Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[OWASP Sofia] Angel Bochev - Penetration Testin...

OWASP Sofia
May 09, 2019
Technology
1
350

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

A real-world pentester talks about OSINT - Open Source Intelligence - the exploration of various techniques and tools for one of the most important parts of every penetration test - the information gathering.

Angel Bochev is Offensive Security Certified Professional (OSCP) since 2016; is a CTF player; has 12+ years of networking/sysadmin experience; currently working in the InfoSec team at PROS.

OWASP Sofia

May 09, 2019
Tweet

More Decks by OWASP Sofia

See All by OWASP Sofia
[OWASP Sofia] Svetlin Nakov - Compromising Modern Online Banking Apps through Hijacking Android Device (27th of March, 2021)
owaspsofia
0
320
[OWASP Sofia] Dimitar Boyanov - XSS Attacks and Defenses (27th of April, 2021)
owaspsofia
1
320
[OWASP Sofia] Dan Cornell - AppSec Fast and Slow: Your DevSecOps CI⁄CD Pipeline Isn’t an SSA Program (July 27th, 2021)
owaspsofia
0
280
[OWASP Sofia] Atanas Pashov - Pros n Cons of Penetration Testing (June 27th, 2019)
owaspsofia
0
320

Other Decks in Technology

See All in Technology
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
0
140
2024年グライダー曲技世界選手権参加報告/2024 WGAC report
jscseminar
0
140
Autify Company Deck
autifyhq
1
39k
データ活用促進のためのデータ分析基盤の進化
takumakouno
2
120
Postmanの日本市場におけるDevRel (的) 活動 / Postman's DevRelish activities in Japan
yokawasa
1
110
Engineering at LY Corporation
lycorp_recruit_jp
0
160
dev 補講: プロダクトセキュリティ / Product security overview
wa6sn
0
1k
신뢰할 수 있는 AI 검색 엔진을 만들기 위한 Liner의 여정
huffon
0
530
ライブラリでしかお目にかかれない珍しい実装
mikanichinose
2
280
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
150
3次元点群データ「VIRTUAL SHIZUOKA』のオープンデータ化による恩恵と協働の未来/FOSS4G Japan 2024
kazz24s
0
110
エンジニアが一生困らない ドキュメント作成の基本
naohiro_nakata
2
100

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Automating Front-end Workflow
addyosmani
1366
200k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
What's new in Ruby 2.0
geeforr
343
31k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Statistics for Hackers
jakevdp
796
220k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
Side Projects
sachag
452
42k
Ruby is Unlike a Banana
tanoku
96
11k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
700

Transcript

  1. Penetration testing: OSINT OSINT from a Penetration Test Perspective

  2. About me: • I <3 Linux • Network admin /

    Sysadmin / Infrastructure • OSCP • Now in the InfoSec team at Pros, Penetration Tester [email protected] Twitter: @angelbochev LinkedIn: https://www.linkedin.com/in/angelbochev/

  3. What is OSINT? • “data collected from publicly available sources

    to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).” Wikipedia

  4. What is “Penetration test” • “A penetration test, colloquially known

    as a pen test, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.” Wikipedia

  5. How is OSINT used in Penetration tests? • Social engineering

    – collect info on the target company, employees, partners, social media • Network assessments: discover assets, public code • Physical engagements: Physical locations, neighbours, etc.

  6. How it’s done? Drum roll…

  7. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( )

  8. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with basic piece of information: company name, email, phone number, etc.

  9. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with a basic piece of information: company name, email, phone number, etc. • We continue to individually further research every other interesting piece of information we encounter, that will help us with the pentest.

  10. What is interesting information? Depending on what’s our goal, that

    could be: • Network info – DNS, subnets, BGP peers, etc. • Company/personal information: emails, pictures, social media accounts, documents • Leaked secrets: passwords, API keys, confidential information.

  11. Tools for general search: • Bing! • DuckDuckGo • Google

    • Archive.org / Wayback machine • Wolfram Alfa

  12. Social media: • Facebook • Instagram • Twitter • https://namechk.com/

    Etc

  13. DNS Search • https://domainbigdata.com • https://securitytrails.com • https://dnsdumpster.com/ • https://hackertarget.com/

  14. IP Information • https://ipv4info.com/ • https://shodan.io

  15. Email addresses: • TheHarvester (https://github.com/laramies/theHarvester) • Hunter.io • Github commits

    • pastebin

  16. OSINT Automation • Recon-ng

  17. More resources: • OSINT Framework: https://osintframework.com/ • Awesome OSINT: https://github.com/jivoi/awesome-osint

    • OWASP Penetration Testing Methodologies: https://www.owasp.org/index.php/Penetration_t esting_methodologies

  18. DEMO TIME!