1
00:00:00,060 --> 00:00:01,560
All right, welcome back, everyone.

2
00:00:01,590 --> 00:00:08,610
This is his mission, and this mission is about finding and discovering the e-mail addresses of the

3
00:00:08,790 --> 00:00:13,250
dogged network or to the dogged domains.

4
00:00:13,920 --> 00:00:18,300
So understand, this finding email address is very, very important.

5
00:00:18,300 --> 00:00:28,350
But because if you get the right email address or if you get the even valid email address of anyone

6
00:00:28,350 --> 00:00:37,470
in the target organizations, it would be easy to launch an efficient campaign in which has the highest,

7
00:00:37,470 --> 00:00:43,180
most success rate for compromising the target better than anything is right.

8
00:00:43,950 --> 00:00:50,100
So let's see how we can make use of Rickon energy for the same purpose.

9
00:00:50,320 --> 00:00:55,590
And you will be amazed to know that it's going to work just awesome.

10
00:00:55,890 --> 00:00:56,220
All right.

11
00:00:56,230 --> 00:00:57,210
So let's get started.

12
00:00:58,080 --> 00:01:09,300
OK, so will launch terror attack machine and we are looking it and again, will launch the attack on

13
00:01:09,300 --> 00:01:09,690
energy.

14
00:01:09,700 --> 00:01:18,720
And yes, in the U.S., you might have noticed the Marines were already installed because I have because

15
00:01:18,720 --> 00:01:20,670
I have reinstalled my Kelly.

16
00:01:21,090 --> 00:01:24,180
So you could see the Marines are not present.

17
00:01:24,890 --> 00:01:36,660
What are you could do is basically you can do a marketplace install and this would start the installation

18
00:01:36,660 --> 00:01:38,120
of all the packages.

19
00:01:38,430 --> 00:01:45,390
And this is what you would see very first time when you launch your recon engine.

20
00:01:45,600 --> 00:01:47,640
OK, and that's the time.

21
00:01:48,480 --> 00:01:52,550
That's the that's the time when you don't have any more news in the system.

22
00:01:52,980 --> 00:01:59,490
And this time in order to get all the more required modules, you have to make use of the marketplace

23
00:01:59,820 --> 00:02:01,050
installed on.

24
00:02:01,230 --> 00:02:04,110
And this would start installing all the packages.

25
00:02:04,860 --> 00:02:13,620
And once that is get ready, then you can actually go ahead and, you know, launch the campaign.

26
00:02:18,570 --> 00:02:18,800
Correct.

27
00:02:19,080 --> 00:02:20,650
So it might take some time.

28
00:02:20,850 --> 00:02:24,270
So till then, we can hold it for now.

29
00:02:24,270 --> 00:02:27,440
And Wilkening once said get get it done.

30
00:02:38,430 --> 00:02:40,440
All right, so it's all done.

31
00:02:40,620 --> 00:02:49,260
The packages are in stone and you see, well, now you go ahead and you know, you see all the modules

32
00:02:49,260 --> 00:02:52,760
you will definitely find on the monitors available.

33
00:02:53,010 --> 00:02:55,940
So let's see if they have modules and load.

34
00:02:56,430 --> 00:02:58,080
And if I do.

35
00:02:59,940 --> 00:03:01,700
And if I do, yeah.

36
00:03:02,280 --> 00:03:05,910
You can see all the monitors are already being present on the system.

37
00:03:05,940 --> 00:03:15,090
OK, so now let's first insert our target in order to launch the elastic module to gather all the email

38
00:03:15,090 --> 00:03:18,900
addresses of the target list first inside the door.

39
00:03:19,140 --> 00:03:22,550
So the insert and the domain.

40
00:03:23,700 --> 00:03:28,220
Now you defined the domain and what we can actually use.

41
00:03:28,740 --> 00:03:34,080
Can we use any recognized domain Bedazzler, Twitter, Yahoo dot com?

42
00:03:34,950 --> 00:03:38,400
I would say yes, because there's nothing wrong.

43
00:03:38,400 --> 00:03:43,020
I mean, we are not making use of any malicious threat vector or something.

44
00:03:43,030 --> 00:03:48,490
We are basically making use of open source tool, which is freely available on the browser as well.

45
00:03:48,510 --> 00:03:59,490
So let's say if we if you make use of Twitter, Twitter, dot com for gathering and give any notes gathering

46
00:04:00,060 --> 00:04:03,800
e-mail addresses, you're done.

47
00:04:04,080 --> 00:04:05,700
Now let's load the module.

48
00:04:05,750 --> 00:04:16,470
So in this case, they have to load remodelers so modules or Rickon and then the modules to let's say,

49
00:04:16,470 --> 00:04:17,520
let me give you the DAP.

50
00:04:17,940 --> 00:04:20,360
So which one are we going to actually use?

