Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,120 --> 00:00:01,650
Speaker: There is a lot of great information
2
00:00:01,650 --> 00:00:04,380
available online for free that can help you understand
3
00:00:04,380 --> 00:00:07,200
how a business or organization is operating.
4
00:00:07,200 --> 00:00:09,210
This information is just sitting out there
5
00:00:09,210 --> 00:00:11,040
waiting for you to find it.
6
00:00:11,040 --> 00:00:13,530
This information is considered open-source
7
00:00:13,530 --> 00:00:16,110
in the world of information and intelligence gathering
8
00:00:16,110 --> 00:00:19,050
if it comes from publicly available sources.
9
00:00:19,050 --> 00:00:21,960
Now, Open-Source Intelligence, also known as OSINT,
10
00:00:21,960 --> 00:00:24,240
is the collection and analysis of data gathered
11
00:00:24,240 --> 00:00:25,920
from publicly available sources
12
00:00:25,920 --> 00:00:28,290
to produce actionable intelligence.
13
00:00:28,290 --> 00:00:30,630
Open-source intelligence tools are often used
14
00:00:30,630 --> 00:00:32,430
to collect and analyze information
15
00:00:32,430 --> 00:00:34,890
that's already publicly available on the open web
16
00:00:34,890 --> 00:00:37,320
such as social media, blogs,
17
00:00:37,320 --> 00:00:39,450
newspapers, governmental records
18
00:00:39,450 --> 00:00:41,850
and academic and professional publications
19
00:00:41,850 --> 00:00:44,370
during your passive reconnaissance phase.
20
00:00:44,370 --> 00:00:47,430
For example, if the company puts out a new press release
21
00:00:47,430 --> 00:00:48,570
about an upcoming merger
22
00:00:48,570 --> 00:00:50,640
between themselves and another company,
23
00:00:50,640 --> 00:00:53,460
this information could become actionable intelligence
24
00:00:53,460 --> 00:00:55,560
in the hands of a penetration tester
25
00:00:55,560 --> 00:00:56,910
because they could use it to craft
26
00:00:56,910 --> 00:00:58,590
various social engineering attacks
27
00:00:58,590 --> 00:01:01,020
against those targeted organizations.
28
00:01:01,020 --> 00:01:03,090
Let's pretend that a physical penetration test
29
00:01:03,090 --> 00:01:04,739
was part of our engagement.
30
00:01:04,739 --> 00:01:06,660
Knowing that a company named SodaCo
31
00:01:06,660 --> 00:01:09,030
is about to undergo a merger with DrinkCo,
32
00:01:09,030 --> 00:01:12,330
that means that SodaCo might be seeing a lot of new faces
33
00:01:12,330 --> 00:01:15,360
in the offices as DrinkCo starts sending over people
34
00:01:15,360 --> 00:01:18,030
to learn all about SodaCo's operations.
35
00:01:18,030 --> 00:01:19,410
If you happen to put on a suit
36
00:01:19,410 --> 00:01:20,820
and print up some business cards
37
00:01:20,820 --> 00:01:22,440
that say you work for DrinkCo,
38
00:01:22,440 --> 00:01:23,790
well, you could probably walk right
39
00:01:23,790 --> 00:01:25,170
in the front door of SodaCo
40
00:01:25,170 --> 00:01:26,730
and have some helpful employees walk you
41
00:01:26,730 --> 00:01:30,060
directly into the data center if you play your cards right.
42
00:01:30,060 --> 00:01:32,310
Now similarly, this same press release
43
00:01:32,310 --> 00:01:34,470
might give you the names, phone numbers,
44
00:01:34,470 --> 00:01:37,020
emails, and positions of all the different people
45
00:01:37,020 --> 00:01:39,300
who are expecting to get questions from the press
46
00:01:39,300 --> 00:01:40,770
about this merger.
47
00:01:40,770 --> 00:01:43,080
So you could call it the person listed
48
00:01:43,080 --> 00:01:44,340
and start asking them questions
49
00:01:44,340 --> 00:01:46,620
about how SodaCo and DrinkCo's merger
50
00:01:46,620 --> 00:01:48,870
might affect their technical infrastructure.
