Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

OWASP Sofia
May 09, 2019
Technology
0
310

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

A real-world pentester talks about OSINT - Open Source Intelligence - the exploration of various techniques and tools for one of the most important parts of every penetration test - the information gathering.

Angel Bochev is Offensive Security Certified Professional (OSCP) since 2016; is a CTF player; has 12+ years of networking/sysadmin experience; currently working in the InfoSec team at PROS.

OWASP Sofia

May 09, 2019
Tweet

More Decks by OWASP Sofia

See All by OWASP Sofia
[OWASP Sofia] Svetlin Nakov - Compromising Modern Online Banking Apps through Hijacking Android Device (27th of March, 2021)
owaspsofia
0
260
[OWASP Sofia] Dimitar Boyanov - XSS Attacks and Defenses (27th of April, 2021)
owaspsofia
1
260
[OWASP Sofia] Dan Cornell - AppSec Fast and Slow: Your DevSecOps CI⁄CD Pipeline Isn’t an SSA Program (July 27th, 2021)
owaspsofia
0
230
[OWASP Sofia] Atanas Pashov - Pros n Cons of Penetration Testing (June 27th, 2019)
owaspsofia
0
250

Other Decks in Technology

See All in Technology
Four keys改善の取り組み事例紹介
sansantech
PRO
2
230
AIQ株式会社 エンジニア向け会社紹介資料
aiqlab
0
360
強みを伸ばすキャリアデザイン
yug1224
0
200
クラウドサインにおけるプロダクトマネージャーの役割と開発プロセス / 20240410_cloudsign-PdM
bengo4com
1
670
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.5k
アプリがつくるNOT A HOTELブランド
hokuts
0
450
[PlatformCon 24] Platform Orchestrators: The Missing Middle of Internal Developer Platforms?
danielbryantuk
0
170
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
1
2.9k
少数チームで挑む: SwiftUI, TCA, KMPを用いた 新規動画配信アプリ 「ABEMA Live」の開発について
tomu28
0
530
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
転移学習とドメイン適応の基礎
kmatsui
2
570
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
140

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
318
37k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Fontdeck: Realign not Redesign
paulrobertlloyd
75
4.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
118
38k
The Power of CSS Pseudo Elements
geoffreycrofte
58
5k
Atom: Resistance is Futile
akmur
258
25k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
5
1.5k
KATA
mclloyd
14
12k
Designing for humans not robots
tammielis
247
25k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Being A Developer After 40
akosma
56
580k
Mobile First: as difficult as doing things right
swwweet
216
8.6k

Transcript

  1. Penetration testing: OSINT OSINT from a Penetration Test Perspective

  2. About me: • I <3 Linux • Network admin /

    Sysadmin / Infrastructure • OSCP • Now in the InfoSec team at Pros, Penetration Tester [email protected] Twitter: @angelbochev LinkedIn: https://www.linkedin.com/in/angelbochev/

  3. What is OSINT? • “data collected from publicly available sources

    to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).” Wikipedia

  4. What is “Penetration test” • “A penetration test, colloquially known

    as a pen test, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.” Wikipedia

  5. How is OSINT used in Penetration tests? • Social engineering

    – collect info on the target company, employees, partners, social media • Network assessments: discover assets, public code • Physical engagements: Physical locations, neighbours, etc.

  6. How it’s done? Drum roll…

  7. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( )

  8. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with basic piece of information: company name, email, phone number, etc.

  9. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with a basic piece of information: company name, email, phone number, etc. • We continue to individually further research every other interesting piece of information we encounter, that will help us with the pentest.

  10. What is interesting information? Depending on what’s our goal, that

    could be: • Network info – DNS, subnets, BGP peers, etc. • Company/personal information: emails, pictures, social media accounts, documents • Leaked secrets: passwords, API keys, confidential information.

  11. Tools for general search: • Bing! • DuckDuckGo • Google

    • Archive.org / Wayback machine • Wolfram Alfa

  12. Social media: • Facebook • Instagram • Twitter • https://namechk.com/

    Etc

  13. DNS Search • https://domainbigdata.com • https://securitytrails.com • https://dnsdumpster.com/ • https://hackertarget.com/

  14. IP Information • https://ipv4info.com/ • https://shodan.io

  15. Email addresses: • TheHarvester (https://github.com/laramies/theHarvester) • Hunter.io • Github commits

    • pastebin

  16. OSINT Automation • Recon-ng

  17. More resources: • OSINT Framework: https://osintframework.com/ • Awesome OSINT: https://github.com/jivoi/awesome-osint

    • OWASP Penetration Testing Methodologies: https://www.owasp.org/index.php/Penetration_t esting_methodologies

  18. DEMO TIME!