Time
52 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hey, everyone, welcome back to the core. So in the last video we consider continued our
00:05
essentially our assault on ah poor Phillips social media profile. So we, uh, we took a look at this fake profile, and we were just looking through some different areas we had seen who has worked for in the past who currently works for. So he works a google. Um, he's a fake person. So don't try to reach out to him on social media and figure out the best way to, you know, apply at Google on. Get in.
00:25
Ah, it's very difficult, By the way. I know some people that work at Google is very challenging to get at those
00:29
ah, you know, tear one top of companies,
00:32
and we also take a look at to see what kind of languages you speak, right. So I mentioned that that's another good social engineering thing. We could pretend that we were fluent in French, for example, and that we're trying to learn English better. And so then we set up phone calls with Philip, where he you know, we just have conversations about different things, right? And then we eventually lead those conversations into
00:49
talking about, like the software that Google's using or,
00:52
you know, different things that are coming on project wise, etcetera. So a lot of different things we could do with that. I also mentioned that a lot of that, you know, um,
01:00
dependent upon the timeline is a pen tester, right? You know, So it's easy for us to do a course like this and talk about these things and Oh, yeah, you could do all these things. But the reality is, a lot of times you're on a strict time constraints, and it's not practical to do all these different angles of things. So you have the you know, these are all these tools in the arsenal, so to speak. And
01:18
as a pen tester, you figure out the best tools to use,
01:19
no matter what they might be right, because if you can solutions you near somebody and get them to click a malicious liquid like we talked about and the last video, then
01:29
I don't need to go ahead and try all these other you know, technical avenues of doing things. I just I can have you click a link and bam, I'm on your system And now I'm moving. You know, I'm pivoting escalating privilege, and I'm pivoting throughout the rest of the network, right? So just keep that in mind. These are all just tools to use in your arsenal.
01:46
All right, so the next thing we're going to do is click on the album at the top of the page here. So it's gonna scroll back up the page, and we're gonna click on the album album option right here.
01:57
So as we look through his photos, um, we want to take a look. Some things. Of course. We're gonna look at how he lists lists himself here because you notice it's gonna be different than what he listed as his actual job at Google.
02:07
And then we were gonna take a look. Some other photos were just kind of talked through those as well. You can You can read through the lab guy there. So we see creative director here. We know that he listed he's basically soft engineer a Google, so it seems like on his album, he's trying to be fancy, right? So maybe he
02:23
Maybe he's trying to be slick and say that he's a director level at Google like, maybe he's kind of a senior level position, and he's just saying I'm a software engineer to kind of throw people off. Or maybe he's just trying to put a, you know, as creative director, like, Oh,
02:39
I really would like to be a photographer, right? Like, this is what my passion really is, right? You know, like coding is cool, but like creative director is really cool, right? That's really what I want to do. Or maybe he's got a consulting company, right? Maybe he does photography on the side. So there's a lot of avenues there with that creative director thing that we could start thinking about.
02:57
So as we look through these photos, we see that him and his wife they really like to kind of be out in about right. So maybe they're kind of extroverted type of people or they just like to travel. We see a bonfire in the background there for those that, don't you? No, no. The terminology here in the U. S. And there's different terminology depending on where you live in the U. S. On what that is just that's a fire. What would call it like a fire
03:16
we see another one where it looks like it's probably his wife. She's got
03:21
what we call. Ah, Sprink
03:23
sprinkler. I think that's the name of it not known for getting the name of it. Ah, Sparkler. Sorry, not sprinkler. Sparkler is the name of that. It's a firework. Basically. You mostly for a little kid. You holding that does these little sparks and, you know, whatever. I loved him as a kid, so hopefully you liked him, too.
03:39
We see some more photos of his wife. Looks like they're kind of out in about Maybe they went to a concert here.
03:44
And this one is We keep scrolling down. We see more more photos of him and his wife. You know, maybe they're on a honeymoon there or something, right? Or maybe justification. We also see what I want to point out. We see a dog, right?
03:58
