Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:01,500 Instructor: There is a lot of information 2 00:00:01,500 --> 00:00:04,260 you can gather from the Domain Name System. 3 00:00:04,260 --> 00:00:05,430 Now we're gonna talk about 4 00:00:05,430 --> 00:00:06,750 each of the different record types 5 00:00:06,750 --> 00:00:08,640 that we have inside of DNS, 6 00:00:08,640 --> 00:00:10,050 and the purpose of DNS, 7 00:00:10,050 --> 00:00:11,790 but we're not gonna do a really deep, 8 00:00:11,790 --> 00:00:12,900 deep dive here, 9 00:00:12,900 --> 00:00:15,000 because you should already know this information 10 00:00:15,000 --> 00:00:17,190 from back in your network plus studies. 11 00:00:17,190 --> 00:00:18,780 If you don't, please go back, 12 00:00:18,780 --> 00:00:20,640 and review this type of information, 13 00:00:20,640 --> 00:00:22,890 because again, information from Network Plus 14 00:00:22,890 --> 00:00:25,560 and Security Plus is considered assumed knowledge 15 00:00:25,560 --> 00:00:28,050 at this level when you're taking PenTest+ 16 00:00:28,050 --> 00:00:29,940 and you're getting ready for your exam. 17 00:00:29,940 --> 00:00:32,250 Now, when we talk about the Domain Name System 18 00:00:32,250 --> 00:00:34,380 or DNS, it's really a system 19 00:00:34,380 --> 00:00:35,670 that's used to allow you 20 00:00:35,670 --> 00:00:36,990 to access a network client 21 00:00:36,990 --> 00:00:39,210 by using a human readable host name 22 00:00:39,210 --> 00:00:41,970 instead of using its numeric IP address. 23 00:00:41,970 --> 00:00:44,550 For example, if you want to visit my website, 24 00:00:44,550 --> 00:00:46,800 you can simply type in DionTraining.com 25 00:00:46,800 --> 00:00:49,080 into your web browser and in the background, 26 00:00:49,080 --> 00:00:51,150 your computer is gonna translate that 27 00:00:51,150 --> 00:00:52,770 into whatever IP address 28 00:00:52,770 --> 00:00:54,900 is hosting my server right now. 29 00:00:54,900 --> 00:00:55,770 Now, that's all done 30 00:00:55,770 --> 00:00:57,750 because there's an A record that is associated 31 00:00:57,750 --> 00:00:59,370 with DionTraining.com 32 00:00:59,370 --> 00:01:00,870 and that is spread around the internet 33 00:01:00,870 --> 00:01:02,490 through all of the DNS servers 34 00:01:02,490 --> 00:01:05,310 so everybody can know how to access it. 35 00:01:05,310 --> 00:01:07,410 Now, when we talk about domain names, 36 00:01:07,410 --> 00:01:09,570 there is a lot of critical information in here 37 00:01:09,570 --> 00:01:10,890 that you can get. 38 00:01:10,890 --> 00:01:12,540 As you look at the domain names, 39 00:01:12,540 --> 00:01:13,373 you're gonna be able to see 40 00:01:13,373 --> 00:01:14,580 a lot of different records, 41 00:01:14,580 --> 00:01:16,500 and a lot of sub domains and domains 42 00:01:16,500 --> 00:01:17,520 that are associated with 43 00:01:17,520 --> 00:01:21,150 a particular domain name like DionTraining.com. 44 00:01:21,150 --> 00:01:23,010 For example, if you go and look at 45 00:01:23,010 --> 00:01:24,180 all of the DNS records 46 00:01:24,180 --> 00:01:26,130 that are out there for DionTraining.com, 47 00:01:26,130 --> 00:01:28,050 you'll see we have a bunch of different 48 00:01:28,050 --> 00:01:30,930 types starting with an A-record. 