OSINT

Theory

When it comes to social engineering, gathering information about the target is crucial, especially if you target a specific person. **
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. (Art of war, Sun Tzu)
In this part we will see how to get information about people _**_which could be useful to personalize social engineering attacks to make them more efficient.

Practice

General search: -https://webmii.com -Google Dork : site:linkedin.com -inurl:dir โ€œat companyโ€ โ€œCurrentโ€
About companies: -https://opencorporates.com/ -https://www.societe.com/ (For France) Employee's feedback and information about companies: -https://www.glassdoor.fr/ -https://www.indeed.fr/companies?from=gnav-acme--acme-webappโ€‹
Social networks/medias:
Image recognition: -https://tineye.com/โ€‹

References

Black-box Penetration Testing - How To Perform External in Organization
GBHackers On Security
GitHub - jivoi/awesome-osint: A curated list of amazingly awesome OSINT
GitHub
Last modified 1yr ago
Copy link