SlideShare a Scribd company logo

hacking techniques and intrusion techniques useful in OSINT.pptx

Download as PPTX, PDF
S
sconalbg

Cyber reconnaissance related to OSINT. This course emphaises on the importance of reconnaisance and e-discovery , along with hacking techniques along with intrusion detection. This is a very useful course on this subject which will help many students to understand the basic concepts of cyber ssecurity and cyber intelligence.

Technology
1 of 46
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
# whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
Reconnaissance (RECON) With great knowledge, comes successful attacks!
Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
Corporate – Electronic • Document Metadata • Marketing Communications 14
Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
Individual - History • Court Records • Political Donations • Professional licenses or registries 17
Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
Cree.py 20
Cree.py 21
Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
Maltego 24
Maltego 25
NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
NetGlub 27
NetGlub 28
NetGlub 29
TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
Archived Information 35
Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
Metadata leakage - Foundstone SiteDigger 39
Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
Individual - Physical Location • Physical Location 41
Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
Sloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
MahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
Sam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
Sam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 

Recommended

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
Sloan Carne
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
MahdiHasanSowrav
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
Sam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
Sam Bowne
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
Satria Ady Pradana
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
Satria Ady Pradana
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
Academy of Science of South Africa (ASSAf)
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Sean Whalen
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
Osama Ellahi
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
Ina Smith
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurity
AliAlwesabi
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
Dimitri McKay - CISSP
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
AlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
Splunk
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
Anjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
EndgameInc
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
APNIC
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...
Sylvain Zimmer
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
Wangolo Joel
 
internet
internetinternet
internet
Rajender Singh Oberoi
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation
Gianna Passarelli
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 

More Related Content

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx

Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
AlfredObia1
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
Splunk
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
EndgameInc
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 

Similar to hacking techniques and intrusion techniques useful in OSINT.pptx (20)

Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Foot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurityFoot printing as phase of Hacking in cybersecurity
Foot printing as phase of Hacking in cybersecurity
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...The original vision of Nutch, 14 years later: Building an open source search ...
The original vision of Nutch, 14 years later: Building an open source search ...
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanation
 
internet
internetinternet
internet
 
Mis 450 final presentation
Mis 450 final presentation Mis 450 final presentation
Mis 450 final presentation
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 

Recently uploaded

Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in Technology
UXDXConf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Motion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in TechnologyMotion for AI: Creating Empathy in Technology
Motion for AI: Creating Empathy in Technology
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 