51
00:04:20,610 --> 00:04:27,660
So we'll have to make use of domain host and who else?

52
00:04:28,110 --> 00:04:30,360
And that's what we are going to do.

53
00:04:31,020 --> 00:04:34,380
We need to find the contacts which are related to the domain.

54
00:04:34,390 --> 00:04:44,130
So all the email addresses, the e-mail addresses are of the dominant server like the dot com John and

55
00:04:44,130 --> 00:04:46,890
the right to the dot com and all the stuff.

56
00:04:46,890 --> 00:04:47,130
Right.

57
00:04:47,140 --> 00:04:50,790
So so domain contact still in contact.

58
00:04:50,850 --> 00:04:51,760
OK, here we go.

59
00:04:52,330 --> 00:04:53,590
This is what we are looking for.

60
00:04:53,670 --> 00:04:54,750
So the domains.

61
00:04:57,790 --> 00:05:03,560
Contact and then who is right?

62
00:05:03,970 --> 00:05:06,760
So that's done now the model has been set up.

63
00:05:06,940 --> 00:05:10,350
Let's run the run this morning and let's see how it looks.

64
00:05:10,360 --> 00:05:10,570
Right.

65
00:05:11,170 --> 00:05:17,920
It might take some time to gather all the e-mail addresses required and it might take some pauses.

66
00:05:17,950 --> 00:05:18,970
Oh, yeah, it's done.

67
00:05:19,360 --> 00:05:26,230
Now, let's once it is done, in order to see earlier in order to check out the host, we have made

68
00:05:26,230 --> 00:05:28,960
use of so hote straight.

69
00:05:29,260 --> 00:05:34,450
But in this case, because we are looking for contacts with have to type two contacts.

70
00:05:36,490 --> 00:05:37,120
Lovely.

71
00:05:37,450 --> 00:05:38,230
You can see.

72
00:05:38,570 --> 00:05:40,720
Oh let me maximize the window.

73
00:05:41,770 --> 00:05:41,980
Yeah.

74
00:05:42,190 --> 00:05:46,540
So you could see all the contacts of the folks.

75
00:05:48,250 --> 00:05:55,850
These are names, their last name, email address and the location as well.

76
00:05:56,380 --> 00:05:56,770
Right.

77
00:05:56,790 --> 00:06:00,340
So it is that quick and that that one of them.

78
00:06:00,540 --> 00:06:06,670
OK, this is something which is being available on the open source platform.

79
00:06:06,670 --> 00:06:11,680
Maybe, maybe and faced by the you know, who is Look-Up it.

80
00:06:12,280 --> 00:06:22,120
So these might be and deal of the advent of Twitter because what basically happened is it make use of

81
00:06:22,120 --> 00:06:25,620
whois lookup database to get the information about it.

82
00:06:25,630 --> 00:06:25,960
Right.

83
00:06:26,950 --> 00:06:32,830
We can also make use of other other sources as well, Google and other stuff, in order to get those

84
00:06:32,830 --> 00:06:35,310
contacts to better.

85
00:06:35,350 --> 00:06:38,310
And I can assure you that money is low.

86
00:06:39,520 --> 00:06:43,910
And let me show you that.

87
00:06:44,530 --> 00:06:49,330
So if I do that, you could see the reason we are looking for domains to contact you.

88
00:06:49,570 --> 00:06:52,480
So you can see we have domain to contact.

89
00:06:52,510 --> 00:06:57,460
One option is Hunter Dot, Hunter IO, which we can also make use of it.

90
00:06:57,940 --> 00:07:01,090
We can also make use of WikiLeaks.

91
00:07:01,540 --> 00:07:07,430
That means it will also fetch the email address, which has been available on WikiLeaks.

92
00:07:07,470 --> 00:07:07,900
Right.

93
00:07:08,230 --> 00:07:15,100
So we can get to know if those has been linked to somewhere we can possibly get more information about

94
00:07:15,100 --> 00:07:15,200
it.

95
00:07:15,940 --> 00:07:23,050
Also, we can even get to know about if there is any -- list, which is if any of the any of the email

96
00:07:23,050 --> 00:07:30,760
addresses had been compromised or has been has been involved into any data breaches, maybe Facebook,

97
00:07:30,760 --> 00:07:37,610
LinkedIn or something where the passwords may also be or hashes of those passwords may also be available.

98
00:07:38,170 --> 00:07:41,440
This is just about making use of the open source platform.

99
00:07:41,720 --> 00:07:42,840
Nothing really special.

100
00:07:42,850 --> 00:07:45,900
It just that it makes your job pretty easier.

101
00:07:46,210 --> 00:07:50,030
But if you've gone into I hope you like the session we got you in the next one.

102
00:07:50,140 --> 00:07:50,620
Thank you.