38. osint - human targets Harvesting, mapping, and categorizing human targets – ACTION: gathering and analyzing data to create target packages • • • • • Publicly available social media profiles [pedigree, private email, role, responsibility, org, etc.] Existing connections within artificial accounts [seed accounts] News articles [recent projects, milestones, promotions, awards etc.] Blogs and other forms of online publications [information leakage, physical addresses, phone #s] Alumni pages [friendships, hobbies, habits, sports] – TOOLS • • • • • • • • • • • • • • • • • Search engines (Google, Bing, Baidu, Duck Duck Go, Blekko, Yandex, etc.) Facebook graph and LinkedIn search functions Automated scripts Yatedo Spokeo PiPL Recon-ng Foca Scythe Maltego Namechk.com Wayback machine Google cache SearchDiggity Paste sites TheHarvester Uberharvester
  • 39. osint – detailed data Gathering detailed information for understanding products, services, processes, technologies used, critical resources, markets, partnerships, and competitors • ACTION: Gathering and analyzing data from: – – – – – – – • Spidered web content [services/products offered, external links (partners), etc.] Publicly available documents [metadata: users, IPs, OS, email, printers, etc.)] Social media pages [latest product offerings and announcements, partners, fans, key personnel] News releases and marketing announcements [ new products, defective products, lawsuits, hirings.firings, acquisitions] Trade publications [employee/departmental highlights, technical product specifications, products or technologies used] Job announcements [technologies used, skill shortages, under staffed departments] Forum postings [email addresses, technologies used, information leakage, deficient areas] TOOLS / RESOURCES: – – – – – – – – – Search Engines (Google, Bing, Baidu, Duck Duck Go, Blekko, etc.) FOCA (document collection and metadata analysis) SearchDiggity (google dorks, document collection and analysis) SiteDigger (google dorks, document collection and analysis) Recon-Ng Goofile Metagoofil Httrack / ZED attack proxy / Burp / wget / curl Maltego
  • 40. osint - products • Products include – Users categorized according to: • • • • Role / Responsibility Organization Time in position Physical location – Email addresses – Vulnerable product/technology used – Spear fishing themes [recent promotion, new requirement, gossip, new acquisition etc.] – Communication patterns amongst employees or partners – Social Engineering script based on good/bad user habits/interests – Target subnets, hosts, applications – Vulnerable web page / form – Protected or default web pages – Sensitive documents – Building layouts – Cohabitants – Threat vectors / Agents – Password policy – Hub users – Bridged users
  • 41. footprinting – process notes • Don’t underestimate the importance of **native** administrative tools • Understand exactly what a tool will do before you run it – – – – – What are you after? What Snort signatures may fire? What kind of load does it put on the target system What is the frequency of requests? For web requests, what User agents are used? • Investigate **every** finding no matter how esoteric • Take ridiculously detailed notes [ date, time, tool used, command run, switches used, file saved ] • Organize your notes so they will still make sense 30 days from now [ Evernote (local), Zim, Keepnote, etc.] • Mind your surroundings – – – – Is this system in scope? What makes this system an attractive target? Should I trust my results? Do they make sense? What do I hope to gain? PHI, PII, beachhead, user credentials?
  • 42. footprinting – detailed data Foot printing the organization and its partners (external / internal) – ACTION: gathering and analyzing data from: • • • • • Discovered subnets and hosts Running services and applications Open ports Hostnames (forward/reverse DNS) Protection mechanisms – TOOLS • • • • • • • • • • • • • • Maltego [ hostnames, IPs, subnets, and much more ] WHOIS / WHOIS by IP nslookup / dig / fierce / dnsrecon / dnsenum / deepmagic / robtex [ DNS ] Goohost [ target hosts ] recon-ng [ target hosts, subnets, users, and more ] Portqry [ port scanning ldap, smb, smtp, mssql, netbios, rpc, isa ] nmap / nse scripts [ port scanning, enumeration, banner grabbing ] Msf [ port scanning, enumeration ] Sqlmap / burp suite / zed attack proxy / nikto / w3af / skipfish / dirbuster [ web apps ] Nessus / OpenVAS [ vulnerability scanning ] Winfo / enum / nbtscan / nbtdump / nbtenum / net commands [ smb enumeration ] Ike scan [ vpn scanning and enumeration ] Smtp_enum_user [ smpt user identification ] Blue Pill / Red Pill
  • 43. footprinting - products • Products include – Hostnames – Hosts categorized according to: • • • – – – – – – – – – – – – – – – – – – Program of record (PORs) Function (workstation, database, application, name server, mail server, etc.) Trust relationships Open ports Misconfigured services Interesting error messages Unpatched systems and/or applications Vulnerable web applications Lockout thresholds Major/Minor version numbers Email addresses Outdated systems Test systems Default credentials Virtualization platforms / systems Load Balancers Web application firewalls Internal IP address space Trust relationships Nature and frequency of communications between systems Host and Network based protection mechanisms