June 20

Workshop takeaways: OSINT for Cyber Defenders

0  comments

My key takeaways

  • Always do OSINT with the assumption in mind, that the software you are using is compromised
  • Sock puppet accounts
    • do not use real images like from Google Image Search as this might be considered identity theft in some countries
    • make the email account information match you sock puppet
    • use lastpass to store information about sites or accounts for you sock puppet
  • proxychains uses spaces instead of :
    • on Kali conf is at /etc/proxychains4.conf
    • activate random chain
    • the IPs you get from rsock are the same, but different ports. The IP will be changed on rsocks side by port
  • dig <domain> +short will return only the IP. Usefull if piped into other commands
    • works with other dig parameters as well
    • dig <domain> -t all +short | tee <domain>_info.txt seems a usefull command for basic information
  • arin.net can provide interesting information about US companies
  • Domaintools.com may sometimes give hidden whois information
    • historical information might be interesting as well
  • free information sources are often good, but most time it will not be on par with paid information sources
  • dnsrecon -d <domain> -t brt will try to brute force for DNS information
    • dnsrecon -d <domain> -b = using bing
    • dnsrecon -d <domain> -y = using yandex
    • can be combined in one request
  • Recon-ng comes with no module pre installed
    • use marketplace search to list available modules
    • use marketplace install <module path> or marketplace install all to install
    • keys list will list your API keys
      • keys add <apiname> <key> to add a key
  • DNSTwist is usefull to find typosquatting domains
    • typosquatting domains might not only used to phish your coworkers but also your customers
  • You can pipe keywords in Google dorks like keyw1|keyw2|keyw3
  • if a bad actor knows what he is searching for, often he doesn’t need expensive or special tools
  • Maltego creates great visual represantation of information and creates also great reports out of the box.
    • Also a lot what is possible with separate tools, can be done with Maltego in one GUI
    • Some tools in the Maltego Marketplace are free, some bring-your-own-key, some paid
    • Also access to tools like Crowdstrike that might be not available as often in other tools

Env

additional links


Tags

BSides, OSINT, red team, workshop


You may also like

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – A Master Class on Offensive MSBuild

Webinar takeaway – A Master Class on Offensive MSBuild
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}