1 hour 56 minutes
Welcome back In the last video, we went over data leaks and data bridges. And in this one we will go through some of the posts and tools and techniques concerning systems which are exposed to the Internet.
Here you will learn what technical knowledge would be mandatory prior to approaching this kind of post network, then about a great search engine off Internet devices. And after that, what geo location tool to use for I. P s. What? DNA's tools to use, what other popular tools are there
and where to find the right tools for your those investigations.
As I have mentioned, a prerequisite knowledge for this video would be that, you know, or are at least familiar with the technical I t. Concepts which are pretty much involved in a system or a network admin job.
This is not to scare you away from watching this video just to better prepare you. What are we going to talk about? Also, I added python with a plus because learning python is really beneficial. I have mentioned it in the prerequisites for this course, and honestly,
I also went on to learn python. Since I have been using all the tools written in that language
and wanted to know how the tools worked and why some tools did the things the way they did them. Now I want to tell you about a great tool called Showed in. You can Find It on the showed in that I owe address. This tool is also golden standard in search engines for devices.
But before I Seymour about showed in, I would like to show you a quote from Mr Thomas Watson,
who was the chairman of IBM in the 19 forties, off the last century.
The quote. Girls,
I think there is a world market for maybe five computers. End quote.
Mr. Watson would be probably shocked if he saw just simple search result on showing that I owe
Children is a great Web tool for finding the fingerprint of connected devices. Allow me to show you how it looks like
open up a browser and go to the showed in that I'll address.
Basically, this search engine discovers devices that are connected to the Internet that includes webcams, smart TVs, refrigerators, power plants and so on.
To use the search filters, you have to create an account with your name and email address. I'm already logged in here, and we'll type
eight that eight. That eight. That eight in the search box and click search.
As you can see, this is a Google's DNA's device with two ports open,
53 for DNS and 4434 https.
A great feature off showed in is that it collects logging banners from all the devices, and you immediately get additional technical information about the target device. Now I will use a search filter
quotation H R
the results off this search filter are all the Internet devices in Croatia with an open rdp port? As you can see, the total result number usually I T professionals use showed in to see the exposure and the vulnerabilities off their systems. Andi by that companies.
Another great tool, similar to show them, is the census that I owe, which by some people is called an academic brother to show them because of its more complicated interface and filtering options, I would encourage you to check both of them in detail because this is like Internet device *** for us. I t. Guys. Next,
I would like to mention a very important thing
that it's sometimes overlooked. That's geo location,
like with exit data we mentioned in pictures. We also want to know where something is. If you have an I p off a target, you could easily find out if the targets I p is associated with, Let's say, weepy and service. Try to type in i p off your website and see where is it hosted.
You can try the tool i p location that net
When I say DNA's knows a lot, I mean that DNA's has so much information in itself that it's potentially a great resource for any kind of investigation.
Besides domain names and their information. A great deal of information, for example, about the company's system can be included in the DNS records. I have listed two tools that are, I think, great. For starters,
they both have similar features, but there are also differences. Indians dumpster. I like the feature off a graphic domain mapping with all the records and I PS included, and Indian athletics. I like that it's included information like ranking in for about the domain and the who is data. I will just briefly touch on a few more tools.
Multi Go Spider Foot, Ricana and G. The Harvester and Sub Blister
Multi Go is a no sin tool from Petrova, which is included in the Cali Lennox operating system. This is a great tool that visualized is your findings. It has free version, which limits the utilization off. It's transformed tools and size of the graph displayed,
but it should be large enough for researching small. Let's say companies.
Mantega will query DNS Records, who is records, search engines, social networks, various online application programming interfaces or a P ice and extract metadata that is used to find correlation ALS relationships between names,
email addresses, aliases, groups, companies, organizations, websites, domains
or operating systems and so forth.
You should really buy the whole product if you are doing threat intelligence or a lot off infrastructure analysis.
Next, despite of fruit, is a great reconnaissance tool that automatically queries over 100 public data sources. Together Intelligence and I P addresses the main names email addresses. It also has a useful graphic representation off findings. And, of course, not only data is found
but metadata, which could give you a great insight into vulnerability off a target system.
Recon Energy is another useful tool to perform reconnaissance on the target, and it's also built in the cattle. Lennox
Re Kon en G has various modules in built, and it's usage somewhat resembles to that off metal supplied
lots off its tools. Use a P I so you won't be able to use Ricans features without them. A typical example would be to connect to Recon and Schaden via a P I to use Ricans showed in modules. The next tool, called Harvester, is another oceans tool for reconnaissance that this pre installed in the Cala Lennox.
It uses several sources off information together results and help us determine the company's perimeter.
The hamster gathers emails, sub domains I PS and you are else. Lastly, Sub Lister is a python tool designated to enumerates sub domains off a website. Using goes in sub lister enumerates sub domains using many search engines such as Google, Yahoo, Bing and many more.
These tools are for the technical part of false and investigations
to look at your company's infrastructure and they're exposed device perimeter. So, as I have mentioned and will have to mention it again. It's always good for you to be familiar with the technical and I t concepts. Understand how the Internet works from the network's perspective,
How is BDP used and its autonomous system numbers
also to learn about routing website back and stuff even. And maybe this is going to sound silly, understand ocean cabling for inter continent connections.
Okay, this is maybe an oracle, But you understand what I'm trying to tell you now. I would like to show you a great home. I'll resource for all such tools that Mr Justin Nordine created.
It's called the Olsen Framework, and you can find it on the Olsen framework dot com. Let's see how it looks like
in your favorite Elson browser.
Go to the Olsen framework dot com address.
As you can see here, when you click on any of the categories like such as user name,
email, address, domain name,
a lot of useful resource is will appear on the screen in the form of sub tree.
In my example, I'm interested in the whole discovery tools, so I will choose i p address
host slash poor discovery
and one of the tools listed is showed in which we discussed earlier searching for users. Email addresses, I P addresses or social network details become super easy as you have all the tools available in one single interface.
It's just like a giant Olson bookmarks library.
Additionally, don't forget about get herb dot com, which is a great online oh sent resource. This is why I put an emphasis on being familiar with the Python programming language.
In this lesson, we covered the basic open source intelligence tools that are used in the context off I T systems and their exposure on the Internet. In the next video, we will do a quick module summary, so see you there.
Open Source Intelligence (OSINT) Fundamentals
In this Open Source Intelligence (OSINT) Fundamentals training course, you will gain fundamental knowledge about OSINT, who uses it, and the ethical implications of using it. Upon completion, students will have a solid understanding of OSINT.