Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

OWASP Sofia
May 09, 2019
Technology
0
260

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

A real-world pentester talks about OSINT - Open Source Intelligence - the exploration of various techniques and tools for one of the most important parts of every penetration test - the information gathering.

Angel Bochev is Offensive Security Certified Professional (OSCP) since 2016; is a CTF player; has 12+ years of networking/sysadmin experience; currently working in the InfoSec team at PROS.

OWASP Sofia

May 09, 2019
Tweet

More Decks by OWASP Sofia

See All by OWASP Sofia
[OWASP Sofia] Svetlin Nakov - Compromising Modern Online Banking Apps through Hijacking Android Device (27th of March, 2021)
owaspsofia
0
190
[OWASP Sofia] Dimitar Boyanov - XSS Attacks and Defenses (27th of April, 2021)
owaspsofia
1
200
[OWASP Sofia] Dan Cornell - AppSec Fast and Slow: Your DevSecOps CI⁄CD Pipeline Isn’t an SSA Program (July 27th, 2021)
owaspsofia
0
170
[OWASP Sofia] Atanas Pashov - Pros n Cons of Penetration Testing (June 27th, 2019)
owaspsofia
0
190

Other Decks in Technology

See All in Technology
Compliance & Regulatory Standards Are NOT Incompatible With Modern Development Best Practices
charity
2
410
[Opening] DBRE Summit 2023
_awache
0
210
ComposeでリストUIをDraggableにする方法
mikanichinose
0
210
2023 Aug | #HackTogether Opening Keynote
nitya
0
730
【CEDEC2023】モバイルゲームのQA課題に組織でチャレンジ!〜子会社を跨いで挑戦するQA効率化の道のり〜
nitudon
0
210
【Web開発】モノリポボイラープレートを趣味でゴリゴリ作成した話
calloc134
1
160
Nutanix AHVでHYCUのポリシーの「オプション」をいろいろ触ってみた
keigotomomatsu
0
200
Sumo_Logic_でセキュリティ脅威分析をスマートに.pdf
cmsakumashogo
0
100
新人的ソフトウェアサバイバルガイド:荒野に向かい、瓦礫にぶつかり、迷子になり、広野に赴く
notchman8600
1
180
『家族アルバム みてね』で計測しているSLIの事例 / SLI as measured in FamilyAlbum
isaoshimizu
1
460
短期でも濃くてアツい日経の新卒エンジニア研修/onbording
nishiuma
0
170
OSSライブラリの呪縛と解放戦略
akkie76
1
410

Featured

See All Featured
Debugging Ruby Performance
tmm1
68
11k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
840
Making the Leap to Tech Lead
cromwellryan
119
8k
BBQ
matthewcrist
76
8.4k
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
How to train your dragon (web standard)
notwaldorf
69
4.6k
How to name files
jennybc
56
83k
A Modern Web Designer's Workflow
chriscoyier
688
190k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.1k
Happy Clients
brianwarren
92
6k
The Cost Of JavaScript in 2023
addyosmani
6
1.2k

Transcript

  1. Penetration testing: OSINT
    OSINT from a Penetration Test
    Perspective

    View Slide

  2. About me:
    • I <3 Linux
    • Network admin / Sysadmin / Infrastructure
    • OSCP
    • Now in the InfoSec team at Pros, Penetration Tester
    [email protected]
    Twitter: @angelbochev
    LinkedIn: https://www.linkedin.com/in/angelbochev/

    View Slide

  3. What is OSINT?
    • “data collected from publicly available sources
    to be used in an intelligence context. In the
    intelligence community, the term "open" refers
    to overt, publicly available sources (as opposed
    to covert or clandestine sources).”
    Wikipedia

    View Slide

  4. What is “Penetration test”
    • “A penetration test, colloquially known as a
    pen test, is an authorized simulated
    cyberattack on a computer system, performed
    to evaluate the security of the system.”
    Wikipedia

    View Slide

  5. How is OSINT used in Penetration tests?
    • Social engineering – collect info on the target
    company, employees, partners, social media
    • Network assessments: discover assets, public
    code
    • Physical engagements: Physical locations,
    neighbours, etc.

    View Slide

  6. How it’s done?
    Drum roll…

    View Slide

  7. How it’s done?
    • With your favorite browser, mostly. (sorry, IE :( )

    View Slide

  8. How it’s done?
    • With your favorite browser, mostly. (sorry, IE :( )
    • Starts with basic piece of information: company
    name, email, phone number, etc.

    View Slide

  9. How it’s done?
    • With your favorite browser, mostly. (sorry, IE :( )
    • Starts with a basic piece of information:
    company name, email, phone number, etc.
    • We continue to individually further research
    every other interesting piece of information we
    encounter, that will help us with the pentest.

    View Slide

  10. What is interesting information?
    Depending on what’s our goal, that could be:
    • Network info – DNS, subnets, BGP peers, etc.
    • Company/personal information: emails, pictures,
    social media accounts, documents
    • Leaked secrets: passwords, API keys, confidential
    information.

    View Slide

  11. Tools for general search:
    • Bing!
    • DuckDuckGo
    • Google
    • Archive.org / Wayback machine
    • Wolfram Alfa

    View Slide

  12. Social media:
    • Facebook
    • Instagram
    • Twitter
    • https://namechk.com/
    Etc

    View Slide

  13. DNS Search
    • https://domainbigdata.com
    • https://securitytrails.com
    • https://dnsdumpster.com/
    • https://hackertarget.com/

    View Slide

  14. IP Information
    • https://ipv4info.com/
    • https://shodan.io

    View Slide

  15. Email addresses:
    • TheHarvester
    (https://github.com/laramies/theHarvester)
    • Hunter.io
    • Github commits
    • pastebin

    View Slide

  16. OSINT Automation
    • Recon-ng

    View Slide

  17. More resources:
    • OSINT Framework: https://osintframework.com/
    • Awesome OSINT:
    https://github.com/jivoi/awesome-osint
    • OWASP Penetration Testing Methodologies:
    https://www.owasp.org/index.php/Penetration_t
    esting_methodologies

    View Slide

  18. DEMO TIME!

    View Slide