Could be his dog. Might be somebody else's, but could be his dog. A lot of people like to use her pet names and their passwords and for other, you know, like security questions, answers, that sort of stuff s so if we could maybe if we we might connect with him on the social media here we may ask him like, Oh, I noticed you got a photo of a dog. Is that your dog?
04:16
And a lot of people like, yeah, you know, her name is Stacy or whatever, and that's really dog's name. But
04:21
her name's Stacey and and you know, she's a two year old pug or whatever.
04:27
That might be a good avenue in as well, right? And then we've got the name of the animal and we might be able to say, Okay, well, how else would he? You know, maybe he'll put his dog's name and his wife's name is part of his password, right?
04:36
We hope that Philip has better security practices than that, but a lot of people don't write, so that might be another avenue in a swell.
04:45
So really, this lab was intended to, you know, kind of kind of get you thinking about different things. Now we're gonna take a look. Look at this. Friends as well, and then we'll just answer a question, you know, 10 here, which we've already answered part of with talking about, like the dog and the different photos here. But basically, I want you to think through.
05:00
What can you do with this information, Right? So from an attacker standpoint,
05:04
what could they do with this information after their kind of collecting all this information?
05:11
Now if the attacker's trying to go after, like many people of the company, a lot of this is not practical, right? Like I'm not gonna go through as an attacker and look at every bit of social media stuff you have out there, probably just gonna identify, like, one or two top targets and go from there.
05:24
So click on the friends option there, the friend's tab
05:27
and you'll see we've got several different friends here. We see that says that's his wife right there. We could go to her profile and take a look and look through that and see if there's any good information there. We also see that he's got you know, some people you know, somebody that maybe study with him at Oxford or that still studies at Oxford. We see that there's his friend. That's a traveler.
05:46
Maybe that's somebody that's gone off if vacations with them or that gives them some advice on places to go,
05:50
so we might connect with that person to try to get more information about Philip. We also see that this person down here is a graphic designer software engineer right here. That might be somebody that he's worked with in the past. Or maybe somebody he's just, you know, in different meet ups with so we can connect with them. We see a musician that's, you know, make kind of a long those artsy type of lines. So that might be somebody that,
06:09
as part of his photography self he's connected with.
06:12
We see a CEO level person here. Maybe that's a good friend of his. Maybe they work on projects together, right? So maybe weekend. And maybe this this cos I t far. Maybe they have a partnership with Google, so maybe we can attack the IittIe farm. And then from there you sat us a jumping off point to get into Google Systems.
06:29
So that's where we're really trying to take this right. We're really trying to look at somebody social media profile our target's social media profile and figure out different avenues that we can use to get into gig and basically get our mission accomplished right.
06:43
The flip side of that is if we're looking at a target company, same philosophy, right? We can use their employees to try to get information about the company itself. We can follow their social media, look at different things. They're launching, you know, product wise. We could look at their job postings on their website, see what kind of technology they're using or that they're asking for.
07:01
Um, a lot of bigger companies were pretty good about sanitizing stuff and just kind of making a very, very general
07:06
as you don't really know what they're using. But in most cases, get a general ballpark of the type of technology they're using. And then from there, if you know those vulnerabilities and that technology, that might be an avenue that you can use to get into the company systems. And, you know, do whatever you want to do from that point.
07:23
All right, so in this video, we just wrapped up our social media basically our social media reconnaissance lab eyes what I would call it where we just went ahead and took a look at through Philip Nomads Profile.
07:34
Now, in the next video, we're gonna go ahead and just do a quick who is query. So we talked a little bit. About what? Who is? Ah, I always loved to say like that. What? Who is or who is? Anyways, I digress.
07:48
We're gonna jump into the head in the next video and go through. Ah, just a short lab on that. Just so you can take a look at what that looks like.

Up Next

Online Reconnaissance

In Online Reconnaissance, Ken Underhill goes over the gathering of data through reconnaissance-related labs, with a primary focus on open-source intelligence (OSINT). He walks you through a social media profile analysis lab and a whois lab to give you a hands-on overview of information gathering.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor