Time
2 hours 26 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Welcome back In the last video, we went over data licks and data breaches, and in this one will go through some of the posts and tools and techniques concerning systems which are exposed to the Internet.
00:13
Here you will learn what's technical knowledge would be mandatory prior to approaching these kind of Postant work, then about great search engine off Internet devices. And after that, what geolocation tool to use for eyepiece, what DNS tools to use, what other popular tools are there
00:32
and where to find the right tools for euros and investigations.
00:37
As I have mentioned, a prerequisite knowledge for this video would be that, you know, or are at least familiar with the technical I t concepts, which are pretty much involved in a system or a network admin job.
00:50
This is not to scare you away from watching this video just to better prepare you. What are we going to talk about? Also, I added python with a plus because learning Pathan is really beneficial. I have mentioned it in the prerequisites for this course, and honestly,
01:06
I also went on to learn python. Since I have been using all the tools of written in that language
01:11
and wanted to know how the tools worked and why some tools did the things the way they did them. Now I want to tell you about a great tool, cold shoulder. You can find it on their showed in that I owe address. This tool is also golden standard in search engines for devices.
01:29
But before I Seymour about showed and I would like to show you a quote from Mr Thomas Watson,
01:34
who was the chairman of IBM in the 19 forties, off the last century,
01:38
the quote goes,
01:41
I think there is a world market for maybe five computers. End quote.
01:46
Mr. Watson would be probably shocked if he saw just simple search rules out on showing that I owe
01:53
Children is a great Web tool for finding the finger brains of connected devices. Allow me to show you how it looks like
02:00
open up a browser and go to the he showed in that I owe address.
02:05
Basically, the search engine discovers devices they're connected to the Internet that includes Webcams, smart TV's refrigerators, power plants and so on.
02:15
Do is the search fielders. You have to create an account with your name and email address. I'm already logged in here, and we'll type
02:23
8.8 dot 8.8 in Search Box and click Search.
02:30
As you can see, this is a Google's DNS device with two ports open,
02:36
53 for DNS and 443 for https.
02:39
A great feature off shoulder is that it collects logging banners from all the devices, and you immediately get additional technical information about the target device. Now I will use a search fielder
02:51
all type
02:53
country
02:53
column
02:55
quotation H R
02:59
Quotation Spaceport
03:01
column,
03:02
3389
03:05
and enter
03:07
the results off this search filter are all the Internet devices in creation with an open RTP port? As you can see, the total result number usually I T professionals use showed in to see the exposure and the vulnerabilities off their systems. Andi, by that company's
03:27
another great tool. Similar to shoulder is a sense of that ill, which by some people is called an academic brother to show them because if it's more complicated, interface and filtering options, I would encourage you to check both of them in detail because this is like Internet device born for us. I t guys Next
03:46
I would like to mention a very important thing
03:50
that is sometimes overlooked. That's geo location,
03:53
like with exit data we mentioned in pictures. We also want to know where something is. If you have an I p off a target, you could easily find out in the targets eyepieces associated with. Let's say we'd be in service. Try to type in i p off your website and see where is it hosted.
04:11
You can try the tool i p location dot net.
04:15
When I say Dennis knows a lot, I mean that DNS has so much information in itself that it's potentially a great resource for any kind of investigation.
04:25
Besides domain names and their information, a great deal of information, for example, about a company's system can be included in the DNS records. I have listed two tools that are, I think, great. For starters,
04:38
they both have similar features, But there are also differences in Vienna's Dumpster. I like the feature off the graphic demand mapping with all the records and I P's included and Indiana Athletics. I like that it's included information like ranking in for about the domain and the Who is data. I will just briefly touch on a few more tools.
04:58
Well, Tegal, Spider Foot Recon and G. The Harvester and Sub Blister
05:03
Multi Ago is an awesome tool from Patera, which is included in the Cali Lennox operating system. This is a great tool that visualize is your findings. It has free version, which limits the utilization off its transform tools and size of the graph displayed.
05:20
But it should be large enough for researching small. Let's say companies
05:26
most able will query DNS Records who is record search engines, social networks, various online application programming interfaces or a P eyes and extract meta data that is used to find correlation ALS relationships between names,
05:42
email addresses, aliases, groups, companies, organization's websites, domains
05:46
or operating systems and so forth.
05:49
You should really buy the whole product if you are doing threat intelligence or a lot of infrastructure analysis.
05:58
Next, Spider Foot is a great reconnaissance tool that automatically queries over 100 public data sources Together Intelligence and I P addresses domain names, email addresses. It also has a useful graphic representation off findings and, of course, not only bait eyes found
06:15
but metadata, which could give you a great insight into a vulnerability off a target system.
06:20
Recon Angie is another useful tool to perform reconnaissance on the target, and it's also built in the cattle. Lennox
06:29
Ricard and G has various models in built, and it's usage somewhat resembles to that off metal split
06:38
lots of fits tools used a p I. So you won't be able to use Ricans features without them. A typical example would be to connect to Re Kon and showed in via AP I to use Ricans showed in modules. The next tool, called Harvester, is another Oh, since tool for reconnaissance that it's spring installed in the Cala Lennix.
06:58
It uses several sources off information together results and help us determine the company's perimeter.
07:03
The harvester gathers e mails, sub domains, I P's and you are else. Lastly, Sub Lister is a python tool designated to enumerates sub domains. So for website using ghosts, sub lister enumerates sub domains using many search engines such as Google, Yahoo, Bing and many more.
07:23
These tools are for the technical part of Postant investigations
07:26
to look at your company's infrastructure and they're exposed device perimeter. So, as I have mentioned and will have to mention it again, It's always good for you to be familiar with the technical and 90 concepts. Understand how the Internet works from the network's perspective.
07:43
How is BDP used? And it's a tournament system numbers
07:46
also to learn about routing website beck and stuff even. And maybe this is going to sound silly. Understand ocean cabling for inter continent connections.
07:57
Okay, this is maybe an overkill, but you understand what I'm trying to tell you now. I would like to show you a great homeland resource for all since tools that Mr Justin Nordine created.
08:09
It's called the Olsen Framework, and you can find it on the Olsen framework that can't. Let's see how it looks like
08:16
in your favorite ocean browser.
08:18
Go to the ocean framework. That common dress,
08:22
as you can see here when you click on any of the categories like such as user name,
08:30
email, address, domain name,
08:33
a lot of useful resource is will appear on the street in the form of a sub tree.
08:39
In my example, I'm interested in the whole discovery tools, so I will choose I p address
08:46
host slash Port Discovery,
08:50
and one of the tools listed is showed in which we discussed earlier searching for you. There's similar dresses I p addresses are social network details become super easy as you have all the tools available in one single interface.
09:03
It's just like a giant Olson bookmarks library.
09:07
Additionally, don't forget about get her dot com, which is a great online oh sent resource. This is why I put an emphasis on being familiar with the Python programming language.
09:20
In this lesson, we covered the basic open source intelligence tools that are used in the context off I T systems and their exposure on the Internet. In the next video, we will do a quick module summary, so see you there.

Up Next

Open Source Intelligence (OSINT) Fundamentals

In this Open Source Intelligence (OSINT) Fundamentals training course, you will gain fundamental knowledge about OSINT, who uses it, and the ethical implications of using it. Upon completion, students will have a solid understanding of OSINT.

Instructed By

Instructor Profile Image
Tino Sokic
CEO at DobarDan
Instructor