OSINT: Corporate Recon Hard
OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can increase the chances of finding a vulnerable system, gaining valid credentials through password spraying, or gaining a foothold via social engineering. There is a vast amount of publicly available information from which relevant information needs to be selected.
Created by Cry0l1t3
This Module covers the OSINT phase of a security assessment. Strong OSINT skills are essential for penetration testers and red teamers. They can often lead to information crucial to the success of the engagement, such as a foothold into the target network.
In this Module, we will cover:
- An overview of Open Source Intelligence Gathering
- Gathering information about a target company
- Gathering information about target personnel
- Leveraging business and social networks
- Using leak/breach data effectively
This Module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover.
As you work through the Module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the Pwnbox provided in the interactive sections or your virtual machine.
You can start and stop the Module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this Module marked as complete in any paths you have chosen.
The Module is classified as "Hard" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this Module:
- Introduction to Networking
- Linux Fundamentals
- Open-Source Intelligence
- OSINT Methodology
- Business Investigation
- Contact Information
- Business Records
- Social Networks
- Domain Information
- Public Domain Records
- Domain Structure
- Cloud Storage
- Email Addresses
- Third Parties
- Compounded Networks
- Technologies in Use
- Leaked Information
- Internal Leaks