SlideShare une entreprise Scribd logo

Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology

Télécharger en tant que PPTX, PDF
A
Angelo Alviar

Released in 2018

Technologie
1  sur  20
OSINT FOR TARGETED ATTACKS OPEN SOURCE INTELLIGENCE | ANGELO ALVIAR
WHAT IS OSINT? Publicly available (valuable) information that is gathered through open source tools This information can be used for targeted attacks
END GOAL OF OSINT PHASE • Collected information on usernames, passwords, emails, and subdomains • Passive reconnaissance – target/victim should never see it coming • Enough to move on to get an initial foothold for a targeted attack
SHODAN • Searches for publicly connected devices • Routers, servers, firewalls, SCADA • Can be searched by IP • Finds open ports • Includes Hostname, OS, Geo-location
SHODAN FOR TARGETED ATTACKS • Simple query will show everything seen by Shodan in the US • Can identify their external infrastructure without ever sending a packet • Use ms17-010 (EternalBLUE) to exploit SMB on port 445
SHODAN DEMO • Let’s “show Dan” how to do some OSINT…
MALTEGO (DEVELOPED BY PATERVA) • Used for OSINT/Digital Forensics • Paid/licensed tool, but free community edition on Kali Linux • Focuses on data discovery, visualization, link analysis, and data mining • Also…really good for stalking people! • (Disclaimer: Don’t do it though. Please. You didn’t hear it from me.)
MALTEGO DEMO • Let’s Malte”go” and do this demo…ha...
PIPL • “The world’s largest people search engine” • Can be used to find emails, usernames, phone numbers, addresses, etc. • Simplifies the whole process of googling a person
PIPL DEMO • Let’s try to find out some “pipl’s” email addresses, phone numbers, usernames
GOOGLE DORKING • Technique that uses Google Search filters to find specific information • Filters reveal security holes: publicly facing domains that contain sensitive information
GOOGLE DORKING DEMO • Let’s get hands on… (P.S Sorry for all the “dork”y puns!”) • https://www.exploit-db.com/google-hacking-database/ • inurl:”/adfs/ls/” intitle:”Sign In” • inurl:pastebin.com AND intext:@gmail.com AND intext:password
DATA DUMPS • With Google Dorking, you can find lots of password dumps • There are multiple other sources for data dumps at an attacker’s disposal: • Live dumps - https://twitter.com/dumpmon?lang=en • Pastebin dumps - https://psbdmp.ws/dumps • Data breach search engine - https://weleakinfo.com/ • (Disclaimer: ONLY USE THIS FOR RESEARCH!) • Passwords are hard to remember • Many people use the same password for multiple accounts
LINKEDIN • Not just a professional networking website • We can utilize LinkedIn to research individuals, and specifically those who work at a specific company • Can be used further for spear phishing attacks
EMAIL GATHERING • Let’s say you found a target on LinkedIn • We need to figure out the naming convention/structure of email addresses of your targeted company • https://hunter.io/
WHAT’S NEXT? • During our OSINT phase, we were able to gather information about users, passwords, emails, and subdomains without ever directly touching their network • Now, we can move on to Active Reconnaissance • Active Reconnaissance – subdomain/directory bruteforcing, nmap scans • OR we can move on to the actual targeted attack – without ever making any “noise” on their network beforehand
TARGETED ATTACKS • Spearphishing • Typosquatting a similar domain (Microsoft.com -> Mircosoft.com) • Social Engineering Toolkit • Credential Harvesting • Password spraying • Trying one password on multiple emails • Example: Fall2018!
PUTTING IT ALL TOGETHER – TARGETING A PERSON • Let’s hypothetically target Angelo Alviar
PUTTING IT ALL TOGETHER – TARGETING A COMPANY • Let’s hypothetically target example.com

Recommandé

Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesreconvillage
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 

Recommandé

Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Rv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesRv defcon25 osint tactics on source code intelligence - simon roses
Rv defcon25 osint tactics on source code intelligence - simon rosesreconvillage
 
Nmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationNmapper theHarvester OSINT Tool explanation
Nmapper theHarvester OSINT Tool explanationWangolo Joel
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
Osint ashish mistry
Osint ashish mistryOsint ashish mistry
Osint ashish mistryn|u - The Open Security Community
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Canary tokens
Canary tokensCanary tokens
Canary tokensMuhammadusmanRana10
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app developmentDusan Klinec
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 

