Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,240 --> 00:00:03,300 OK so you don't have to follow along this video. 2 00:00:03,300 --> 00:00:08,160 I just kind of want you to start getting the wheels spinning and thinking about other items that we 3 00:00:08,160 --> 00:00:11,410 could be looking for when it comes to O.S.. 4 00:00:11,610 --> 00:00:22,080 Now we could look on a Web site like LinkedIn or Twitter and find useful information. 5 00:00:22,080 --> 00:00:25,810 I was on this Web site for literally one minute. 6 00:00:25,830 --> 00:00:26,660 I've logged in. 7 00:00:26,670 --> 00:00:31,350 I went to Tesla and I've already kind of found something and I want to show you how fast this is. 8 00:00:31,530 --> 00:00:39,390 So you come in here and you go to Tesla the company the company page here and I love to click on images. 9 00:00:39,420 --> 00:00:42,930 There's always employee photos on images. 10 00:00:42,930 --> 00:00:49,050 Now you scroll down a little bit and you can see somebody has recently posted a picture of their internship 11 00:00:49,050 --> 00:00:58,950 at Tesla and what we can do is click on the picture and look for things like badge photos or desk fixtures 12 00:00:58,950 --> 00:01:00,630 or anything of the sorts. 13 00:01:00,630 --> 00:01:06,840 Now good employees are told to hide their badges from pictures and you could see they've done a pretty 14 00:01:06,840 --> 00:01:07,530 good job. 15 00:01:07,950 --> 00:01:11,690 But if you look down here right down here it's hard to zoom in. 16 00:01:11,700 --> 00:01:15,300 But there is 100 percent a badge there. 17 00:01:15,360 --> 00:01:16,650 Is this a great picture. 18 00:01:16,650 --> 00:01:24,540 No but this is a good example of an easy way to find a badge is utilizing social media and you can find 19 00:01:24,570 --> 00:01:25,610 a lot of stuff. 20 00:01:25,650 --> 00:01:28,030 Very very very quickly. 21 00:01:28,080 --> 00:01:35,800 So another thing to point out too is that Twitter is a goldmine for these kinds of things. 22 00:01:35,980 --> 00:01:41,750 I have found badge pictures desk pictures software all kinds of stuff. 23 00:01:41,750 --> 00:01:49,270 The Twitter and the linked ID now from the non physical perspective or information gathering perspective 24 00:01:49,270 --> 00:01:51,910 for what seems like physical assessments. 25 00:01:51,910 --> 00:01:58,300 The other thing to point out is that it's really good to find the people like LinkedIn is great so we 26 00:01:58,300 --> 00:02:01,410 can come in here and we can find members right. 27 00:02:01,430 --> 00:02:03,260 And these are all going to say LinkedIn members. 28 00:02:03,280 --> 00:02:10,300 I don't have this account is just kind of my my peeping account that I just utilize when I want to look 29 00:02:10,330 --> 00:02:16,240 in not trigger anything weird when I'm looking at a company because if somebody sees me as a person 30 00:02:16,240 --> 00:02:21,730 looking at a company you might say why is this guy looking at my profile so we might not get names if 31 00:02:21,730 --> 00:02:26,380 you don't have the premium on some of these you might see LinkedIn member but you can also dig some 32 00:02:26,380 --> 00:02:32,890 names like here's a name here's a name here's a name and you take those names and you remember the formatting 33 00:02:32,950 --> 00:02:34,290 from before right. 34 00:02:34,300 --> 00:02:38,460 We had the formatting when we looked at a hundred IO and we said OK. 35 00:02:38,470 --> 00:02:40,200 First initial last name. 36 00:02:40,240 --> 00:02:44,340 Well I might take a first initial last name here and I'll add that to my list. 37 00:02:44,380 --> 00:02:51,280 Now we could utilize scrapers out there to look through the employee lists and pull down all the the 38 00:02:51,280 --> 00:02:55,240 names and then transfer those names into first initial last name. 39 00:02:55,300 --> 00:02:59,720 You could write a script to do that with Python if you want to challenge yourself to do that. 40 00:02:59,800 --> 00:03:04,930 I guarantee you there are tools out there to do this but this is the kind of information that we're 41 00:03:04,930 --> 00:03:06,030 after we're after. 