a fresh new look into information gathering...a fresh new look into information gathering christian...
TRANSCRIPT
![Page 1: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/1.jpg)
A fresh new look into Information Gathering
Christian MartorellaIV OWASP MEETING SPAIN
![Page 2: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/2.jpg)
Who am i ?
Christian Martorella Manager Auditoria S21sec
CISSP, CISA, CISM, OPST, OPSA
OWASP WebSlayer Project Leader
OISSG, Board of Directors
FIST Conference, Presidente
Edge-Security.com
![Page 3: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/3.jpg)
Information Gathering
“Denotes the collection of information before the attack. The idea is to collect as much information as possible about the target which may be valuable later.”
![Page 4: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/4.jpg)
OSINT: Open Source INTelligence
“Is an information processing discipline that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”
![Page 5: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/5.jpg)
Penetration test anatomy
Information Gathering
Discovery / Fingerprinting
Vulnerability analysis
Exploitation
Reporting
![Page 6: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/6.jpg)
Types of I.G
Passive Active
![Page 7: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/7.jpg)
I.G - Types of information
Domain, subdomain/host names dev.target.com
User names jdoe
Email Accounts [email protected]
Person names John Doe
![Page 8: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/8.jpg)
I.G what for?
Infraestructure:
Information for discovering new targets, to get a description of the hosts (NS,MX, AS,etc), shared resources
People and organizations:
For performing brute force attacks on available services, Spear phishing, social engineering, investigations, analysis, background checks, information leaks
![Page 9: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/9.jpg)
How can we obtain this kind of info?
![Page 10: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/10.jpg)
Obtaining host and Domains info - Classic
Zone Transfer (active)
Whois (passive)
Reverse Lookup (active)
BruteForce (active++)
Mail headers (active)
smtp (active++)
![Page 11: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/11.jpg)
Zone-Transfer - DIG
TesterDNS
server
request: dig @srv.weak.dns weak.dns -t AXFR
![Page 12: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/12.jpg)
DNS bruteforce
TesterDNS
server
Dictionaryafrodita
...hermes
..matrixneo...
Domain: target.com
host afrodita.target.com
afrodita.target.com has 192.168.1.1
xx
Discoverd hosts:afrodita
neo
![Page 13: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/13.jpg)
Mail Headers
![Page 14: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/14.jpg)
Obtaining user info - Classic
Search engines (passive)
Web pages (active)
![Page 15: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/15.jpg)
New sources for I.G ...
![Page 16: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/16.jpg)
Obtaining host and Domains info
Search Engines (passive)
Public PGP key servers (passive)
serversniff.net and others (passive)
![Page 17: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/17.jpg)
Obtaining host and Domains - Search engines
subdomain
Passive
![Page 18: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/18.jpg)
Obtaining host and Domains info
The PGP public key servers are only intended to help the user in exchanging public keys
http://keyserver.veridis.com/
http://pgp.rediris.es:11371/pks/lookup?search=domain
![Page 19: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/19.jpg)
Obtaining host and Domains info
subdomains
![Page 20: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/20.jpg)
Obtaining host and Domains Subdomainer
Demo subDomainer
![Page 21: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/21.jpg)
Once we have some host names, we can improve our dictionary using Google sets, and then try a brute force attack on the dns.
Obtaining host and Domains Subdomainer
![Page 22: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/22.jpg)
Obtaining host and Domains Subdomainer
![Page 23: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/23.jpg)
WikiScanner
Company IP ranges
Anonymous Wikipedia edits, from interesting organizations
http://wikiscanner.virgil.gr/
![Page 24: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/24.jpg)
WikiScanner - IP ranges
![Page 25: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/25.jpg)
WikiScanner - Wikipedia edits
![Page 26: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/26.jpg)
Obtaining user info - New sources
PgP key servers (passive)
Social Networks (passive)
Metadata (passive)
![Page 27: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/27.jpg)
Obtaining user info - New sources
Social networks
LinkedIn is an online network of more than 15 million experienced professionals from around the world, representing 150 industries.
![Page 28: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/28.jpg)
Obtaining user info - New sources
Current JobPasts JobsEducation
Job descriptionEtc...
![Page 29: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/29.jpg)
Obtaining user info - New sources
![Page 30: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/30.jpg)
Obtaining user info - theHarvester
![Page 31: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/31.jpg)
Obtaining Emails - theHarvester
![Page 32: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/32.jpg)
Online tools
ServerSniff.net:
•NameServers reports (NS)
•Autonomous Systems reports (AS)
•Virtual hosts
![Page 33: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/33.jpg)
Serversniff MX and NS Graphs
![Page 34: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/34.jpg)
Obtaining more data - New sources
Metadata: is data about data.
