Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this lab, Subject Matter Expert Dean Pompilio discusses targeting techniques. Targeting techniques allow you to gather information about a target in an active way (that may be noticed by the target) or in a passive way using public sources (that may not be noticed by the target). He explains that targeting efforts need to be personal and custom crafted so that your efforts are not given away by sounding scripted when you attempt to elicit information from your target. SME Pompilio also discusses using a quid pro quo approach in which you determine what will motivate the target to help you and then you create an incentive for the target to help you. The following targeting labs will be presented in the remaining Parts of this Module:
- Spearfishing with the Social Engineering Toolkit – this is built into Kali
- Cupp – which is the Common User Password Profiler
- Cewl – which allows you to crawl a Web site and look for clues
- Shodan – which is a search engine that lets you explore the Internet of things and the IP address space of your target
- Scythe – which is a user name enumeration tool
- Creepy – which lets you look at sites such as Twitter, Google Plus, and Flickr to find out what your target is using these web sites for and to get time stamps of your target's activities