1 00:00:00,330 --> 00:00:04,950 ‫People who are related to the target company are always one of the most important resources to collect 2 00:00:04,950 --> 00:00:05,580 ‫information. 3 00:00:06,120 --> 00:00:07,650 ‫Here's a stunning example. 4 00:00:07,980 --> 00:00:14,850 ‫In September 2017, The Guardian reported that Deloitte suffered a cyberattack that breached the confidentiality 5 00:00:14,850 --> 00:00:22,740 ‫of its clients and 244,000 staff allowing the attackers to access usernames, passwords, IP addresses, 6 00:00:22,890 --> 00:00:26,400 ‫architectural diagrams for businesses and health information. 7 00:00:26,940 --> 00:00:33,300 ‫A developer working for Deloitte as an outsource put the credentials to GitHub so anyone who visits 8 00:00:33,300 --> 00:00:38,550 ‫his GitHub account could see the credential to access the critical systems of Deloitte. 9 00:00:39,320 --> 00:00:44,490 ‫And you think this single example is enough to show that searching for people who are related to target 10 00:00:44,490 --> 00:00:47,880 ‫company is one of the most important parts of information gathering. 11 00:00:48,510 --> 00:00:51,480 ‫In which social network platforms do they have accounts? 12 00:00:51,780 --> 00:00:52,920 ‫What do they share? 13 00:00:53,250 --> 00:00:54,060 ‫Etc.. 14 00:00:55,800 --> 00:00:59,070 ‫Why you're collecting the information about the target company. 15 00:00:59,250 --> 00:01:01,710 ‫You're going to find the people who work for it. 16 00:01:03,420 --> 00:01:04,110 ‫Hey, guess what? 17 00:01:04,470 --> 00:01:07,500 ‫So you can find more about those people using web. 18 00:01:07,500 --> 00:01:13,060 ‫My Ecom great website with the world's largest people's search engine web. 19 00:01:13,080 --> 00:01:19,410 ‫My is a place to find the person behind the email address, Twitter, address, LinkedIn address, whatever 20 00:01:19,410 --> 00:01:20,010 ‫you got. 21 00:01:20,960 --> 00:01:21,230 ‫Web. 22 00:01:21,230 --> 00:01:22,280 ‫Millions of people. 23 00:01:22,460 --> 00:01:25,370 ‫Search engine tries to be a little different too. 24 00:01:25,670 --> 00:01:31,760 ‫Rather than just go off and hunt for email addresses, actually tries to search through the deep and 25 00:01:31,760 --> 00:01:39,230 ‫invisible and hidden, dark, horrible places that no other search engine dares to dread. 26 00:01:40,450 --> 00:01:40,780 ‫Anyway. 27 00:01:40,780 --> 00:01:42,550 ‫The interface is simple. 28 00:01:42,850 --> 00:01:50,440 ‫You type in a name, there's some optional keywords, then send it off, find if it'll bring anything 29 00:01:50,440 --> 00:01:51,040 ‫back to you. 30 00:01:52,540 --> 00:01:55,280 ‫Might actually be fun to see what it'll find on you. 31 00:02:09,220 --> 00:02:14,260 ‫If you find usernames or nicknames while collecting data about the target company, you should investigate 32 00:02:14,260 --> 00:02:17,020 ‫if the username or nickname is used in social networks. 33 00:02:17,500 --> 00:02:20,440 ‫Instead of trying the social network platforms one by one. 34 00:02:20,650 --> 00:02:23,050 ‫You can use check usernames dcoms. 35 00:02:23,050 --> 00:02:25,660 ‫Website Check Usernames Dcoms. 36 00:02:25,660 --> 00:02:29,000 ‫Searches the given username on 160 social networks. 37 00:02:29,410 --> 00:02:33,010 ‫Go to the social network platforms where the username or nickname exists. 38 00:02:33,370 --> 00:02:37,630 ‫Look at the profile of the user to learn more about the person from the target company. 39 00:02:38,410 --> 00:02:43,300 ‫If you somehow got the password of a person from the target company, you can try the password and social 40 00:02:43,300 --> 00:02:44,260 ‫network platforms. 41 00:02:44,770 --> 00:02:51,190 ‫If the person used the same username or password in any social network platform most people do, you 42 00:02:51,190 --> 00:02:54,040 ‫can compromise that account attention here. 43 00:02:54,280 --> 00:02:56,980 ‫Try the username and password values to compromise. 44 00:02:56,980 --> 00:03:03,100 ‫The social network platform accounts only if you allow to do it, even though the penetration test agreement 45 00:03:03,100 --> 00:03:04,630 ‫between the company and you allow it. 46 00:03:04,870 --> 00:03:07,840 ‫In most countries, you're not allowed to do this.