Is used to facilitate the understanding, use and management of data.
![Page 35: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/35.jpg)
Obtaining more data - New sources - Metadata
Provides basic information such as the author of a work, the date of creation, links to any related works, etc.
![Page 36: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/36.jpg)
Metadata - Dublin Core (schema)
Content & about the Resource
Intellectual Property Electronic or Physical manifestation
Title Author or Creator Date
Subject Publisher Type
Description Contributor Format
Language Rights Identifier
Relation
Coverage
![Page 37: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/37.jpg)
Metadata - example
software - Adobe ImageReadysize - 1501x391mimetype - image/png
logo-Ubuntu.png
software - www.inkscape.orgsize - 1501x379mimetype - image/png
logo-Kubuntu.png
:/
![Page 38: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/38.jpg)
Metadata - ImagesEXIF Exchangeable Image File Format
• GPS coordinates
• Time
• Camera type
• Serial number
• Sometimes unaltered original photo can be found in thumbnail Online exif viewer.
![Page 39: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/39.jpg)
Metadata - EXIF- Harry Pwner
Deathly EXIF?
![Page 40: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/40.jpg)
Metadata
So where can we get interesting metadata?
![Page 41: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/41.jpg)
Metadata
Ok, I understand metadata... so what?
![Page 42: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/42.jpg)
Metagoofil
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target/victim websites.
![Page 43: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/43.jpg)
Metagoofil
User namesWorkers names Server names
PathsSoftware
versions + Date
Mac Address
![Page 44: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/44.jpg)
Metagoofilsite:nasa.gov filetype:ppt
![Page 45: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/45.jpg)
Metagoofil
ppt 1
libextractor /filtering
ppt 2
ppt 3
ppt n
Results.html
Downloaded files
![Page 46: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/46.jpg)
Metagoofil - results
![Page 47: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/47.jpg)
Metagoofil - results
![Page 48: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/48.jpg)
Metagoofil - results
![Page 49: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/49.jpg)
Metagoofil - results
![Page 50: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/50.jpg)
Metagoofil - results
![Page 51: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/51.jpg)
Metagoofil - results
![Page 52: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/52.jpg)
Metagoofil & Linkedin results
Now we have a lot of information, what can i do?
• User profiling
• Spear Phishing / Social Engineering
• Client side attacks
![Page 53: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/53.jpg)
Using resultsUser profiling
john.doejdoej.doe
johndoejohndjohn.d
jddoejohn
• Dictionary creation John Doe
ATTACK!
![Page 54: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/54.jpg)
Metadata - The Revisionist
Tool developed by Michal Zalewski, this tool will extract comments and “Track changes” from Word documents.
http://download.microsoft.com/download/3/4/9/349c2166-4d53-43f6-b1fd-970090e23216/PARTNER/MSFreeShop.doc
![Page 55: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/55.jpg)
Target information:
Email account
Google Finance, Reuters
pipl.com
Usercheck.com
![Page 56: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/56.jpg)
Google Finance & Reuters
![Page 57: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/57.jpg)
Searching for a target
![Page 58: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/58.jpg)
Usercheck.com
![Page 59: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/59.jpg)
Using resultsPassword profiling
magicserra angel
necropotenceShivan dragon
elfbrainstorm
...
...
Dictionary creation: words from the different user sites
Brute forceATTACK
![Page 60: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/60.jpg)
There are more ways to get info
![Page 61: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/61.jpg)
Kyle Doyle's Facebook profile makes it quite obvious he was not off work for a 'valid medical reason'
Phone in sick and treat himself to a day in bed.
![Page 62: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/62.jpg)
All together - Maltego
Maltego is “the only” professional Information Gathering tool.
“Information is power Information is Maltego”
![Page 63: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/63.jpg)
Maltego
![Page 64: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/64.jpg)
Maltego
![Page 65: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/65.jpg)
Conclusions
Clean your files before distribution
Web applications should clean files on upload (if it’s not needed)
Web applications should try to represent the information in a non parseable way :/
Be careful what you post/send
![Page 66: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/66.jpg)
References
www.edge-security.com
blog.s21sec.com
www.s21sec.com
carnal0wnage.blogspot.com
www.gnunet.org/libextractor
lcamtuf.coredump.cx/strikeout/www.paterva.com
![Page 67: A fresh new look into Information Gathering...A fresh new look into Information Gathering Christian Martorella IV OWASP MEETING SPAIN Who am i ? Christian Martorella Manager Auditoria](https://reader034.vdocuments.mx/reader034/viewer/2022042116/5e93bf152c9206268871d5cd/html5/thumbnails/67.jpg)
?