My key takeaways
- Always do OSINT with the assumption in mind, that the software you are using is compromised
- Sock puppet accounts
- do not use real images like from Google Image Search as this might be considered identity theft in some countries
- make the email account information match you sock puppet
- use lastpass to store information about sites or accounts for you sock puppet
proxychains
uses spaces instead of :- on Kali conf is at
/etc/proxychains4.conf
- activate
random chain
- the IPs you get from rsock are the same, but different ports. The IP will be changed on rsocks side by port
- on Kali conf is at
dig <domain> +short
will return only the IP. Usefull if piped into other commands- works with other dig parameters as well
dig <domain> -t all +short | tee <domain>_info.txt
seems a usefull command for basic information
- arin.net can provide interesting information about US companies
- Domaintools.com may sometimes give hidden whois information
- historical information might be interesting as well
- free information sources are often good, but most time it will not be on par with paid information sources
dnsrecon -d <domain> -t brt
will try to brute force for DNS informationdnsrecon -d <domain> -b
= using bingdnsrecon -d <domain> -y
= using yandex- can be combined in one request
- Recon-ng comes with no module pre installed
- use
marketplace search
to list available modules - use
marketplace install <module path>
ormarketplace install all
to install keys list
will list your API keyskeys add <apiname> <key>
to add a key
- use
- DNSTwist is usefull to find typosquatting domains
- typosquatting domains might not only used to phish your coworkers but also your customers
- You can pipe keywords in Google dorks like
keyw1|keyw2|keyw3
- if a bad actor knows what he is searching for, often he doesn’t need expensive or special tools
- Maltego creates great visual represantation of information and creates also great reports out of the box.
- Also a lot what is possible with separate tools, can be done with Maltego in one GUI
- Some tools in the Maltego Marketplace are free, some bring-your-own-key, some paid
- Also access to tools like Crowdstrike that might be not available as often in other tools
Env
- Provided by BSidesMEsh21
- Moderator:
- MUC:SEC e.V.
- Presenter:
additional links
- https://www.fakenamegenerator.com
- https://rsocks.net
- allows sign up with protonmail for free plan
- https://dnsdumpster.com
- https://cvedetails.com
- https://github.com/elceef/dnstwist
- phishing domain search
- Dorks
- TweetDeck to keep track of topics/keywords