51
00:01:48,870 --> 00:01:50,910
Are you going to be using SodaCo's network,
52
00:01:50,910 --> 00:01:53,460
DrinkCo's network, or a combination of both of these
53
00:01:53,460 --> 00:01:54,750
after the merger?
54
00:01:54,750 --> 00:01:57,810
Will there be any downsizing of redundant IT personnel?
55
00:01:57,810 --> 00:01:59,130
Are you already using the cloud
56
00:01:59,130 --> 00:02:01,620
or are you going to migrate your data centers into the cloud
57
00:02:01,620 --> 00:02:04,050
during the merger over the next few months?
58
00:02:04,050 --> 00:02:05,700
Most companies that put out press releases
59
00:02:05,700 --> 00:02:08,580
will be able to answer questions about them and their future
60
00:02:08,580 --> 00:02:10,650
so you can leverage this open-source intelligence
61
00:02:10,650 --> 00:02:13,290
to your advantage during your reconnaissance phase.
62
00:02:13,290 --> 00:02:15,480
Now, other types of open-source information
63
00:02:15,480 --> 00:02:17,370
includes things like job listings,
64
00:02:17,370 --> 00:02:19,860
metadata and website information.
65
00:02:19,860 --> 00:02:22,770
For example, simply reviewing the Companies About Us page
66
00:02:22,770 --> 00:02:25,200
on their website can give you some detailed information
67
00:02:25,200 --> 00:02:27,060
about executives at the company.
68
00:02:27,060 --> 00:02:29,370
If you really want to grab some important names,
69
00:02:29,370 --> 00:02:30,930
numbers and emails though,
70
00:02:30,930 --> 00:02:32,520
you should also check out the website
71
00:02:32,520 --> 00:02:34,770
that a company creates for its investors.
72
00:02:34,770 --> 00:02:37,590
These websites or pages off their main website
73
00:02:37,590 --> 00:02:40,290
are usually termed the investor relations site
74
00:02:40,290 --> 00:02:42,360
or investor relations portal.
75
00:02:42,360 --> 00:02:44,490
Now, for example, let's say you're going to conduct
76
00:02:44,490 --> 00:02:46,590
a penetration test against Udemy,
77
00:02:46,590 --> 00:02:48,420
the online educational platform.
78
00:02:48,420 --> 00:02:51,540
And you might want to go and visit investors.udemy.com
79
00:02:51,540 --> 00:02:54,510
as part of your open-source intelligence collection efforts.
80
00:02:54,510 --> 00:02:55,920
Here, you're going to see tabs
81
00:02:55,920 --> 00:02:57,450
with the latest press releases,
82
00:02:57,450 --> 00:02:59,940
event information, financial information,
83
00:02:59,940 --> 00:03:02,100
stock information, corporate governance,
84
00:03:02,100 --> 00:03:03,960
and shareholder resources.
85
00:03:03,960 --> 00:03:06,300
Now going to the corporate governance tab,
86
00:03:06,300 --> 00:03:07,710
you're going to find pages dedicated
87
00:03:07,710 --> 00:03:08,940
to their management team
88
00:03:08,940 --> 00:03:10,860
which consists of all of their executives,
89
00:03:10,860 --> 00:03:12,450
presidents and vice presidents
90
00:03:12,450 --> 00:03:14,340
as well as their board of directors.
91
00:03:14,340 --> 00:03:16,650
For each of these people, you can click on their photos
92
00:03:16,650 --> 00:03:18,990
and get additional profile information about them
93
00:03:18,990 --> 00:03:20,430
such as where they went to college,
94
00:03:20,430 --> 00:03:21,570
what degrees they earned,
95
00:03:21,570 --> 00:03:23,250
former companies they've worked for,
96
00:03:23,250 --> 00:03:25,620
and their focus area within the current organization.
97
00:03:25,620 --> 00:03:27,930
And in this case, that's Udemy.
98
00:03:27,930 --> 00:03:29,580
Now, using this information,
99
00:03:29,580 --> 00:03:31,770
you can really craft some detailed whaling emails
100
00:03:31,770 --> 00:03:33,750
against these executives and board members
101
00:03:33,750 --> 00:03:35,850
if that's within the engagement scope.
