All right, welcome back. The next section that we're going to talk about is some more of our techniques.
In this case, we're considering how you do targeting
we're the techniques and methods that that are useful here.
The basic ideas were gathering information. This could be active gathering of information which might be noticed by the target or could be passive.
We're using public sources of information that's not detectable by your target.
So the idea, as I was starting to allude to in the earlier in the course, is that
you're trying to make this a personal, custom crafted attempt to get information from from from the target. You don't want to use a generic script for every attempt because it will not properly fit the situation in hand. And most likely, the target will notice
that you're you appear to be reading a list of questions that don't appear to be quite related to what they do or who they are or why they do there
their their job the way they do
and going back to the quid pro quo idea. You want to create some incentive,
you know. Please help me. I'll help you. I'll give you something for nothing. I'll give you a great recommendation to your boss.
I'll give you access to some information that you want.
You know there's limitless possibilities for how these kinds of conversations could be manipulated in order to
make things more useful for the attacker.
So they're trying to find How do I get this information? How do my custom crafted to make it personal? And what incentives can I throw out there or tease the person with trying to think about the carrot in the stick? Right? What's gonna motivate my target to go after the carrot that's on the stick? That's the question the engineer needs to ask.
All right, so I have a bunch of demos that are related to targeting
some really great tools here that you might be interested in. We start off with spear fishing.
The social engineering tool kit is very powerful. This is built into Cali as well.
I'll do an example of spear fishing where you craft a email
That's Ah, set up just for one recipient to try to get them to go to a website so you can get their credentials
set as it's otherwise known. social engineering tool kit
has many more capabilities, and we'll explore some of those in other videos. But for this one, we're just gonna you use a technique to get credentials.
We'll also look a tool called cup.
This is the common user password profiler.
Once you start to get some clues about your target, you can use a tool like cup. Answer a bunch of questions and an interactive mode and generate a dictionary file, which can then be used to for brute forcing or for password cracking activities.
Cool is also a tool that's useful in this context of information gathering.
Cool. Let's you crawl a website
looking through the content and the metadata, content for clues as to what a password might be, or just for clues in general.
So it's very useful. We'll see a demo of this.
Also show you the show. Dan Search engine.
This is an amazing tool that lets you explore the I P. Address space of your target. Looking for anything that's interesting.
I will do, Ah, some searches showing you some of the information you can get. A lot of the ones I'll do are actually showing you webcams for instance that live on the Internet right now,
the organization that you're targeting may have Webcams or other security devices
basically showed and lets you explore the Internet of things.
And it tries to give you access in such a way so you can interact with some. Some of those resource is. I think you'd be pretty impressed with what showed an Incan d'oh.
Then we'll go into sight.
This is a user name enumeration tool,
very useful again for trying to find credentials or methods for getting into a system.
And then we'll wrap up with creepy.
Creepy is interesting. It lets you look at Twitter,
instagram, I believe. And if you have it set up and configured correctly, and if your target is using those service is
you can find out. What are they using Twitter for? What? What kind of pictures were taken on instagram and flicker? Where are they doing it?
You get time stamped location data for what the targets activities actually are. It's pretty neat stuff. I think you'll be impressed