Time
52 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hey, everyone, welcome back to the course. So in the last video, we talked about reconnaissance or information gathering or ocean and all that stuff that kind of a high level, right? So we took a look at some various tools, like Mel Tego Foca as well as things like The Harvester.
00:17
And again, there's a very high level over. You're just kind of give you a taste of reconnaissance.
00:21
Now what we're going to do in this video is just some demos. Now again, these air, not lab. So there's no step by step guide for these, but I want to walk you through a job search website. So indeed dot com is what I'm gonna pick on for this one, just cause I like it a lot better than others on. And then we'll also take a look at
00:40
looking at a browser as story websites. Excuse me,
00:44
security certificate, because there's some information we can glean from that as well. And then we'll take a look at an actual organization's website, so I'll probably pick on Microsoft's because that's that's what I like to do on dhe. That's just me. Taking out years of frustration with Windows OS, but ah ah. But that's what we're probably due for, that particular one.
01:03
Uh, so let's go ahead and get started here. So I just went to indeed dot com.
01:07
Um, I chose San Francisco, California, just cause I know there's a lot of tech jobs available out in the the Silicon Valley area. So for me, that's kind of a no brainer when I want to search for things related to that. So what I'm gonna do is I'm just going to search for, um I'm actually just gonna start for engineer and just kind of see what pulls up here.
01:25
Actually, I'll go ahead. D'oh!
01:26
Cyber security engineer and just see Well, actually, do this one here
01:33
and what is kind of see what pulls up. Now, I actually haven't done this search for cyber security engineer in San Francisco, so I'm not sure exactly what's going to show up here, but well, what kind of take a look at through some of these, and see if we see any type of technology in use.
01:48
So right off the bat, I see something here. I'm gonna go ahead, just click on this one. Open that up in a new tab and let us take a look and see if there's any actual technology they mentioned. Or aside from just kind of generic stuff, right? So that's exactly what I'm looking for here. I'm looking for specific technology, you know, I do see some firewalls,
02:06
you know, vulnerability management platforms with that's standard stuff, right?
02:09
Pen testing frameworks, you know, So talking about medicine play like that's that's just too generic for me. So this one's not really helpful for me, except for the aspect of it for a network security engineer. So I may
02:23
determine that. Okay, well, they're short staffed. This could be a brand new role, right? But it could be that the short staffed where they're working through a transition so that might be something beneficial to me that if I'm going to attack them,
02:36
you know it's possible they're short staffed and they may not be looking at the logs, and also it's possible that they're kind of in transition. So the next person in might not be his experience or not really know what's going on or not have a good baseline of the network that they have, um, again, not very valuable stuff in, in my opinion, on that one there.
02:54
But I'm just gonna take through look through some of these other ones actually gonna look at the cloud one. Hopefully, that'll
02:59
let's not some actual technology in there, but this is, you know, another. Just another tool in the arsenal. Right? This might take you some time to go through these things, and you can do different. You know, advance keyword searches, that sort of stuff. Really, What I'm looking for is again specific things. Right. So,
03:15
uh, it looks like they want this person to have knowledge of the law stopped and kind of makes sense. If you're close Security engineer,
03:21
um, as well. Some different frameworks in place. Ah, and ah, you know, they want you to assist for C E A sum like that. So they were looking for somebody. Intermediate thio, maybe more advanced again. They're not really telling you a whole lot here, right? You know, they're just kind of a generalized roll. Um
03:39
and yeah, we're not really find anything there. What? I'm looking forward to just open up a couple of and we'll see if we can get some stuff in here But that's really what I'm looking for in here. I I really want specific technology. So here we go.
03:52
They want you to have experience an endpoint matching specifically, you know, semantic. So this tells me something, right? So I know. Okay, well, they're more than likely if they asked for a specific Thio technology. That's not that's not something like medicine ploy that Neil, like everybody uses, right? Something like this. It's actually a vendor product.
04:10
That's the stuff I'm looking for. This tells me that, like, Okay, in some capacity,
04:14
they're using semantic on their end points. So if I know of specific vulnerabilities, was semantic or ways to circumvent that, that's that's what I'm looking for here, right? Um, and a lot of this other stuff isn't really relevant on that one. Let's take a look and see if we find anything else at all. Like I said, you have to go through
04:31
a good amount of these. I would say a good number is probably at least you know, some in some cases, 20 to 30 of them.
04:38
If you live in a small town or something like a small area, there's not a lot of tech jobs, then you probably have a little shorter search, right? This one's pretty irrelevant. A cz Well, so we did get a little info from this particular one here we were able to see. Okay, semantic is something they're using. That's potentially valuable information.
04:55
In my opinion, it's so much easier
04:58
to just
04:59
social engineer somebody 10th and go through all these steps. But, you know, you have to figure out what works best for that particular you know, pen test that you're doing.
05:08
So let's jump right in and just take a look at as I mentioned about the security certificate on a website. What kind of take a look at some of the information you're you're want you will want to look for in there
05:19
so something else said may be beneficial to us as we're gathering our information on the target is what's called the sand or the subject Alternative name.
05:28
Now, this is something that on the website certificate, this is something that will show us potentially show us different sub domains that are associated with this site.
05:38
