Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[OWASP Sofia] Angel Bochev - Penetration Testin...

OWASP Sofia
May 09, 2019
Technology
1
350

[OWASP Sofia] Angel Bochev - Penetration Testing: OSINT (May 9th, 2019)

A real-world pentester talks about OSINT - Open Source Intelligence - the exploration of various techniques and tools for one of the most important parts of every penetration test - the information gathering.

Angel Bochev is Offensive Security Certified Professional (OSCP) since 2016; is a CTF player; has 12+ years of networking/sysadmin experience; currently working in the InfoSec team at PROS.

OWASP Sofia

May 09, 2019
Tweet

More Decks by OWASP Sofia

See All by OWASP Sofia
[OWASP Sofia] Svetlin Nakov - Compromising Modern Online Banking Apps through Hijacking Android Device (27th of March, 2021)
owaspsofia
0
320
[OWASP Sofia] Dimitar Boyanov - XSS Attacks and Defenses (27th of April, 2021)
owaspsofia
1
320
[OWASP Sofia] Dan Cornell - AppSec Fast and Slow: Your DevSecOps CI⁄CD Pipeline Isn’t an SSA Program (July 27th, 2021)
owaspsofia
0
290
[OWASP Sofia] Atanas Pashov - Pros n Cons of Penetration Testing (June 27th, 2019)
owaspsofia
0
320

Other Decks in Technology

See All in Technology
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
210
CDCL による厳密解法を採用した MILP ソルバー
imai448
3
140
AGIについてChatGPTに聞いてみた
blueb
0
130
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
100
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
150
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
13k
アジャイルでの品質の進化 Agile in Motion vol.1/20241118 Hiroyuki Sato
shift_evolve
0
170
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
160
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
73
9.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
RailsConf 2023
tenderlove
29
900
Making the Leap to Tech Lead
cromwellryan
133
8.9k
How to Ace a Technical Interview
jacobian
276
23k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Being A Developer After 40
akosma
87
590k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Side Projects
sachag
452
42k
Rails Girls Zürich Keynote
gr2m
94
13k

Transcript

  1. Penetration testing: OSINT OSINT from a Penetration Test Perspective

  2. About me: • I <3 Linux • Network admin /

    Sysadmin / Infrastructure • OSCP • Now in the InfoSec team at Pros, Penetration Tester [email protected] Twitter: @angelbochev LinkedIn: https://www.linkedin.com/in/angelbochev/

  3. What is OSINT? • “data collected from publicly available sources

    to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources).” Wikipedia

  4. What is “Penetration test” • “A penetration test, colloquially known

    as a pen test, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.” Wikipedia

  5. How is OSINT used in Penetration tests? • Social engineering

    – collect info on the target company, employees, partners, social media • Network assessments: discover assets, public code • Physical engagements: Physical locations, neighbours, etc.

  6. How it’s done? Drum roll…

  7. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( )

  8. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with basic piece of information: company name, email, phone number, etc.

  9. How it’s done? • With your favorite browser, mostly. (sorry,

    IE :( ) • Starts with a basic piece of information: company name, email, phone number, etc. • We continue to individually further research every other interesting piece of information we encounter, that will help us with the pentest.

  10. What is interesting information? Depending on what’s our goal, that

    could be: • Network info – DNS, subnets, BGP peers, etc. • Company/personal information: emails, pictures, social media accounts, documents • Leaked secrets: passwords, API keys, confidential information.

  11. Tools for general search: • Bing! • DuckDuckGo • Google

    • Archive.org / Wayback machine • Wolfram Alfa

  12. Social media: • Facebook • Instagram • Twitter • https://namechk.com/

    Etc

  13. DNS Search • https://domainbigdata.com • https://securitytrails.com • https://dnsdumpster.com/ • https://hackertarget.com/

  14. IP Information • https://ipv4info.com/ • https://shodan.io

  15. Email addresses: • TheHarvester (https://github.com/laramies/theHarvester) • Hunter.io • Github commits

    • pastebin

  16. OSINT Automation • Recon-ng

  17. More resources: • OSINT Framework: https://osintframework.com/ • Awesome OSINT: https://github.com/jivoi/awesome-osint

    • OWASP Penetration Testing Methodologies: https://www.owasp.org/index.php/Penetration_t esting_methodologies

  18. DEMO TIME!