49 00:01:30,930 --> 00:01:33,570 Now, an A-record stands for an address record, 50 00:01:33,570 --> 00:01:35,640 and an A-record is used to link a host name 51 00:01:35,640 --> 00:01:37,860 to an IPV4 address. 52 00:01:37,860 --> 00:01:39,540 If you're using IPV6, 53 00:01:39,540 --> 00:01:41,850 we have what's called four-A record, 54 00:01:41,850 --> 00:01:44,220 and it's written as AAAA, 55 00:01:44,220 --> 00:01:46,680 and this links directly to an IPV6 address 56 00:01:46,680 --> 00:01:48,990 instead of an IPV4 address. 57 00:01:48,990 --> 00:01:51,180 Either way, when you're using an A record 58 00:01:51,180 --> 00:01:52,590 or a four-A record, 59 00:01:52,590 --> 00:01:54,990 you are linking a human readable name 60 00:01:54,990 --> 00:01:59,520 to an IP address either in IPV4 or IPV6. 61 00:01:59,520 --> 00:02:00,930 Now, another way that we can link 62 00:02:00,930 --> 00:02:02,010 a human readable address 63 00:02:02,010 --> 00:02:05,070 to a server is by using a CNAME record. 64 00:02:05,070 --> 00:02:06,720 Now, a CNAME record stands for 65 00:02:06,720 --> 00:02:08,460 the Canonical Name Record, 66 00:02:08,460 --> 00:02:10,169 and this is used instead of an A-record 67 00:02:10,169 --> 00:02:12,420 or a four-A record if you wanna point to 68 00:02:12,420 --> 00:02:13,470 a domain name 69 00:02:13,470 --> 00:02:14,610 to another domain name 70 00:02:14,610 --> 00:02:16,620 or sub domain instead of having to point it 71 00:02:16,620 --> 00:02:18,660 to an actual IP address. 72 00:02:18,660 --> 00:02:20,340 For example, I have many 73 00:02:20,340 --> 00:02:21,450 different website domains 74 00:02:21,450 --> 00:02:23,220 that I've bought and used over the years, 75 00:02:23,220 --> 00:02:25,350 and some of them we don't use anymore, 76 00:02:25,350 --> 00:02:26,850 but we still link them 77 00:02:26,850 --> 00:02:29,100 back to our main Dion Training website, 78 00:02:29,100 --> 00:02:31,230 so that way if somebody uses the old domain name, 79 00:02:31,230 --> 00:02:32,850 it'll redirect them automatically 80 00:02:32,850 --> 00:02:34,860 to our new current domain name. 81 00:02:34,860 --> 00:02:37,530 And to do this, we use CNAME Records. 82 00:02:37,530 --> 00:02:38,363 For example, 83 00:02:38,363 --> 00:02:41,460 I own a website domain called itil4exam.com. 84 00:02:41,460 --> 00:02:43,650 If you type in itil4exam.com 85 00:02:43,650 --> 00:02:45,030 it will automatically redirect you 86 00:02:45,030 --> 00:02:47,100 right back to DionTraining.com 87 00:02:47,100 --> 00:02:48,480 because I have a CNAME Record 88 00:02:48,480 --> 00:02:50,640 set up @itil4exam.com. 89 00:02:50,640 --> 00:02:53,550 That points directly to DionTraining.com. 90 00:02:53,550 --> 00:02:56,220 The next type we have is known as an MX record. 91 00:02:56,220 --> 00:02:59,040 Now, an MX record is a Mail Exchange Record, 92 00:02:59,040 --> 00:03:00,450 and we use this to direct emails 93 00:03:00,450 --> 00:03:01,860 to a mail server. 94 00:03:01,860 --> 00:03:03,990 This can be used to indicate how email messages 95 00:03:03,990 --> 00:03:05,520 should be routed around the internet 96 00:03:05,520 --> 00:03:06,353 when you're using 97 00:03:06,353 --> 00:03:09,900 the Simple Mail Transfer Protocol or SMTP. 98 00:03:09,900 --> 00:03:11,760 When we use a Mail Exchange Record, 99 00:03:11,760 --> 00:03:13,440 we're actually pointing to another domain name, 100 00:03:13,440 --> 00:03:15,180 and not an IP address. 