102
00:03:35,850 --> 00:03:37,230
Something I've learned over the years
103
00:03:37,230 --> 00:03:39,030
is that executives and board members
104
00:03:39,030 --> 00:03:41,370
tend to be extremely busy people.
105
00:03:41,370 --> 00:03:43,860
And because of this, they tend to fall for whaling,
106
00:03:43,860 --> 00:03:46,950
spear phishing and phishing emails at a much higher rate
107
00:03:46,950 --> 00:03:49,290
than a normal or regular employee would.
108
00:03:49,290 --> 00:03:50,490
At least that's what I've seen
109
00:03:50,490 --> 00:03:52,020
in my own real world engagements.
110
00:03:52,020 --> 00:03:53,940
Your mileage may vary.
111
00:03:53,940 --> 00:03:55,350
Now, blogs and social media
112
00:03:55,350 --> 00:03:57,720
are another great source of information too,
113
00:03:57,720 --> 00:03:59,250
especially when you're trying to understand
114
00:03:59,250 --> 00:04:01,920
the workplace culture or tempo of an organization
115
00:04:01,920 --> 00:04:03,240
that you're targeting.
116
00:04:03,240 --> 00:04:05,940
For example, is everyone working remotely from home?
117
00:04:05,940 --> 00:04:08,700
Or is everyone back in the office every single day?
118
00:04:08,700 --> 00:04:11,190
This is valuable information for a penetration tester,
119
00:04:11,190 --> 00:04:12,630
especially one who has to conduct
120
00:04:12,630 --> 00:04:14,700
a physical penetration test.
121
00:04:14,700 --> 00:04:15,900
Are the employees unhappy
122
00:04:15,900 --> 00:04:18,029
because they have a bad work-life balance?
123
00:04:18,029 --> 00:04:19,320
Do they hate their managers?
124
00:04:19,320 --> 00:04:21,480
And do they feel they're dumb or incompetent?
125
00:04:21,480 --> 00:04:22,980
Does the company focus on training
126
00:04:22,980 --> 00:04:24,270
and building up their employees?
127
00:04:24,270 --> 00:04:25,890
Or do they overlook training
128
00:04:25,890 --> 00:04:28,020
in favor of additional work output?
129
00:04:28,020 --> 00:04:30,360
All of these things can give you valuable information
130
00:04:30,360 --> 00:04:31,290
that you're going to be able to use
131
00:04:31,290 --> 00:04:33,000
during your engagement as well.
132
00:04:33,000 --> 00:04:34,500
Maybe you find out where people like to go
133
00:04:34,500 --> 00:04:36,210
to blow off steam after work.
134
00:04:36,210 --> 00:04:37,860
And you can find that the system administrators
135
00:04:37,860 --> 00:04:40,080
are the local bar right next to the office
136
00:04:40,080 --> 00:04:41,970
every Friday at 5:00 PM.
137
00:04:41,970 --> 00:04:43,350
This could be a great opportunity
138
00:04:43,350 --> 00:04:45,420
to go clone one of their proximity badges
139
00:04:45,420 --> 00:04:47,460
as part of your physical penetration test
140
00:04:47,460 --> 00:04:49,770
because they would be tired after a long week of work
141
00:04:49,770 --> 00:04:52,260
and distracted while they're getting a drink at the bar.
142
00:04:52,260 --> 00:04:54,000
Or maybe you start chatting up
143
00:04:54,000 --> 00:04:55,980
one of the technical team members at the bar,
144
00:04:55,980 --> 00:04:58,080
flirting and asking them what they do at their job,
145
00:04:58,080 --> 00:04:59,160
how they like it
146
00:04:59,160 --> 00:05:01,920
what kind of tech they get to work on and things like that.
147
00:05:01,920 --> 00:05:03,810
This is a form of social engineering
148
00:05:03,810 --> 00:05:05,010
where you're up close and personal
149
00:05:05,010 --> 00:05:06,000
with some of the employees
150
00:05:06,000 --> 00:05:07,440
and trying to gather as much information
151
00:05:07,440 --> 00:05:10,380
as you can from them without raising their suspicions.
