13 hours 9 minutes
Hello and welcome to another penetration. Testing execution Standard discussion. Today we're going to be looking at intelligence gathering basics now a quick disclaimer. Pee Test videos do cover tools that could be used for system hacking. Any tools used or disgust or demonstrated
should be researched and understood by the user.
Please research your laws and regulations regarding the use of such tools in your given area. While we're having fun and learning or maybe picking up a new tool, we want to ensure that we don't get into any trouble with the law. So let's go ahead and look at our objectives.
So today we're going to discuss what is intelligence gathering? Why do we do intelligence gathering and what intelligence gathering is not? It's essential that we ensure we're on the same page as we move into our you know, next sets of discussions and that we all have a baseline understanding of what intelligence gathering is.
So they get started. What is intelligence gathering?
Well, intelligence gathering is performing reconnaissance against a target to gather as much information as possible to be utilized when penetration, testing or doing the testing. Um, enduring the vulnerability assessment, exploitation phases specifically.
So a lot of times open source intelligence is used for social engineering and things that nature. But it could also be used for
mounting an attack or understanding how a particular system could be attacked based on its version and things of that nature. So the more information you can gather, the more likely you'll be able to attack systems and use that information in the future.
Open source Intelligence is a form of intelligence collection management that involves finding,
selecting and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. And so that is. The key is that we want to be able to produce actionable intelligence just because you find ah lot of documentation or information on an organization.
If you can't effectively analyze the information or it's extremely dated
than it may not provide actionable intelligence.
Now, why do we do intelligence gathering? Well, we perform open source intelligence gathering to determine various entry points, so that's important. Various entry points. These entry points can be physical and electronic or human in nature.
So many companies fail to take into account information about themselves that they place in the public
and how it can be used by a determined attacker. And on top of that, many employees fail to take into account how they put information about themselves in the public and how that information can be used to attack them or their employer. And so,
with respect to what we're doing in our day to day, we're really looking at the employer and maybe how the employees could impact the employer based on information they put out there, like data about a deal.
Information about systems, maybe a project that a technical resource is working on. Maybe there's a message boards out there where they've posted Cem,
you know, kind of requests for help
and things of that nature. And so we really aren't going to focus as much on attacking the employees. A CZ faras. They're personal device or their personal computer, or to collect their personal data because it's typically not in the scope of what we're doing. A security testers.
Now let's go ahead and look at what intelligence gathering is not so
open. Source. Intelligence is not accurate or timely, depending on the age of the information, depending on whether not systems have been updated since then, replaced since then. You know, if it's an article from 2012 and we're now in 2019 it may not be a CZ relevant
as something that you find from two or three weeks ago. So the information sources may be deliberately or accidentally manipulated to reflect erroneous data. Information may become obsolete as time passes or simply not be complete or whole.
It does not encompass dumpster diving in the dumpster diving or any method of retrieving company information off physical items found on premise.
The reason for that is that open source intelligence gathering is gathering of information from public data sets. Dumpster diving is typically trust passing your typically digging through something that is owned by the company that may be in a space that would be considered off. Limits are protected.
Same thing goes for retrieving a company. Information off physical items found on premise you're now doing like physical security type testing or attempting to gain access to physical systems to pull data off of them so that information is not open source. It's not available to the public. You have to have some type of
to get to those systems. And so in that case, that is not considered intelligence gathering.
Now let's do a quick check on learning true or false. Bo sent open source. Intelligence is timely and accurate information.
Well, you should have recognized and remembered after a previous discussion that open source intelligence is in fact not
and accurate information that would be false. Remember that this information convene it manipulated it could be changed. It could just be inaccurate. It could be old, so any of those things could play into its timeliness and its level of accuracy. So always remember that open source information
eyes not 100% reliable.
So in summary
to reiterate, we discussed what intelligence gathering is
We discussed why we do intelligence gathering, and we discussed what intelligence gathering is not. While some folks like to go straight into just scamming I P addresses and looking for exploits and looking at vulnerabilities,
open source, intelligence gathering and intelligence gathering in general could be a critical part of building a risk profile for an organization and helping them to determine
what is available to the public, as well as what their employees were putting out there on the Internet that could be used to the detriment of the organization. So it's always been official to do at least
level one intelligence gathering, as we previously discussed, which isn't always best practice, but it's better than absolutely nothing at all. But we would recommend, in the most cases, trying to do at least the best practice level to intelligence gathering, where you do some automated tool collection of information.
And then you attempt to use some of that information to do some lightweight
manual analysis and maybe build some type of web of relationships or something of that nature, but again not required if you want to do at least level one intelligence gathering.
So with that, I want to thank you for your time today, and I look forward to seeing you again soon.