Reconnaissance intro - Beginners guide to hacking and penetration testing (2017)

Beginners guide to hacking and penetration testing (2017)

People search reconnaissance:

Diving deeper into the individual target of if you are doing a penetration test on a company, some of the people of interest can mean the difference between success and failure. Perhaps digging into the network administrator you will learn about some of the networking flaws that the company has yet to patch, or that the helpdesk system is running "X" software that is vulnerable to attack. All these things can be useful to us in terms of exploits, social-engineering, learning more about the network and company at large.

Twitter, Facebook, Linkedin, Google+ etc.: Browsing their social media accounts can yield an amazing amount of information. People have a tendency to overshare, or even not realize what important information that they are giving up to the public. Take note of even some of the most mundane information such as pets, pet names, etc. We may be able to use these later for password resets.

Dig a little deeper: To gain more information you may need to pay for it. Some paid services such as http://pipl.com, http://www.publicbackgroundchecks.com/ , and http://www.peekyou.com/ can give you names, phone numbers, previous addresses, etc. that can be used for social-engineering, learning more about your target(s), or even helping build a password list to break into their accounts.

Information Gathering continued:

Below are some additional suggestions to gather additional information on your target(s). This is by no means a conclusive list, since useful information can come from an exhaustive list and will depend on your target(s).

Job listings:

These sites can be useful when gathering intelligence on a company by potentially learning more about their network, role(s) they are trying to fill, contacts within the company, hiring dates, and they type of people that they are looking for.

Employee social media accounts:

Searching an individual's social media account(s) can yield a wealth of information. The information that you gather there can help you build a phishing attack for example, potentially learn more about the target company, if the employee is disgruntle maybe you can leverage that, perhaps they have posted information about other employees or even posted photos of their workplace. All of this information should be gathered for further analysis.

Website news clips: Can be used to help you learn more about the company and employees. Maybe an announcement that someone just had a child, the company got all new Dell servers or were looking for a new wireless vendor.

Linkedin https://www.linkedin.com/ Can be used to learn more about your target skills, job history etc.

https://businesssearch.sos.ca.gov/ can be used to search business names and other information.