7.3 Social Engineering Lab Recon EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
I welcome back to the course in the last video, we talked about what social engineering is
in this for your and actually do our first lab on it. And this lab's gonna be doing some reconnaissance on our target. So basically, we're gonna be gathering information on our target.
Now, I'm gonna do this lab in the cyber lab environment. However, you could actually just do it on yourself with any type of Web browser and just, you know, if we're gonna use a person called a fictitious person called Philip Nomad, But you could just use yourself as the example and go through and see what kind information you're putting out there on the web.
So let's go ahead and get started. So you want to log into the Savary labs if you haven't already done so? And if you don't know how just longing to your cyber account and then he starts for a certified ethical hacker.
We're gonna search for that. You see the entering a keyboard there,
he's gonna pull up a couple of results for us. It'll pull up this course and then also it'll pull up the lab environment, so I'm gonna right click just out of habit and say opened a new tab. You don't have to do so. You can just click on the start now. But
either way is gonna take you to this page here, and then you just click on launch to launch the labs,
so it's gonna take a moment of total pull up.
So once that pulls up, we're gonna look for the Social Engineering Reconnaissance Lab. So it's about halfway down here, right here.
And then we're gonna select the start button right here to go ahead and actually launched the lab.
All right, so our next step here, we're gonna turn on all of our virtual machines and I'm gonna go in, turn them on now that we get those pulled up in everything.
Okay, so step number one, we logged into the cyber labs, and then we search for a sort of fine ethical hacker.
We launched the labs, and then we clicked on. We found the Social Engineering Reconnaissance Lab,
and then we click down to start to actually come to the page where it right now.
Next we went ahead and turn on our virtual machines. So again, I want to stress that you can do this on your own. Just use yourself or, you know, a family member. A friend don't use like a stranger. That's kind of creepy. But just do somebody you know or yourself to see what kind of information you can gather on the Internet about, you know, you either yourself or a friend or family member.
All right, so we see our machines are pulling up here. We actually want to do the Windows 10 machines. So we're gonna click on that one there, So just click on the name, but that'll pull up that machine, it's gonna take you for a second or so to get connected and kind of get everything initialized for us.
So once we click on that machine and it pulls up, we want to open Internet Explorer from the taskbar,
so it looks like it may be finding gets. There we go. Okay. I was about to refresh it, so if it takes a while, just go ahead and click on refresh, and it should pull up for you, but it looks like it's gonna lock us in here and get us going.
So once it logs and we're just gonna scroll to the bottom and just click on Internet Explorer.
That's gonna launch a web page for us.
So now we're gonna
go to this particular address. Http. Colon force last ford slash my book. So no dot com no dot net No, nothing like that at all. So just a c t p
colon Ford slice four slash my book. Let's go ahead and type that in our Uriel here, so H p p p going for its last Ford slashed my book all lower case and then just hit the enter key
in a moment. Take a moment of total pull up, then you're gonna see our target here. So, Philip Nomad and this is his social media page on a website 56 website called my book.
All right, so step number seven on this page, we see our target, which is Philip? No, Matt. Okay,
so question number one here, How many followers does Philip half on his social media here? So let's take a look around here. So we see up here, we have the number of followers, so we see that that's 1325.
So we'll go ahead and jot that down in our document here. So
and you don't have to put the comma. You could just put 13. 25 if you wanted to. Either way is fine.
So Question number two just Philip Philip Post frequently. So how often does he post? Let's just kind of take a look at some of his post is here.
So we see that he posted, you know, about 15 minutes ago. We see he posted yesterday something there. Let's keep scrolling here. So we see a couple post from yesterday. So he in my opinion, post pretty free frequently. You know, at least once a day, it seems like he's posted.
All right, so we're gonna say yes to that question number two. That Yes, he does post pretty frequently. All right, So is he married? Question number three.
Well, we see right here in this first post that I can't believe I've been married to my beautiful wife Nina for two years now.
All right, so we know he's married, so let's go back to our document here. We're going to say yes to that.
All right, so now we're gonna look through the various photos that he's posted, just keeping on in the background, the clothing award and basically the type of content in the photos.
All right, so we see, that's, you know, it looks like they're that's maybe their their wedding picture there, there, in front of some body of water. Maybe, you know, maybe that's a lake. Or maybe that's, you know, the ocean of the Caribbean or something like that.