101 00:03:15,180 --> 00:03:18,030 For example, if you look up DionTraining.com, 102 00:03:18,030 --> 00:03:19,530 and you look at our mail records, 103 00:03:19,530 --> 00:03:21,000 you're gonna see they're actually pointing 104 00:03:21,000 --> 00:03:22,530 to Google's mail servers 105 00:03:22,530 --> 00:03:23,700 because they run the email 106 00:03:23,700 --> 00:03:25,800 for DionTraining.com. 107 00:03:25,800 --> 00:03:27,900 Next, we have an SOA Record, 108 00:03:27,900 --> 00:03:30,150 which stands for the Start of Authority. 109 00:03:30,150 --> 00:03:31,470 Now, this record is used to store 110 00:03:31,470 --> 00:03:32,700 important information about 111 00:03:32,700 --> 00:03:34,530 a domain name or a zone, 112 00:03:34,530 --> 00:03:36,330 and a zone is really all of the information 113 00:03:36,330 --> 00:03:37,920 about a given domain name 114 00:03:37,920 --> 00:03:39,210 including its a records, 115 00:03:39,210 --> 00:03:40,860 CNAME Records, MX records, 116 00:03:40,860 --> 00:03:42,420 and other types of records. 117 00:03:42,420 --> 00:03:44,310 When we're talking about an SOA Record, 118 00:03:44,310 --> 00:03:46,530 we're basically saying who is responsible 119 00:03:46,530 --> 00:03:47,880 for this domain name? 120 00:03:47,880 --> 00:03:50,460 In the case of my website, DionTraining.com, 121 00:03:50,460 --> 00:03:51,630 we are responsible for it, 122 00:03:51,630 --> 00:03:53,460 and so our Start of Authority Record 123 00:03:53,460 --> 00:03:55,350 tells everybody that our server 124 00:03:55,350 --> 00:03:57,420 is gonna be the authoritative server 125 00:03:57,420 --> 00:04:00,000 for the domain name at any of the records. 126 00:04:00,000 --> 00:04:01,650 The way DNS works, if you think back 127 00:04:01,650 --> 00:04:03,330 to your earlier studies is that there is 128 00:04:03,330 --> 00:04:05,940 a central server for any domain name, 129 00:04:05,940 --> 00:04:07,260 but that one server 130 00:04:07,260 --> 00:04:08,430 doesn't make all the requests 131 00:04:08,430 --> 00:04:09,630 for everyone in the world, 132 00:04:09,630 --> 00:04:12,030 so instead, it creates the official records, 133 00:04:12,030 --> 00:04:14,250 and the distributes those out to other places, 134 00:04:14,250 --> 00:04:15,840 and so we have to know who is the person 135 00:04:15,840 --> 00:04:17,760 who's authorized to make changes, 136 00:04:17,760 --> 00:04:19,800 and distribute the original new copy 137 00:04:19,800 --> 00:04:21,930 that goes out to everybody else around the world, 138 00:04:21,930 --> 00:04:24,030 and that's what an SOA Record does. 139 00:04:24,030 --> 00:04:25,740 Next, we have pointer records, 140 00:04:25,740 --> 00:04:27,870 which are written as PTR. 141 00:04:27,870 --> 00:04:28,950 Now, a Pointer Record 142 00:04:28,950 --> 00:04:30,780 is used to correlate an IP address 143 00:04:30,780 --> 00:04:31,980 with a domain name, 144 00:04:31,980 --> 00:04:33,570 and this is basically the opposite 145 00:04:33,570 --> 00:04:34,830 of an A-Record. 146 00:04:34,830 --> 00:04:36,990 With an A record, we went from host name 147 00:04:36,990 --> 00:04:38,037 to IP address. 