So we're just gonna use google dot com here as an example. So I'm just using Google chrome. If we just come up here to the top, click on the little lock icon,
05:46
click on the certificate
05:48
and then go to details. If we scroll down just a little bit, we'll see the sand information. They're the subject. Alternative name. If we click on that, what we should see a several sub domains that have been a potentially beneficial to us now. Google. Google, of course, has a security team. So some of these air not necessarily extremely beneficial. But
06:08
you get the generalized idea. We might be able to get some more information on our target
06:13
and associated websites with that organization if we just take a look at the security center certificate that they're using on their website.
06:20
All right, so we just took a look at the security certificate, and so we're able to see some basic subbed Amane information there. Now let's take a look in the actual company's website so we can kind of analyze and see what kind of until we can get. So we're here at Microsoft dot com. As I mentioned, I like to pick on them a little bit. All we have to do is just scroll down here, and it's gonna be different areas based off the particular, um,
06:41
website you're going to, but I already know Microsoft site. So about Microsoft will take us into where we can
06:46
look for people. Now, as I mentioned, we could look for different technologies, Some different news about Microsoft, et cetera. But here I just want to jump into looking at actual people as well as we see that careers, right. So we could go through look at all Microsoft positions if we want it to you. But we can't already did that
07:04
with the job board posting in. Indeed.
07:08
So here we gonna get board of directors. You know, that may or may not be relevant. It's really not, in my opinion, just because in the day to day operations they're not gonna necessarily be involved at all. It's gonna be more so the senior leadership people so and it's gonna be different. Burbage based off the company you're going to. So
07:25
ah, you know, they might call it just management team or something like that.
07:29
Uh, obviously, Marcus soft. It's gonna be a little more challenging to get very intimate details. But smaller companies might list the whole life story of the owner or something like that. So definitely just kind of adjust that based off the pen test that you're doing or the target themselves.
07:46
So we'll see all the people listed here. You know, it kind of gives you just Hey, this is their title. Essentially, um, let's go ahead and we'll just choose Amy. We'll just pick on Amy here.
07:55
And so we see here that it gives us a little information about Amy Again, it's Microsoft, right? So we basically just get the press contact information. We don't get Amy's cell phone or anything, but we could go try to find Amy on linked in if we wanted to and see if we can connect with her there. We could also try to do some
08:11
searching on Facebook to see if she's got a Facebook that we can access
08:16
and then try to connect with her on there or just get more information about here. In most cases, bigger companies kind of have AH team dedicated to helping their executive stay a little safer on social media platforms.
08:30
But you just never know, writes like somebody may just have an account sitting out there. So it's it's always good to just take a look at it and see what happens.
08:37
So we see, you know, it gives us a little of her background. You know where she was before, what? The other thing she's done in Microsoft? When did she, you know, join Microsoft? That might be reliving because we might want to go back even further in time from that to her previous job with this, which looks like it was Goldman Sachs
08:54
on then from there, maybe we can, you know, find people that used to work with her. But way back then
08:58
and they may be more open to sharing some information that might be beneficial for us in our, you know, our social engineering attack on her.
09:05
So not the really not to pick on you, Amy. So if you're out there Ah ah, watching this video, we just randomly chose you. But, uh, you know, great. Great set up. I will command Microsoft from this setup of giving some good information about their executive team without giving too much information. Right? So
09:26
So I picked Microsoft specifically because a lot of times they're not going to give you the juicy details. So we get some generalized stuff
09:33
that we really could pull off a link in profile, right? She's gotta undergrad in economics. She's got an MBA from Harvard, which is super cool. And then, ah, you know, she lives in Seattle area. At least as of the time this profile was created and you know she's she's married. It looks like with with a couple of kids, we don't know a specific number,
09:52
but that is a piece of valuable information. We might be ableto
09:54
do social engineering on her family members if we're doing her as kind of a target or whatever. So just that's really the things we're looking for when we go to the company website were specifically trying to find, like many different technologies and use,
10:09
um, you know, different news about the company like what's coming out? What's the new technology, where the things they're focused on as well as the people aspect of it, right. So we
10:16
we want to look through all the management, that sort of stuff, So a lot of good information that we can just glean from a company website as well
10:24
are so this video we just kind of took a look at a couple of different items, right? So we looked at the company website, we looked at the security certificate on. Then we also looked at the job board website as well just to kind of get an idea of all the little puzzle pieces that can go together to make it a good information gathering experience for us.
10:43
And in the next video, we're gonna go ahead and just jump into our lab that we're gonna do a fake social media profile
10:48
in that lab. I'm gonna be using the cyber 11 environment. However, you can actually just go ahead and follow along with the lab. But just take a look at your own social media profile if you don't have access to the cyber labs and it's kind of look at the information that you're that you're out there sharing with the world

Up Next

Online Reconnaissance

In Online Reconnaissance, Ken Underhill goes over the gathering of data through reconnaissance-related labs, with a primary focus on open-source intelligence (OSINT). He walks you through a social media profile analysis lab and a whois lab to give you a hands-on overview of information gathering.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor