1
00:00:12,410 --> 00:00:18,680
Passive information gathering is when you use an indirect approach to obtain information about your

2
00:00:18,680 --> 00:00:19,490
target.

3
00:00:19,640 --> 00:00:26,810
This method obtains information that is publicly available for many sources to use, eliminating direct

4
00:00:26,810 --> 00:00:29,120
contact with the potential target.

5
00:00:29,150 --> 00:00:35,480
Passive information gathering is usually fruitful, and a lot of organizations usually publish information

6
00:00:35,480 --> 00:00:42,470
and details about their organization as marketing strategy for their existing and potential customers.

7
00:00:42,500 --> 00:00:51,560
Sometimes when organizations advertise a vacancy on a job recruiting website, the recruiter post technical

8
00:00:51,560 --> 00:00:54,200
requirements for the potential candidate.

9
00:00:54,620 --> 00:00:57,360
From our penetration testers point of view.

10
00:00:57,380 --> 00:01:03,620
The technical details can indicate the types of platforms and applications that are running within the

11
00:01:03,620 --> 00:01:06,530
organization's network infrastructure.

12
00:01:10,110 --> 00:01:16,830
As I mentioned previously, the first stage of penetration test is to gather as much information as

13
00:01:16,830 --> 00:01:20,610
possible on a given target or organization.

14
00:01:20,850 --> 00:01:28,890
Gathering information prior to exploiting and gaining access to a network or systems will help the penetration

15
00:01:28,890 --> 00:01:37,800
tester to narrow the scope of the attack and design a specific types of attacks and payloads that are

16
00:01:37,800 --> 00:01:41,130
suitable for the attack surface of the target.

17
00:01:41,490 --> 00:01:48,570
We will begin our information gathering pace by utilizing the largest computer network in existence,

18
00:01:48,900 --> 00:01:50,430
the Internet.

19
00:01:51,670 --> 00:01:59,860
This diagram provides a brief overview of the different areas where open source intelligence can be

20
00:01:59,860 --> 00:02:01,450
found on a target.

21
00:02:02,050 --> 00:02:09,910
The Internet has many platforms ranging from forms and messaging boards to social media platforms.

22
00:02:11,380 --> 00:02:18,760
A lot of companies create an online presence to help market their products and services to potential

23
00:02:18,760 --> 00:02:19,630
clients.

24
00:02:19,660 --> 00:02:26,320
In doing so, the creation of a company's website, Facebook, Instagram, Twitter, LinkedIn, and

25
00:02:26,320 --> 00:02:35,140
so on ensures that their potential customers get to know how they are and what services and products

26
00:02:35,140 --> 00:02:36,370
are offered.

27
00:02:37,150 --> 00:02:42,790
The marketing department is usually responsible for ensuring that an organization's online presence

28
00:02:42,790 --> 00:02:50,140
is felt and that their digital portfolio is always up to date and eye catching.

29
00:02:50,290 --> 00:02:56,830
Organizations usually publish information about themselves on various Internet platforms, such as blogs

30
00:02:56,830 --> 00:03:04,120
and recruitment websites, as the Internet is so readily available and by accessible, it's quite easy

31
00:03:04,120 --> 00:03:10,420
for someone to gather information or target organization simply by using search engines and determining

32
00:03:10,420 --> 00:03:12,730
their underlying infrastructure.

33
00:03:12,760 --> 00:03:20,970
The technique is known as open source intelligence or as E and RT.

34
00:03:21,550 --> 00:03:28,600
So this is where a penetration tester or ethical hacker uses a various tools and techniques that harness

35
00:03:28,600 --> 00:03:34,900
information that's publicly available on the Internet to create a portfolio of the target.

36
00:03:35,310 --> 00:03:36,550
It's awesome.

37
00:03:36,550 --> 00:03:44,410
Is a type of passive information gathering where the penetration tester does not make direct contact

38
00:03:44,410 --> 00:03:53,680
or connection with the actual target, but rather ask legitimate and reliable sources about the target.

39
00:03:55,900 --> 00:04:04,270
Over the years, I have noticed a lot of job hunting websites where the recruiters post vacancies for

40
00:04:04,270 --> 00:04:07,720
Internet technology positions within a company.

41
00:04:07,720 --> 00:04:15,220
But the recruiter specifies that an ideal candidate should have experience with a specific technologies.

42
00:04:15,250 --> 00:04:21,160
This can be a good thing for the company and the applicant, however, it can be bad as well.

43
00:04:21,160 --> 00:04:29,770
So there's a pros and cons of companies posting their technologies on requirement websites so the pros

44
00:04:29,770 --> 00:04:36,700
are the potential candidate will know what type of environment to expect if they are hired.

45
00:04:38,340 --> 00:04:44,580
And the potential candidate can determine beforehand whether they have the skill set required for the

46
00:04:44,580 --> 00:04:45,960
job or not.

47
00:04:45,960 --> 00:04:47,730
But there are so cons here.

48
00:04:47,730 --> 00:04:54,720
So the company is partially exposing their technologies to the general public, and the hacker can determine

49
00:04:54,720 --> 00:05:01,180
the infrastructure and better select exploits and tools to perform a cyber attack.

50
00:05:01,200 --> 00:05:05,100
So let's take a look at this screenshot from a job site.

51
00:05:05,100 --> 00:05:14,610
So looking closely, we notice that the job poster has specified that they are using both Cisco and

52
00:05:14,610 --> 00:05:16,590
HP Networking Technologies.

53
00:05:16,590 --> 00:05:26,520
So the company uses an Avaya PBX systems as their voice over Internet protocol VoIP and they are running

54
00:05:26,520 --> 00:05:31,370
Windows Server 2008 and or 2012 in their network.

55
00:05:31,380 --> 00:05:38,010
So as a penetration tester, we can see that the company is using specific types of technology within

56
00:05:38,010 --> 00:05:39,630
their I.T infrastructure.

57
00:05:39,630 --> 00:05:45,960
From a penetration testers point of view, if this organization were a target for a penetration test,

58
00:05:45,960 --> 00:05:52,590
we could now narrow our scope of attacks to these specific technologies.

59
00:05:52,830 --> 00:05:58,650
Now that we have completed this lecture on better understanding open source intelligence.

60
00:05:58,650 --> 00:06:03,540
So let's dive into practical of using osint tools.