My key takeaways
- It’s all about reducing the attack surface
- OSINT Setup: use VPN’s and VM’s
- The "OSINT-kill-chain":
- Organization
- Company website (eg press releases)
- Third-party ressources (eg LinkedIn, Glassdoor, Indeed)
- Employees (eg Facebook, LinkedIn, Instagram)
- Other tools (eg Google)
- Google dorking is still the basic tool for every OSINT investigation
- remember to concat the dorks with
AND
orOR
- remember to concat the dorks with
- John Matherly, the founder of Shodan needed less the 5h to ping every IP on the internet
- Censys does ZMap scans 3 times a day and syncs the results with certifcates
- you can search on IP ranges
- "the Harvester" is not just about email addresses anymore, but can also be used to determine threat landscapes and can be enhanced with API’s
- Spiderfoot is good for OSINT automation
- can search for BTC addresses as well
- Spyse is one of the largest DBs and has API’s
- strong at subdomain discovery
- web spidering on target
Env
- Provided by KnowBe4
- Presenter: