Hello and welcome to this intelligence gathering summary.
What did we learn thus far with respect to the intelligence gathering component of the penetration testing execution standard? Well, we looked at general background concepts where we had Level one
tow level three information gathering level, one being pretty much clicking a button running a tool level two, including those tools and some minimal
manual analysis. And then level three being nation, state level interpretation and correlation of information. We got into some information gathering basics where we looked at what intelligence gathering was why we do intelligence gathering and what intelligence gathering was not.
We looked at target selection where we looked at identification and naming reiterated rules of engagement in limitations with target selection
consideration for time as well as goals. We have to remember that it doesn't matter if the client can't do Level three intelligence gathering because they only are able to have us to a week's worth of testing.
Then it may not be within the time constraints or in the best interest of the clients in goal.
We started off with part one of open source intelligence, where we discussed what forms Oh sint takes, which was passive active and semi passive intelligence. We looked at physical oh sent such as locations, the pervasiveness of controls throughout those locations
and the relationships of various entities. We discussed logical ascent as well as the use of the orb chart to figure out
key personnel and relationships within the client organization.
In part two of open source intelligence, we looked at electronico, sent infra infrastructure asset as well as financial information. Keeping in mind that financial data may not be is readily available for private entities as it will be for publicly traded entities who have certain reporting requirements.
And then we wrapped up our open source intelligence discussion with individual oh sent where we looked at employee data,
social network profiles, Internet presence, mobile footprint and four pay information. Taking into consideration that all of these data sets could be private in nature and may require additional research on local walls and regulations in certain areas like the United States, criminal background information that may be available
should not be used in certain circumstances or at all in some instances, and so you need to treat all of this information with the highest of sensitivity and ensure
that your rules of engagement and local laws allow you to use it in your testing
covert gathering we looked at on location gathering like Dumpster diving and things of that nature versus offsite gathering as well as discussed human intelligence. Remember, human intelligence is very interactive in nature and requires that we engage the individuals to extract yah late additional details and information.
We got into external foot printing where we discussed what footprint in was why we do it. What is external footprint in overall passive reconnaissance and active reconnaissance or foot printing techniques.
We then moved on to internal foot printing, which was, of course, the same as the external, with some added flair with respect to looking at things like active directory
shares and other infrastructure within the organization.
And then we rounded everything off with a discussion on different types of protection mechanisms that were at the network host, application, storage and user areas. These air important to understand because we can use that thio kind of figure out the customer or clients risk profile
as well as where we could potentially implement some of these controls
to further reduce risk. Now we didn't cover anyways to bypass these mechanisms or these controls. And this is really just about how we go about discussing them and looking for potential protection mechanisms that are in place within the client organization. So congratulations again.
And with that in mind, I want to thank you for your time today, and I look forward to seeing you again