Job Boards (Demo)
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
30 hours 38 minutes
Hey, everyone, welcome back to the course. So in this video, I just want to talk about job boards a little bit. So we've got various ones out there. Indeed, is a popular one monster dice dot com. Uh, many people nowadays you're just going to linked in. But let's just talk about some of the things we're looking for when we're trying to get information
from these job boards about an organization. Now.
I just searched for cybersecurity jobs, and I searched the Bay Area here in the US, which is San Francisco Bay Area in California,
mostly because there's a lot of tech jobs out there. And also because a lot of times companies will post some good information around some of the technologies air looking for
this first one here, you notice company names redacted, so it's not necessarily beneficial. One first even look at.
However, it does tell us some of the things that they're looking for in a sock analyst, right? Essentially a stock analyst, not cyber security analyst.
And so we're seeing things Windows, Mac, etcetera, so very basic stuff. However, if we were looking for sock roles, we might be able to see
the companies for those roles, right? So don't just put, like cybersecurity or cyber security analyst or sock analyst or pen test or whatever the case might be, you may have to go outside the box and think outside the box a little bit to find out
exactly what organizations are looking for. You can also search by a company, right? So I could just search like Microsoft. In fact, let's just go ahead and do that, see what pulls up here.
And, uh, we may get jobs that have, like Microsoft Office requirements, right? So it's not necessarily, uh, Microsoft jobs themselves. But here you do see that we have some jobs from Microsoft. Let's look at the
software engineer one real quick and just see if they list any particular skill sets or C plus plus. So we all kind of know that Microsoft's gonna be coding in a lot of different languages. So there's not any surprise. However you might be able to determine our their vulnerabilities based off what you're seeing here, right? Okay. You know, they're coding in.
Sees his plus plus
probably some python. Uh, probably some go lang C sharp. You see that listed here is, well, IOS and Android development experience. So just some of the things they're looking for for this particular role a few things you could do here. Number one. You could pretend that you are a software engineer created fake resume and profile. Apply for this job.
If you're good with your conversations and your social engineering skills, you could potentially get information about the company from a recruiter. Slash the team that's interviewing you because you're thinking you are legitimate right there, thinking your legitimate software engineer applicant.
Um, that doesn't give us a whole lot there. Let's see if there's anything better here. Well, yeah, they don't have a whole lot of Microsoft. Let's see. Let's just take a look at this here. Maybe this will give us some information
about the company here. This is all your doing on these job boards, right? You're just looking to see if there's any technology you're also looking to see. How do they list their job descriptions? Right. So
what kind of verbiage are they're using? How do they speak? Thes air? Important little clues that can help you determine. When I try toe, reach out. Thio. Microsoft employees, for example, on social media.
Are they going to speak the same way? All right. Are you going to use some of this? Same language? Also tells you what kind of skills technology wise that the organization might be looking for. Same thing with sites like monster and dice. Now, with Lincoln,
you can really learn what? What? People are speaking light, right. What are their employers
or Excuse me, their employees. How are they talking? How are they communicating? And you can also build relationships.
Now, if you're doing an actual pen test, right or if you're somebody malicious out there doing this stuff, don't log into your own profile and do this stuff, right? Great fake profiles and do it that way. I'm not actually logged in here, but let's just take a look and see what kind information we find
here on linked in. Let's just search for a business analyst, actually,
because most of the time they're gonna be doing
things with tech, actually all the time, and we can probably get a good idea of what kind of technology is being used by this organization based off this job description, sometimes at least sometimes not she. This is pretty light here.
Looks like JPMorgan. Let's try it. Maybe a smaller
company. I haven't heard of this one here
and just kind of see, like, what will they list on LinkedIn? Right. That's what we're looking for here.
And it's really nothing.
Nothing direct here that I'm seeing. Pretty, pretty generic stuff. They do, you zoom. So maybe if we find soon vulnerabilities, we could
target the company that way. Uh, seems like they have a Santa Barbara off office. Yeah, okay, that's their headquarters. So there, we know that there dog friendly. So maybe that's a way in, right? Maybe if we're trying to social engineer their employees, we find out who's got dogs, we pretend we have dogs. We strike a conversation, especially if we're in that local area.
Well, Santa Barbara, California
We can potentially goto a dog park near there, and we could meet some of their employees. So these are the types of things you want to think through, right? We just want to think How could we leverage this information we're getting? We see they've got yoga and stuff. That's another conversation piece, right? Seems like they do trivia at the company. So when I reach out to an employee on
linked in, for example, maybe I'd bring up
trivia and say, Hey, what kind of noticed a job posting for a business analyst? What kind of tribute to guys plays like world history like And then they'll tell you like, Oh, it's it's all these categories or it's a single thing and then that allows you to build that relationship via social media and social engineer them right? So
a lot of things there looks like they provide Mac books, so you know that
the vast majority of their employees were probably working on Mac OS, so then you could find vulnerabilities for that and target the company that way. So that's what we're looking for in these. Job boards were trying to find any information that might allow us to target the organization or that individual better
Footprinting & Reconnaissance - Part 1