All right, let's keep scrolling here. So we see this looks like his wife in this photo here. So they're at a park someplace, and maybe there's a park near their house that we can go sit out and kind observe them,
and we're just gonna keep scrolling down as well. So we also see about a car breaking down, so we'll keep that in mind for later on.
All right, so we've looked through the different photos we've got some ideas about, maybe where he where he and his wife go to. So let's see if anyone else is common it down any of those posts. And if yes, let's see what their names are. So we see right here on the wedding in the post about their marriage. We see a couple of people, Alexis who?
It's happy for them. You know, I really can't believe the time has flown by.
Ah, and then John here, That's, you know, just excited about them being a happy couple. And he's also mentioning. So when's the baby due? So it could mean that maybe there are pregnant. You, maybe his wife is pregnant or they're planning to have a baby. So that's some good information for us.
All right, So we did get the two people here. So Alexis and John, we're gonna put that in our document here, so we'll just type in Alexis,
he and John.
Okay, So question number five just Philip have Children, so we don't really know if we've kind of glanced into stuff there. It doesn't say anything about Children, but they did mention that a baby, you know should be in the future. So we're gonna say no to this question. Number five here because we haven't seen anything that shows us. He actually does have Children right now.
All right, so we're gonna keep scrolling through the different post by Philip. Is there any other useful information So when we scrolled here to the bottom post, we have noticed that he mentioned that his car had broken down the other day and then he also left his phone in this out. So if we thought we could gain entry to his home, we might have a good shot if he's always forgetful. Because look here, his wife says,
Typical Phil.
You know, he forgot his phone and all these other problems happened
we might be able to If we can get access to his house, we might be able to actually get access to his phone at the same time. So that's one thing to keep in mind as well. So we do see that his car broke down. We could call local body shops, local repair shops and see some information about what kind of car does she drive, you know? Hey, my friend Philip brought his car there.
He was calling to see if it's ready. I think it's Ah, it's a monster or something like that. And then they say, Oh, no, it was that Toyota he brought in
et cetera.
All right, so our lab document here there was there is other useful information. We're gonna mention the car broke down,
and then we're also going to say left phone at home
because that's some good information that he might actually leave that at other places as well. You know, maybe he gets a cup of coffee in the morning and he forgets his phone every time.
All right, so next we're gonna click on the about tab at the top of the page. So let's go back up here
and we're gonna click on the about tab right here. So let's see some more information about Philip.
All right, let's go back to our lab document.
So do we see any personal information about Philip? And if yes, we're going,
we see that he goes by Phil. That might be important thing if we call him and try to get some information. We also see that he lives his birthday here as well. It's a phone number,
and we also see that his education was over at Oxford University. So that's a very good information there. A lot of times date of birth is something that we can use to get more information on our target from various sources, including their employer,
and then we also see that phone number there. We could reverse lookup that and try to get some more information about his actual address.
So we're not gonna jot down his actual date of birth, but we're just going to say date of birth.
We also get a phone number. We also see his education where he went to school.
All right, we also noticed here that he works as a software engineer
and he's not Google, apparently.
And he loves his job. So he's really into coding. So we might be able to find some different quoting websites that he's a part of some different forums or Facebook groups or something like that. And then we can use that to figure out what type of software the company he's working at might be running.
We also see here that he likes to play guitar and look after his dog. So we we see that he has a dog. Okay, He doesn't say the name of it here, but that's that's okay, because that might be helpful information just to know that he has a dog because maybe we could go to that park that's near their house that they went to and took photos that we could see that they have a dog and we could strike up a conversation about dogs.
All right, so let's take a look here. Does he
speak any languages besides English? And we also see some past employers. Let's go ahead, scroll down. We're gonna see those past employers right here.
And that looks just look at the languages. Does he speak anything other than English? So we see here that he does speak French at a beginner level,
So let's go ahead and put that down there. He just speak French.
Then let's take a look and see what country Philip is posting from, or at least what it looks like he's posting from. So it's giving us a location here.
So we see ah, location, and then we see the United Kingdom as a country. So
let's go ahead and put that there. So we're just going to say u K we want to type out United Kingdom.
All right, so our next tape here, we're gonna go up to the top again and click album and just take a look at some of his photos. So let's go back up here
and we're gonna click on album at the top here,
and we're gonna see that Philip has several photos posted here.
We see a couple of what looks like his wife there. Looks like they had a bonfire or something like that. Maybe they went to a concert at this one here. Looks like there's some kind of ocean there. So maybe they went to the beach, remember? That's just a photo he likes. We also see a dog right here. So maybe that's his stock. Maybe they took a photo of his stock, so
that might be something we want to learn about more. If we do go like to the park and talk to him,
we could talk about pugs.
All right, so let's go back to our lab document here. So
we did look at some of the photos there, and we saw some information.
Now, the other thing here I want to point out, is if we go back to the top here, we see he list himself is a creative director, so
that might mean that he's actually a director at his company.
So now if he's at the director level, that might give him a higher level of access, or maybe even an admin level type access to the company's network. So that's something to keep in mind that he might be a very valuable Tiger target for us, for his company. And in this case, the example is Google.
So we went through the photos we noticed once a dog, and that might be that that's his dog. And we might be able to eventually learn on different social media platforms what the name of his dog is.
All right, so step number 15 here. We're gonna click on friends at the top here.
So we're gonna click the friends tap here to see who is he connected with.
All right, so we see that there's a lady here. Sophia, that's a student at Oxford. So maybe they went to the same school at the same time we got Jonjo. Excuse me, John Doe. That travels a lot so he might be able to tell us about where Philip travels to
and when. Phil, it's going out of town.
We see Nina, who looks like his wife,
Robert Cook, who's a photographer so he might be able to tell us kind of like what kind of photos to Philip like to take what you like to go to.
We also see a software engineer here, so maybe they were working at the same company. We see a musician. So maybe that's the person who goes to concerts at the USOC CEO of I T Farm. So maybe this is 1/3 party contractor or something like that with his company, Google.
All right, so that's some good information there for us.
So we see several friends listed here, we might be able to get information again about what he likes to do. Maybe something information about his work projects from the software engineer and what kind of things he likes to do with his family life.
All right, so what can we do with all of this information we're gathering? So we did talk about social engineering in the last video. Kind of an introduction. So what do you think we could do with all of this information we're getting? What are some ideas you have?
All right. So if you mentioned different things, like, hey, we could craft like a phishing email to either Philip or one of those other people on his friends list to try to get them to click on it on, get more information or even get cruel acts and log in credentials. That's a good idea. We could also contact Philip if we felt we had enough information
and show up at that park like we could do a lot more reconnaissance
in person at that park near their house or a couple parts near their house and see if we noticed them right. We do see a photo of him and his wife, so we might be able to see some information on that. And then we could see, Do they have a dog with them? If they have a dog, then we could bring a dog to the park and walk the dog, and this casually struck up a conversation like, Oh, what do you do?
My name's, you know, whoever you don't just make up a name that you are,
you know, and strike up that conversation and get more intelligence. That way, you'd be amazed at how much people are willing to share with you just by being nice to them on Dhe. That's what a lot of penetration testers do thes companies that they do consulting for. They just go in and they're just nice to people. They just, you know, the nice to the receptionist.
They're nice to people in the parking lot, you know, They're you know, they see someone carrying a box.
Let me go out the door for your real quick, you know, et cetera, et cetera. It's It's amazing because unfortunately, nowadays, people aren't really treated well at their employer for the most part. And so it's amazing what you can do just with the police in the thank you. It's amazing what kind of information you can get
and then also what we could do with Philip. Would you call him on the phone at his work? We could ask different questions, or we could call some of his colleagues at work in this Aston casual questions, et cetera.
We could also again, as I mentioned when we found out he was a software engineer, we could go into different forums or different pages that he's a part of, and and even different projects. If he's a volunteer anywhere for coding or something like that, we could gather information that way as well so
question number 10. Well, could we do with this information? The basic answer there is we could do a whole lot of stuff, right? We could do different avenues here of different avenues of attack based on the type of information we have and based on how we want to do that attack to get more information or, you know, exploit the company in some way.
So in this video, we just went over a social engineering reconnaissance again. You could do this lab on yourself. You could do it on friends or family again. I don't say do it on strangers. That's that's again pretty weird and creepy. But you could do it on people you know, if you want to, and just show them like a look at all the stuff you're posting online. Look at all how I could use this as a hacker.
You know, as an ethical hacker, even as a criminal hacker,
Thio get information about you and exploit you and this way or that way. So it does help you
with your friends of family, help them be a little more secure online and hide some of their data. You notice with Philip here. He had his birthday sitting out there along with a phone number. You don't want to do that right? You want to try toe, look through the privacy policies in the settings of these different social media sites and make stuff a little more secure. It's not 100% right that someone can hack your account always, but make it more secure
for yourself and your friends and family.
So in the next module, we're gonna go over denial of service and distributed denial of service attacks.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By