148 00:04:38,037 --> 00:04:39,240 For a Pointer Record, 149 00:04:39,240 --> 00:04:41,970 we're going from IP address to host name. 150 00:04:41,970 --> 00:04:43,290 This is always stored under 151 00:04:43,290 --> 00:04:46,560 the format of .RPA which is the top-level 152 00:04:46,560 --> 00:04:48,060 domain we use when we're dealing 153 00:04:48,060 --> 00:04:49,770 with these Pointer Records. 154 00:04:49,770 --> 00:04:51,060 The next type of record we have 155 00:04:51,060 --> 00:04:54,240 is known as a text record or TXT record. 156 00:04:54,240 --> 00:04:55,170 Now, a Text Record 157 00:04:55,170 --> 00:04:56,880 is used by domain administrators. 158 00:04:56,880 --> 00:04:59,520 Adds text into the domain name system. 159 00:04:59,520 --> 00:05:01,950 Now, this allows us to have machine-readable data 160 00:05:01,950 --> 00:05:03,540 that's added into records, 161 00:05:03,540 --> 00:05:04,373 and we do this 162 00:05:04,373 --> 00:05:05,640 for all sorts of different reasons, 163 00:05:05,640 --> 00:05:06,900 including being able to say 164 00:05:06,900 --> 00:05:08,310 that this domain is authorized 165 00:05:08,310 --> 00:05:10,200 by me to allow some other service 166 00:05:10,200 --> 00:05:11,910 to use my domain name. 167 00:05:11,910 --> 00:05:13,590 For example, if you send an email 168 00:05:13,590 --> 00:05:15,480 to support@DionTraining.com, 169 00:05:15,480 --> 00:05:17,850 it's actually not going to my email servers, 170 00:05:17,850 --> 00:05:19,920 it's actually going into my support system, 171 00:05:19,920 --> 00:05:20,940 and that support system 172 00:05:20,940 --> 00:05:22,740 has been given permission to send emails 173 00:05:22,740 --> 00:05:24,750 on behalf of DionTraining.com 174 00:05:24,750 --> 00:05:26,490 by having a special text record 175 00:05:26,490 --> 00:05:29,100 that shows I authoritatively own this domain, 176 00:05:29,100 --> 00:05:30,150 and I've given permission 177 00:05:30,150 --> 00:05:33,210 to that service to send emails on my behalf. 178 00:05:33,210 --> 00:05:34,980 Next, we have a service record 179 00:05:34,980 --> 00:05:37,350 which is known as an SRV record. 180 00:05:37,350 --> 00:05:39,060 These are used to specify a host 181 00:05:39,060 --> 00:05:41,550 and a port for specific service. 182 00:05:41,550 --> 00:05:43,770 For example, I can specify a port 183 00:05:43,770 --> 00:05:45,300 and an IP address that's gonna be used 184 00:05:45,300 --> 00:05:47,820 for a chat server by using a service record 185 00:05:47,820 --> 00:05:49,890 or if I wanna set up something for VoIP services, 186 00:05:49,890 --> 00:05:52,050 I can do that with a service record as well. 187 00:05:52,050 --> 00:05:53,850 Finally, we have an NS Record. 188 00:05:53,850 --> 00:05:55,950 This is the last record we're gonna talk about. 189 00:05:55,950 --> 00:05:58,920 Now, an NS Record is a name server record. 190 00:05:58,920 --> 00:06:01,560 This is used to indicate which DNS name server 191 00:06:01,560 --> 00:06:04,530 is going to be the accurate one for the domain. 192 00:06:04,530 --> 00:06:05,610 Let's say for example, 193 00:06:05,610 --> 00:06:07,260 you decide to host a new blog, 194 00:06:07,260 --> 00:06:09,090 and you decide to buy a new website 195 00:06:09,090 --> 00:06:10,470 with a new domain name. 196 00:06:10,470 --> 00:06:11,430 Wherever you bought that, 197 00:06:11,430 --> 00:06:13,560 will normally serve as your name server, 198 00:06:13,560 --> 00:06:14,850 but you may wanna switch that 199 00:06:14,850 --> 00:06:16,350 to a different provider later on, 200 00:06:16,350 --> 00:06:17,670 and so you might go from GoDaddy 201 00:06:17,670 --> 00:06:18,840 to Google Domains, 202 00:06:18,840 --> 00:06:19,673 and you're gonna have to change 203 00:06:19,673 --> 00:06:22,020 your NS records to say Google Domains 204 00:06:22,020 --> 00:06:24,810 is now the correct place for my domain names. 