from a place where it is freely available. This does not include
various sites that will
provide details about people for a fee.
The question you may be wondering is, why would you use this open source intelli‐
gence? It’s not about stalking people. When you are performing security tests, there
may be multiple reasons to use open source intelligence. The first is that you can
gather details about IP addresses and hostnames. If you are expected to test a com‐
pany in full red team mode, meaning you are outside the organization and haven’t
been provided any details about your target, you need to know what you are attack‐
ing. This means finding systems to go after. It can also mean identifying people who
work at the company.
This is important, because social engineering can be an easy
and effective means of getting access to systems or at least additional information.
If you are working for a company as a security professional, you may be asked to
identify the external footprint of the company and high-ranking staff. Companies can
limit the potential for attack by reducing the amount of information leakage to the
outside world. This can’t be reduced completely, of course.
At a minimum, informa‐
tion exists about domain names and IP addresses that may be assigned to the com‐
pany as well as DNS entries. Without this information being public, consumers and
other companies, like vendors and partners, wouldn’t be able to get to them.
Search engines can provide us with a lot of information, and they are a great place to
start. But with so
many websites on the internet, you can quickly become over‐
whelmed with the number of results you may get. There are ways to narrow your
search terms. While this isn’t strictly related to Kali, and a lot of people know about it,
it is an important topic and worth going over quickly. When you are doing security
testing, you’ll end up doing a lot of searches for information. Using these search tech‐
niques will save you a lot of time trying to read through irrelevant pages of informa‐
tion.
When it comes to social engineering attacks, identifying people who work at the
company can be an important avenue. There
are various ways of doing that, especially
when it comes to social networks. LinkedIn can be a big data mine for identifying
companies and their employees. Job sites can also provide a lot of information about
the company. If you see a company looking for staff with Cisco and Microsoft Active
Directory experience, you can tell the type of infrastructure in place. Other social net‐
works like Twitter and Facebook can provide some insight about companies and
people.
This is a lot of information to be looking for. Fortunately,
Kali provides tools to go
hunting for that information. Programs can automatically pull a lot of information
from search engines and other web locations. Tools like theHarvester can save you a
lot of time and are easy to use. A program like Maltego will not only automatically
pull a lot of information, but also display it in a way that can make connections easier
to see.
