7 hours 6 minutes
Hey, everyone, welcome back to the course. So in this video, we're gonna go over some
basic oh sent using linked in now. Typically, when you're actually doing oh, sent, you want to create some fake accounts or what's called sock puppet accounts to do your social engineering and do euro cent. However, in this example, I'm just going to show you from my actual linked in account. And we're just gonna take a look and see what kind of data
we can find out about a target organization.
So we're gonna pick on a security companies will just pick on Crowdstrike in this example. And what you could do initially on your LinkedIn is you may already have connections at that organization. So first things first. I'm just gonna go to my network and we'll go ahead and search for crowdstrike specifically, so we'll find my connections here,
and then we're able to filter down and linked in. Now I use a free
version of linked in. You don't need the paid version. Although there are some advanced search filters with the paid versions of linked in
what you're doing, us faras ocean can be clearly done with a free account. So just going to all filters here.
And I mentioned Crowdstrike is a company.
Yeah, should pull up. There we go. We just apply that filter. First things first. Let's see if I'm connected to anyone. I know I have some people from Crowdstrike. So if I wanted to find out more information about Crowdstrike, I could pretend that I'm looking for a job at Crowdstrike. Right? So I might reach out to these individuals. I'm already connected. Thio and ask them questions around.
Hey, what you like to work a crowd strike
in particular? David here I may ask him. Hey, what kind of
skills is crowdstrike looking for? Further incident response team,
right? Might ask him like, Hey, are you guys using Splunk
are for the same tools or something else?
Are you looking for specific skill sets? Right, You know, Are you looking for certain software skills? Um, do I Do they need todo your text? Need to be familiar with
Really familiar with Linux, for example, which we know what differ you do, but
you get the idea there, we can reach out to people. Just pretend we're looking for a job and so These are natural questions for someone looking for a job or looking to make sure they have the right skill set with that organization. Uh, the other thing you could do is just actually search for the organization itself and go ahead and follow them. I may already be following Crowdstrike, but if not, we can pull up their page
and see what kinds of post they've done recently. For example, if they've got a funding round, they did recently,
if there's some other bit that they're in the news for, if maybe they found some specific vulnerabilities, uh, looks like they're having something where their employees or sharing what their service means to them right now. Uh, some articles, etcetera, so you can get a little bit information from his company Web site. These company pages
but the biggest value is gonna be when you actually reach out to their employees, has known about specific technologies and use. Uh, look at the technology they're posting about me. See, here is a lot of generalized stuff, which I do expect from a corporation's page. Looks like there's some kind of conference that they're sponsoring, so
that might be another way to reach out to this organization. This is say, Hey, I've got a
a new security conference I'm coming up with and are you interested in sponsorship? And so that could lead a conversation where you're able to gather additional information about the organization. But that's really all we're doing here on across social media as well. A. Specifically here on LinkedIn as we want to gather as much information about the company as we can and then also
reach out to employees.
And don't just start asking them what kind of software to use. Right?
Make it, um, or legitimate conversation, making a more natural conversation where you pretend that you're someone else, right? That's the whole purpose of a sock puppet account.
We want to pretend that we're this other persona and fully take it over right. It's all the psychology game, and so that's what we do with linked in here, right? We pretend that we're someone that we're actually not taking additional information about the target