205 00:06:24,810 --> 00:06:26,790 Now that we've covered the basics of DNS, 206 00:06:26,790 --> 00:06:28,530 and the different record types we have, 207 00:06:28,530 --> 00:06:30,510 we need to talk a little bit more about DNS, 208 00:06:30,510 --> 00:06:31,530 and how you're gonna use it 209 00:06:31,530 --> 00:06:33,330 as a penetration tester. 210 00:06:33,330 --> 00:06:34,890 Now, as a penetration tester 211 00:06:34,890 --> 00:06:36,450 in the reconnaissance phase, 212 00:06:36,450 --> 00:06:37,770 one of the things I wanna do 213 00:06:37,770 --> 00:06:39,630 is pull up all of your DNS records, 214 00:06:39,630 --> 00:06:40,590 and look at them, 215 00:06:40,590 --> 00:06:42,270 because that's gonna give me addresses 216 00:06:42,270 --> 00:06:44,400 for servers whether in the host name form, 217 00:06:44,400 --> 00:06:45,540 or an IP address, 218 00:06:45,540 --> 00:06:46,470 as well as being able to see 219 00:06:46,470 --> 00:06:48,810 what kind of services you may be using. 220 00:06:48,810 --> 00:06:51,510 For example, if you looked up DionTraining.com 221 00:06:51,510 --> 00:06:52,350 you're gonna be able to see 222 00:06:52,350 --> 00:06:53,910 what type of web server we have, 223 00:06:53,910 --> 00:06:55,680 what type of email server we have. 224 00:06:55,680 --> 00:06:56,850 What type of record server 225 00:06:56,850 --> 00:06:58,710 we're using for all of our domain names, 226 00:06:58,710 --> 00:07:00,450 What kind of services we might be using 227 00:07:00,450 --> 00:07:01,800 that are third party to us, 228 00:07:01,800 --> 00:07:04,110 like software as a service cloud-based tools, 229 00:07:04,110 --> 00:07:06,060 like Freshdesk for our support desk. 230 00:07:06,060 --> 00:07:07,590 Slack for our communications. 231 00:07:07,590 --> 00:07:09,240 And other things like that. 232 00:07:09,240 --> 00:07:10,260 All of this can be found 233 00:07:10,260 --> 00:07:12,480 from those different records types. 234 00:07:12,480 --> 00:07:15,480 Specifically, you wanna focus on the MX records 235 00:07:15,480 --> 00:07:17,370 for any kind of email services, 236 00:07:17,370 --> 00:07:18,630 as well as the text records, 237 00:07:18,630 --> 00:07:19,463 and service records 238 00:07:19,463 --> 00:07:21,720 to be able to see any third party software 239 00:07:21,720 --> 00:07:23,220 as a service type solutions 240 00:07:23,220 --> 00:07:25,200 that that person may be using. 241 00:07:25,200 --> 00:07:26,910 Now, when you look at these DNS records 242 00:07:26,910 --> 00:07:28,440 you're gonna find all sorts 243 00:07:28,440 --> 00:07:30,120 of great additional targets 244 00:07:30,120 --> 00:07:31,230 that you can actually look at 245 00:07:31,230 --> 00:07:32,940 that you may not have discovered otherwise, 246 00:07:32,940 --> 00:07:33,810 so it's a good place 247 00:07:33,810 --> 00:07:35,580 to do your reconnaissance at. 248 00:07:35,580 --> 00:07:37,260 Now, to look at these DNS records, 249 00:07:37,260 --> 00:07:39,120 you have to use a tool to do that, 250 00:07:39,120 --> 00:07:40,470 and you're gonna query those records 251 00:07:40,470 --> 00:07:41,610 and be able to see the information 252 00:07:41,610 --> 00:07:44,310 inside of them by using these different tools. 