Contenu connexe

Tendances

Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app developmentDusan Klinec
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 

Tendances (14)

Maltego
MaltegoMaltego
Maltego
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Canary tokens
Canary tokensCanary tokens
Canary tokens
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
 
Hacking
HackingHacking
Hacking
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 

Similaire à Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestPawel Rzepa
 
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)PROIDEA
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan nullRaghunath G
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gatheringKZA
 

Similaire à Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology (20)

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Recon like a pro
Recon like a proRecon like a pro
Recon like a pro
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gathering
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 

Dernier

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Dernier (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology

  • 1. OSINT FOR TARGETED ATTACKS OPEN SOURCE INTELLIGENCE | ANGELO ALVIAR
  • 2. WHAT IS OSINT? Publicly available (valuable) information that is gathered through open source tools This information can be used for targeted attacks
  • 3. END GOAL OF OSINT PHASE • Collected information on usernames, passwords, emails, and subdomains • Passive reconnaissance – target/victim should never see it coming • Enough to move on to get an initial foothold for a targeted attack
  • 4. SHODAN • Searches for publicly connected devices • Routers, servers, firewalls, SCADA • Can be searched by IP • Finds open ports • Includes Hostname, OS, Geo-location
  • 5. SHODAN FOR TARGETED ATTACKS • Simple query will show everything seen by Shodan in the US • Can identify their external infrastructure without ever sending a packet • Use ms17-010 (EternalBLUE) to exploit SMB on port 445
  • 6. SHODAN DEMO • Let’s “show Dan” how to do some OSINT…
  • 7. MALTEGO (DEVELOPED BY PATERVA) • Used for OSINT/Digital Forensics • Paid/licensed tool, but free community edition on Kali Linux • Focuses on data discovery, visualization, link analysis, and data mining • Also…really good for stalking people! • (Disclaimer: Don’t do it though. Please. You didn’t hear it from me.)
  • 8. MALTEGO DEMO • Let’s Malte”go” and do this demo…ha...
  • 9. PIPL • “The world’s largest people search engine” • Can be used to find emails, usernames, phone numbers, addresses, etc. • Simplifies the whole process of googling a person
  • 10. PIPL DEMO • Let’s try to find out some “pipl’s” email addresses, phone numbers, usernames
  • 11. GOOGLE DORKING • Technique that uses Google Search filters to find specific information • Filters reveal security holes: publicly facing domains that contain sensitive information
  • 12.
  • 13. GOOGLE DORKING DEMO • Let’s get hands on… (P.S Sorry for all the “dork”y puns!”) • https://www.exploit-db.com/google-hacking-database/ • inurl:”/adfs/ls/” intitle:”Sign In” • inurl:pastebin.com AND intext:@gmail.com AND intext:password
  • 14. DATA DUMPS • With Google Dorking, you can find lots of password dumps • There are multiple other sources for data dumps at an attacker’s disposal: • Live dumps - https://twitter.com/dumpmon?lang=en • Pastebin dumps - https://psbdmp.ws/dumps • Data breach search engine - https://weleakinfo.com/ • (Disclaimer: ONLY USE THIS FOR RESEARCH!) • Passwords are hard to remember • Many people use the same password for multiple accounts
  • 15. LINKEDIN • Not just a professional networking website • We can utilize LinkedIn to research individuals, and specifically those who work at a specific company • Can be used further for spear phishing attacks
  • 16. EMAIL GATHERING • Let’s say you found a target on LinkedIn • We need to figure out the naming convention/structure of email addresses of your targeted company • https://hunter.io/
  • 17. WHAT’S NEXT? • During our OSINT phase, we were able to gather information about users, passwords, emails, and subdomains without ever directly touching their network • Now, we can move on to Active Reconnaissance • Active Reconnaissance – subdomain/directory bruteforcing, nmap scans • OR we can move on to the actual targeted attack – without ever making any “noise” on their network beforehand
  • 18. TARGETED ATTACKS • Spearphishing • Typosquatting a similar domain (Microsoft.com -> Mircosoft.com) • Social Engineering Toolkit • Credential Harvesting • Password spraying • Trying one password on multiple emails • Example: Fall2018!
  • 19. PUTTING IT ALL TOGETHER – TARGETING A PERSON • Let’s hypothetically target Angelo Alviar
  • 20. PUTTING IT ALL TOGETHER – TARGETING A COMPANY • Let’s hypothetically target example.com