152
00:05:10,380 --> 00:05:11,430
I know, I know.
153
00:05:11,430 --> 00:05:13,290
This sounds kind of like a spy movie here.
154
00:05:13,290 --> 00:05:15,210
But again, if this was agreed upon
155
00:05:15,210 --> 00:05:16,350
in the rules of the engagement
156
00:05:16,350 --> 00:05:19,110
and it's within scope of the engagement, then guess what?
157
00:05:19,110 --> 00:05:20,670
It's fair game.
158
00:05:20,670 --> 00:05:23,250
Once you gather all this open-source information,
159
00:05:23,250 --> 00:05:25,080
it's going to be time to put that information to work
160
00:05:25,080 --> 00:05:27,030
as actionable intelligence.
161
00:05:27,030 --> 00:05:28,950
At this point, you should be able to identify
162
00:05:28,950 --> 00:05:31,950
a couple of key details about your target organization
163
00:05:31,950 --> 00:05:34,260
such as the roles that different employees have
164
00:05:34,260 --> 00:05:36,750
in the organization, including their job titles,
165
00:05:36,750 --> 00:05:38,550
level in the organizational hierarchy,
166
00:05:38,550 --> 00:05:41,130
and their day-to-day tasks and responsibilities.
167
00:05:41,130 --> 00:05:42,570
You'll also find out the different teams
168
00:05:42,570 --> 00:05:44,700
and departments that exist in the organization
169
00:05:44,700 --> 00:05:45,900
as well as the phone numbers,
170
00:05:45,900 --> 00:05:48,750
email addresses and office locations of these teams
171
00:05:48,750 --> 00:05:50,460
and the employees within them.
172
00:05:50,460 --> 00:05:52,110
You might find out the technical aptitude
173
00:05:52,110 --> 00:05:53,550
of the organization and if they have
174
00:05:53,550 --> 00:05:55,470
a good security training program.
175
00:05:55,470 --> 00:05:57,780
And finally, you can start to understand the mindset
176
00:05:57,780 --> 00:06:00,690
of the employees and the managers inside that organization
177
00:06:00,690 --> 00:06:02,550
including how they perceive their coworkers,
178
00:06:02,550 --> 00:06:04,620
subordinates and managers.
179
00:06:04,620 --> 00:06:07,950
Now, all of this data can be put to work in different ways.
180
00:06:07,950 --> 00:06:09,450
I've already talked about how we can use it
181
00:06:09,450 --> 00:06:12,900
to conduct social engineering either by email or in person.
182
00:06:12,900 --> 00:06:15,570
But there's other ways to leverage all this data too.
183
00:06:15,570 --> 00:06:17,760
For example, if you've identified that Harriet
184
00:06:17,760 --> 00:06:19,500
over in the human resources department
185
00:06:19,500 --> 00:06:20,880
has a dog named Yoda,
186
00:06:20,880 --> 00:06:23,460
graduated from Rutgers University in 2003,
187
00:06:23,460 --> 00:06:24,930
her birthday is August 5th
188
00:06:24,930 --> 00:06:26,910
and her favorite singer is Celine Dion.
189
00:06:26,910 --> 00:06:28,620
And you can use all those names and dates
190
00:06:28,620 --> 00:06:30,540
to create a word list that you can use
191
00:06:30,540 --> 00:06:32,880
to conduct a hybrid password cracking attempt.
192
00:06:32,880 --> 00:06:35,250
Because most people use their date of birth,
193
00:06:35,250 --> 00:06:36,660
names of people or animals
194
00:06:36,660 --> 00:06:38,670
that they have a relationship with, interests,
195
00:06:38,670 --> 00:06:41,310
and other things like that to create their passwords.
196
00:06:41,310 --> 00:06:42,930
So as you're gathering this information,
197
00:06:42,930 --> 00:06:45,030
think about how can it be useful to you
198
00:06:45,030 --> 00:06:47,680
and how can you turn it into actionable intelligence.
14961
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.