253 00:07:44,310 --> 00:07:45,600 Now, one of the most common tools 254 00:07:45,600 --> 00:07:47,430 that's used is known as nslookup. 255 00:07:47,430 --> 00:07:50,160 Nslookup is a cross-platform tool 256 00:07:50,160 --> 00:07:53,310 that operates on Windows, Linux and Mac systems, 257 00:07:53,310 --> 00:07:55,890 and allows you to query a domain name server, 258 00:07:55,890 --> 00:07:57,270 and then get information back 259 00:07:57,270 --> 00:07:59,520 in the form of those different record types. 260 00:07:59,520 --> 00:08:00,750 Some other tools you can use 261 00:08:00,750 --> 00:08:03,840 for this purpose are things like Dig and Host. 262 00:08:03,840 --> 00:08:05,550 Like I said, there's lots of different ways 263 00:08:05,550 --> 00:08:06,720 to query these records 264 00:08:06,720 --> 00:08:07,950 but these are some of the most common 265 00:08:07,950 --> 00:08:09,780 command line tools. 266 00:08:09,780 --> 00:08:11,400 Now, when you're querying these records, 267 00:08:11,400 --> 00:08:13,020 you do wanna gather that information 268 00:08:13,020 --> 00:08:14,790 as part of your open source intelligence, 269 00:08:14,790 --> 00:08:17,370 and add it into your Wiki or your spreadsheet 270 00:08:17,370 --> 00:08:18,750 for all the data you've been collecting 271 00:08:18,750 --> 00:08:20,670 because these are all potential targets 272 00:08:20,670 --> 00:08:21,660 depending on the size, 273 00:08:21,660 --> 00:08:23,280 and scope of your engagement. 274 00:08:23,280 --> 00:08:24,600 Now, in addition to finding out 275 00:08:24,600 --> 00:08:25,920 this technical information 276 00:08:25,920 --> 00:08:27,690 inside of your DNS records, 277 00:08:27,690 --> 00:08:29,070 you can also find out information 278 00:08:29,070 --> 00:08:31,440 about the domain and who owns it. 279 00:08:31,440 --> 00:08:33,090 To do this, we're gonna use a tool 280 00:08:33,090 --> 00:08:34,650 known as Whois. 281 00:08:34,650 --> 00:08:36,450 Now Whois is a command line tool 282 00:08:36,450 --> 00:08:39,123 on Linux Systems, but it also exists as a website 283 00:08:39,123 --> 00:08:40,559 that you can go and use 284 00:08:40,559 --> 00:08:42,419 to actually pull this information. 285 00:08:42,419 --> 00:08:44,700 Now, when you pull up a typical Whois record, 286 00:08:44,700 --> 00:08:46,770 you're gonna get a lot of information in there, 287 00:08:46,770 --> 00:08:49,200 including who registered that domain name. 288 00:08:49,200 --> 00:08:51,090 The name and address of the organization. 289 00:08:51,090 --> 00:08:52,470 Who owns that domain. 290 00:08:52,470 --> 00:08:54,120 The email address and phone numbers 291 00:08:54,120 --> 00:08:56,100 of the person who registered that domain, 292 00:08:56,100 --> 00:08:57,990 As well as the technical points of contacts. 293 00:08:57,990 --> 00:08:59,490 Billing points of contacts, 294 00:08:59,490 --> 00:09:02,130 and other administrative points of contacts. 