WEBVTT

00:12.410 --> 00:18.680
Passive information gathering is when you use an indirect approach to obtain information about your

00:18.680 --> 00:19.490
target.

00:19.640 --> 00:26.810
This method obtains information that is publicly available for many sources to use, eliminating direct

00:26.810 --> 00:29.120
contact with the potential target.

00:29.150 --> 00:35.480
Passive information gathering is usually fruitful, and a lot of organizations usually publish information

00:35.480 --> 00:42.470
and details about their organization as marketing strategy for their existing and potential customers.

00:42.500 --> 00:51.560
Sometimes when organizations advertise a vacancy on a job recruiting website, the recruiter post technical

00:51.560 --> 00:54.200
requirements for the potential candidate.

00:54.620 --> 00:57.360
From our penetration testers point of view.

00:57.380 --> 01:03.620
The technical details can indicate the types of platforms and applications that are running within the

01:03.620 --> 01:06.530
organization's network infrastructure.

01:10.110 --> 01:16.830
As I mentioned previously, the first stage of penetration test is to gather as much information as

01:16.830 --> 01:20.610
possible on a given target or organization.

01:20.850 --> 01:28.890
Gathering information prior to exploiting and gaining access to a network or systems will help the penetration

01:28.890 --> 01:37.800
tester to narrow the scope of the attack and design a specific types of attacks and payloads that are

01:37.800 --> 01:41.130
suitable for the attack surface of the target.

01:41.490 --> 01:48.570
We will begin our information gathering pace by utilizing the largest computer network in existence,

01:48.900 --> 01:50.430
the Internet.

01:51.670 --> 01:59.860
This diagram provides a brief overview of the different areas where open source intelligence can be

01:59.860 --> 02:01.450
found on a target.

02:02.050 --> 02:09.910
The Internet has many platforms ranging from forms and messaging boards to social media platforms.

02:11.380 --> 02:18.760
A lot of companies create an online presence to help market their products and services to potential

02:18.760 --> 02:19.630
clients.

02:19.660 --> 02:26.320
In doing so, the creation of a company's website, Facebook, Instagram, Twitter, LinkedIn, and

02:26.320 --> 02:35.140
so on ensures that their potential customers get to know how they are and what services and products

02:35.140 --> 02:36.370
are offered.

02:37.150 --> 02:42.790
The marketing department is usually responsible for ensuring that an organization's online presence

02:42.790 --> 02:50.140
is felt and that their digital portfolio is always up to date and eye catching.

02:50.290 --> 02:56.830
Organizations usually publish information about themselves on various Internet platforms, such as blogs

02:56.830 --> 03:04.120
and recruitment websites, as the Internet is so readily available and by accessible, it's quite easy

03:04.120 --> 03:10.420
for someone to gather information or target organization simply by using search engines and determining

03:10.420 --> 03:12.730
their underlying infrastructure.

03:12.760 --> 03:20.970
The technique is known as open source intelligence or as E and RT.

03:21.550 --> 03:28.600
So this is where a penetration tester or ethical hacker uses a various tools and techniques that harness

03:28.600 --> 03:34.900
information that's publicly available on the Internet to create a portfolio of the target.

03:35.310 --> 03:36.550
It's awesome.

03:36.550 --> 03:44.410
Is a type of passive information gathering where the penetration tester does not make direct contact

03:44.410 --> 03:53.680
or connection with the actual target, but rather ask legitimate and reliable sources about the target.

03:55.900 --> 04:04.270
Over the years, I have noticed a lot of job hunting websites where the recruiters post vacancies for

04:04.270 --> 04:07.720
Internet technology positions within a company.

04:07.720 --> 04:15.220
But the recruiter specifies that an ideal candidate should have experience with a specific technologies.

04:15.250 --> 04:21.160
This can be a good thing for the company and the applicant, however, it can be bad as well.

04:21.160 --> 04:29.770
So there's a pros and cons of companies posting their technologies on requirement websites so the pros

04:29.770 --> 04:36.700
are the potential candidate will know what type of environment to expect if they are hired.

04:38.340 --> 04:44.580
And the potential candidate can determine beforehand whether they have the skill set required for the

04:44.580 --> 04:45.960
job or not.

04:45.960 --> 04:47.730
But there are so cons here.

04:47.730 --> 04:54.720
So the company is partially exposing their technologies to the general public, and the hacker can determine

04:54.720 --> 05:01.180
the infrastructure and better select exploits and tools to perform a cyber attack.

05:01.200 --> 05:05.100
So let's take a look at this screenshot from a job site.

05:05.100 --> 05:14.610
So looking closely, we notice that the job poster has specified that they are using both Cisco and

05:14.610 --> 05:16.590
HP Networking Technologies.

05:16.590 --> 05:26.520
So the company uses an Avaya PBX systems as their voice over Internet protocol VoIP and they are running

05:26.520 --> 05:31.370
Windows Server 2008 and or 2012 in their network.

05:31.380 --> 05:38.010
So as a penetration tester, we can see that the company is using specific types of technology within

05:38.010 --> 05:39.630
their I.T infrastructure.

05:39.630 --> 05:45.960
From a penetration testers point of view, if this organization were a target for a penetration test,

05:45.960 --> 05:52.590
we could now narrow our scope of attacks to these specific technologies.

05:52.830 --> 05:58.650
Now that we have completed this lecture on better understanding open source intelligence.

05:58.650 --> 06:03.540
So let's dive into practical of using osint tools.