42 00:03:06,030 --> 00:03:09,370 What kind of credentials can we gather and this loops all back. 43 00:03:09,370 --> 00:03:13,140 This is the the the wheels spinning here right. 44 00:03:13,210 --> 00:03:19,150 You want email addresses when we're talking network and we're talking what you're going to be doing 45 00:03:19,150 --> 00:03:20,550 with these kind of assessments. 46 00:03:20,560 --> 00:03:25,980 You want these email addresses you want anything that's been a part of a breach current credential leak. 47 00:03:26,110 --> 00:03:26,500 Right. 48 00:03:27,340 --> 00:03:32,680 And you just want as much information on the employees as you can gather when you take all these email 49 00:03:32,680 --> 00:03:36,060 addresses and it says something it says thirty four thousand employees. 50 00:03:36,190 --> 00:03:36,590 Do you take. 51 00:03:36,600 --> 00:03:38,440 Thirty four thousand employees. 52 00:03:38,500 --> 00:03:44,980 I would almost bet money on it that one of these employees has a password or something like fall 20 53 00:03:44,980 --> 00:03:49,430 19 or winter 20 19 exclamation or something like Tesla. 54 00:03:49,450 --> 00:03:52,800 One two three four exclamation. 55 00:03:52,960 --> 00:03:58,960 People are always the weakest point of an organization and people will be lazy with their passwords 56 00:03:59,380 --> 00:04:01,750 unless you absolutely force them to use long passwords. 57 00:04:01,750 --> 00:04:08,380 I do not know Tesla's password policy but I get in almost every external assessment with a weak password 58 00:04:08,380 --> 00:04:11,250 like fall 2019 or winter 2019. 59 00:04:11,320 --> 00:04:16,420 So I want you to think about these things we're not gonna go to death into social media but have that 60 00:04:16,420 --> 00:04:18,370 in your wheelhouse as well. 61 00:04:18,400 --> 00:04:24,580 We're just trying to utilize as much resources that are out there in order to use them for our advantage. 62 00:04:24,850 --> 00:04:29,920 So there's a lot of tools that I've shown you and I giving you a lot of the basics and really that's 63 00:04:29,980 --> 00:04:31,450 all you need for information gathering. 64 00:04:31,450 --> 00:04:33,380 Google is your best friend. 65 00:04:33,490 --> 00:04:39,250 Utilize Google to your full advantage utilize social media people post things all the time. 66 00:04:39,250 --> 00:04:46,240 They shouldn't be posting and just dig deep information gathering is one of the most important steps 67 00:04:46,360 --> 00:04:48,670 along with scanning enumeration. 68 00:04:48,670 --> 00:04:53,950 Keep repeating that to yourself and you'll be very very successful as a penetration tester. 69 00:04:53,950 --> 00:04:56,010 So that is it for this section. 70 00:04:56,020 --> 00:05:01,720 I kind of just wanted to give a brief overview of this and then give you some ideas to get your wheels 71 00:05:01,720 --> 00:05:04,160 spin and really think about it. 72 00:05:04,210 --> 00:05:07,360 Again we're harping on breach credentials mainly. 73 00:05:07,510 --> 00:05:12,120 So from here we're going to move into scanning in immigration. 74 00:05:12,130 --> 00:05:18,160 We're going to start doing our hacking getting into the real weeds of hacking and I'm very very excited 75 00:05:18,160 --> 00:05:19,050 about that. 76 00:05:19,150 --> 00:05:23,560 And you're going to see some of the stuff that you've seen before when it comes to reconnaissance pop 77 00:05:23,560 --> 00:05:24,450 back up. 78 00:05:24,490 --> 00:05:28,600 So I'm excited to see this play out through the course and how we're going to utilize it. 79 00:05:28,600 --> 00:05:30,850 So that's it for this section. 80 00:05:30,880 --> 00:05:35,530 I'll look forward to seeing you in the scanning enumeration section so I will catch you over there. 8348