295 00:09:02,130 --> 00:09:03,870 Additionally, you're gonna be able to figure out 296 00:09:03,870 --> 00:09:05,550 who the domain's registrar is, 297 00:09:05,550 --> 00:09:06,383 which could be something 298 00:09:06,383 --> 00:09:07,530 you might want to use inside of 299 00:09:07,530 --> 00:09:10,200 a spear-phishing campaign or a phishing campaign 300 00:09:10,200 --> 00:09:11,190 because you can send emails 301 00:09:11,190 --> 00:09:13,350 pretending to be that registrar. 302 00:09:13,350 --> 00:09:14,490 In addition to all this, 303 00:09:14,490 --> 00:09:16,620 you'll also find out the status of the domain, 304 00:09:16,620 --> 00:09:17,760 which means you'll be able to figure out 305 00:09:17,760 --> 00:09:19,800 when it is up for renewal, deletion, 306 00:09:19,800 --> 00:09:22,200 transfer or other related information, 307 00:09:22,200 --> 00:09:23,790 And finally, you'll figure out 308 00:09:23,790 --> 00:09:24,960 what are the name servers 309 00:09:24,960 --> 00:09:27,360 that are being used by that domain. 310 00:09:27,360 --> 00:09:29,100 With those name server records, 311 00:09:29,100 --> 00:09:30,120 you can actually conduct 312 00:09:30,120 --> 00:09:32,460 a zone transfer of the DNS records 313 00:09:32,460 --> 00:09:35,010 from the name server onto your local machine 314 00:09:35,010 --> 00:09:37,110 so you can analyze them offline as well. 315 00:09:37,110 --> 00:09:37,943 This is another way 316 00:09:37,943 --> 00:09:39,480 that people do this in reconnaissance, 317 00:09:39,480 --> 00:09:41,730 but that is more of an active phase 318 00:09:41,730 --> 00:09:42,840 than a passive phase 319 00:09:42,840 --> 00:09:43,830 because you're now touching 320 00:09:43,830 --> 00:09:45,150 somebody else's server. 321 00:09:45,150 --> 00:09:46,950 Now, one of the things I do wanna mention 322 00:09:46,950 --> 00:09:49,140 about the Whois information is that it's not 323 00:09:49,140 --> 00:09:52,110 nearly as valuable these days as it used to be. 324 00:09:52,110 --> 00:09:54,327 In the old days, there was no privacy protections 325 00:09:54,327 --> 00:09:56,490 for the information in a Whois database. 326 00:09:56,490 --> 00:09:58,560 It was all public source open knowledge 327 00:09:58,560 --> 00:10:00,120 that anybody could look at, 328 00:10:00,120 --> 00:10:01,140 but these days, 329 00:10:01,140 --> 00:10:02,730 people can pay a little bit extra 330 00:10:02,730 --> 00:10:04,830 to have their information kept private, 331 00:10:04,830 --> 00:10:05,663 and by doing that, 332 00:10:05,663 --> 00:10:07,230 the organization will have it say, 333 00:10:07,230 --> 00:10:08,580 privacy blocked when you're looking 334 00:10:08,580 --> 00:10:09,900 for the email, phone number 335 00:10:09,900 --> 00:10:12,090 or names associated with a given record. 336 00:10:12,090 --> 00:10:13,140 Even though that's the case, 337 00:10:13,140 --> 00:10:14,340 it's still good idea to look at 338 00:10:14,340 --> 00:10:15,300 the Whois Records 339 00:10:15,300 --> 00:10:16,770 because some people are too cheap 340 00:10:16,770 --> 00:10:18,270 to pay for that privacy, 341 00:10:18,270 --> 00:10:20,250 and there's other ways to find that information 342 00:10:20,250 --> 00:10:21,990 out by linking with other sources 343 00:10:21,990 --> 00:10:23,340 of open-source intelligence 344 00:10:23,340 --> 00:10:24,843 that you can then find online. 345 00:10:25,933 --> 00:10:28,355 (logo chimes) 23770