hacking techniques and intrusion techniques useful in OSINT.pptx

  • 1. Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail
  • 2. All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
  • 3. # whoami • Ali Al-Shemery • Ph.D., MS.c., and BS.c., Jordan • More than 14 years of Technical Background (mainly Linux/Unix and Infosec) • Technical Instructor for more than 10 years (Infosec, and Linux Courses) • Hold more than 15 well known Technical Certificates • Infosec & Linux are my main Interests 3
  • 5. Outline - Reconnaissance • Intelligence Gathering • Target Selection • Open Source Intelligence (OSINT) • Covert Gathering • Footprinting 5
  • 6. Intelligence Gathering • What is it • Why do it • What is it not • Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 6
  • 7. Target Selection • Identification and Naming of Target • Consider any Rules of Engagement limitations • Consider time length for test • Consider end goal of the test 7
  • 8. Open Source Intelligence (OSINT) • Simply, it’s locating, and analyzing publically (open) available sources of information. • Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. - OSINT is not only web searching! 8
  • 9. Open Source Intelligence (OSINT) Takes three forms: • Passive Information Gathering • Semi-passive Information Gathering • Active Information Gathering Used for: • Corporate • Individuals 9
  • 10. Corporate - Physical • Locations – Public sites can often be located by using search engines such as: – Google, Yahoo, Bing, Ask.com, Baidu, Yandex, Guruji, etc • Relationships 10
  • 11. Corporate - Logical • Business Partners • Business Clients • Competitors • Product line • Market Vertical • Marketing accounts • Meetings • Significant company dates • Job openings • Charity affiliations • Court records • Political donations • Professional licenses or registries 11
  • 12. Job Openings Websites • Bayt, http://bayt.com • Monster, http://www.monster.com • CareerBuilder, http://www.careerbuilder.com • Computerjobs.com, http://www.computerjobs.com • Indeed, LinkedIn, etc 12
  • 13. Corporate – Org. Chart • Position identification • Transactions • Affiliates 13
  • 14. Corporate – Electronic • Document Metadata • Marketing Communications 14
  • 15. Corporate – Infrastructure Assets • Network blocks owned • Email addresses • External infrastructure profile • Technologies used • Purchase agreements • Remote access • Application usage • Defense technologies • Human capability 15
  • 16. Corporate – Financial • Reporting • Market analysis • Trade capital • Value history 16
  • 17. Individual - History • Court Records • Political Donations • Professional licenses or registries 17
  • 18. Individual - Social Network (SocNet) Profile • Metadata Leakage • Tone • Frequency • Location awareness • Social Media Presence 18
  • 19. Location Awareness - Cree.py • Cree.py is an open source intelligence gathering application. • Can gather from Twitter. • Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com. 19
  • 22. Individual - Internet Presence • Email Address • Personal Handles/Nicknames • Personal Domain Names registered • Assigned Static IPs/Netblocks 22
  • 23. Maltego • Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated. • It saves you time by automating tasks such as email harvesting and mapping subdomains. 23
  • 26. NetGlub • NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego). • Consists of: Master, Slave, and GUI 26
  • 30. TheHarvester • TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). DEMO: • ./theHarvester.py -d linuxac.org -l 500 - b google 30
  • 31. Social Networks • Check Usernames - Useful for checking the existence of a given username across 160 Social Networks. • http://checkusernames.com/ 31
  • 32. Social Networks Newsgroups • Google - http://www.google.com • Yahoo Groups - http://groups.yahoo.com Mail Lists • The Mail Archive - http://www.mail- archive.com 32
  • 33. Audio / Video Audio • iTunes, http://www.apple.com/itunes • Podcast.com, http://podcast.com • Podcast Directory, http://www.podcastdirectory.com Video • YouTube, http://youtube.com • Yahoo Video, http://video.search.yahoo.com • Bing Video, http://www.bing.com/ • Vemo, http://vemo.com 33
  • 34. Archived Information • There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. • Being able to access archived copies of this information allows access to past information. • Perform Google searches using specially targeted search strings: cache:<site.com> • Use the archived information from the Wayback Machine (http://www.archive.org). 34
  • 36. Metadata leakage • The goal is to identify data that is relevant to the target corporation. • It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts. • Examples: – ixquick - http://ixquick.com – MetaCrawler - http://metacrawler.com – Dogpile - http://www.dogpile.com – Search.com - http://www.search.com – Jeffery's Exif Viewer - http://regex.info/exif.cgi 36
  • 37. Metadata leakage - FOCA • FOCA is a tool that reads metadata from a wide range of document and media formats. • FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses. • DEMO (WinXP VM_Box) 37
  • 38. Metadata leakage - Foundstone SiteDigger • Foundstone has a tool, named SiteDigger, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and Foundstone Database (FSDB). 38
  • 40. Metadata leakage - Metagoofil • Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods) available on the client's websites. • Metagoofil generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata. 40
  • 41. Individual - Physical Location • Physical Location 41
  • 42. Individual - Mobile Footprint • Phone # • Device type • Installed applications 42
  • 43. Covert Gathering - Corporate On-Location Gathering • Physical security inspections • Wireless scanning / RF frequency scanning • Employee behavior training inspection • Accessible/adjacent facilities (shared spaces) • Dumpster diving • Types of equipment in use Offsite Gathering • Data center locations • Network provisioning/provider 43
  • 44. Other Gathering Forms Human Intelligence (HUMINT) • Methodology always involves direct interaction - whether physical, or verbal. • Gathering should be done under an assumed identity (remember pretexting?). – Key Employees – Partners/Suppliers 44
  • 45. Other Gathering Forms Signals Intelligence (SIGINT): • Intelligence gathered through the use of interception or listening technologies. • Example: – Wired/Wireless Sniffer – TAP devices 45
  • 46. Other Gathering Forms Imagery Intelligence (IMINT): • Intelligence gathered through recorded imagery, i.e. photography. • IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents). 46