1
00:00:00,240 --> 00:00:03,300
OK so you don't have to follow along this video.

2
00:00:03,300 --> 00:00:08,160
I just kind of want you to start getting the wheels spinning and thinking about other items that we

3
00:00:08,160 --> 00:00:11,410
could be looking for when it comes to O.S..

4
00:00:11,610 --> 00:00:22,080
Now we could look on a Web site like LinkedIn or Twitter and find useful information.

5
00:00:22,080 --> 00:00:25,810
I was on this Web site for literally one minute.

6
00:00:25,830 --> 00:00:26,660
I've logged in.

7
00:00:26,670 --> 00:00:31,350
I went to Tesla and I've already kind of found something and I want to show you how fast this is.

8
00:00:31,530 --> 00:00:39,390
So you come in here and you go to Tesla the company the company page here and I love to click on images.

9
00:00:39,420 --> 00:00:42,930
There's always employee photos on images.

10
00:00:42,930 --> 00:00:49,050
Now you scroll down a little bit and you can see somebody has recently posted a picture of their internship

11
00:00:49,050 --> 00:00:58,950
at Tesla and what we can do is click on the picture and look for things like badge photos or desk fixtures

12
00:00:58,950 --> 00:01:00,630
or anything of the sorts.

13
00:01:00,630 --> 00:01:06,840
Now good employees are told to hide their badges from pictures and you could see they've done a pretty

14
00:01:06,840 --> 00:01:07,530
good job.

15
00:01:07,950 --> 00:01:11,690
But if you look down here right down here it's hard to zoom in.

16
00:01:11,700 --> 00:01:15,300
But there is 100 percent a badge there.

17
00:01:15,360 --> 00:01:16,650
Is this a great picture.

18
00:01:16,650 --> 00:01:24,540
No but this is a good example of an easy way to find a badge is utilizing social media and you can find

19
00:01:24,570 --> 00:01:25,610
a lot of stuff.

20
00:01:25,650 --> 00:01:28,030
Very very very quickly.

21
00:01:28,080 --> 00:01:35,800
So another thing to point out too is that Twitter is a goldmine for these kinds of things.

22
00:01:35,980 --> 00:01:41,750
I have found badge pictures desk pictures software all kinds of stuff.

23
00:01:41,750 --> 00:01:49,270
The Twitter and the linked ID now from the non physical perspective or information gathering perspective

24
00:01:49,270 --> 00:01:51,910
for what seems like physical assessments.

25
00:01:51,910 --> 00:01:58,300
The other thing to point out is that it's really good to find the people like LinkedIn is great so we

26
00:01:58,300 --> 00:02:01,410
can come in here and we can find members right.

27
00:02:01,430 --> 00:02:03,260
And these are all going to say LinkedIn members.

28
00:02:03,280 --> 00:02:10,300
I don't have this account is just kind of my my peeping account that I just utilize when I want to look

29
00:02:10,330 --> 00:02:16,240
in not trigger anything weird when I'm looking at a company because if somebody sees me as a person

30
00:02:16,240 --> 00:02:21,730
looking at a company you might say why is this guy looking at my profile so we might not get names if

31
00:02:21,730 --> 00:02:26,380
you don't have the premium on some of these you might see LinkedIn member but you can also dig some

32
00:02:26,380 --> 00:02:32,890
names like here's a name here's a name here's a name and you take those names and you remember the formatting

33
00:02:32,950 --> 00:02:34,290
from before right.

34
00:02:34,300 --> 00:02:38,460
We had the formatting when we looked at a hundred IO and we said OK.

35
00:02:38,470 --> 00:02:40,200
First initial last name.

36
00:02:40,240 --> 00:02:44,340
Well I might take a first initial last name here and I'll add that to my list.

37
00:02:44,380 --> 00:02:51,280
Now we could utilize scrapers out there to look through the employee lists and pull down all the the

38
00:02:51,280 --> 00:02:55,240
names and then transfer those names into first initial last name.

39
00:02:55,300 --> 00:02:59,720
You could write a script to do that with Python if you want to challenge yourself to do that.

40
00:02:59,800 --> 00:03:04,930
I guarantee you there are tools out there to do this but this is the kind of information that we're

41
00:03:04,930 --> 00:03:06,030
after we're after.

42
00:03:06,030 --> 00:03:09,370
What kind of credentials can we gather and this loops all back.

43
00:03:09,370 --> 00:03:13,140
This is the the the wheels spinning here right.

44
00:03:13,210 --> 00:03:19,150
You want email addresses when we're talking network and we're talking what you're going to be doing

45
00:03:19,150 --> 00:03:20,550
with these kind of assessments.

46
00:03:20,560 --> 00:03:25,980
You want these email addresses you want anything that's been a part of a breach current credential leak.

47
00:03:26,110 --> 00:03:26,500
Right.

48
00:03:27,340 --> 00:03:32,680
And you just want as much information on the employees as you can gather when you take all these email

49
00:03:32,680 --> 00:03:36,060
addresses and it says something it says thirty four thousand employees.

50
00:03:36,190 --> 00:03:36,590
Do you take.

51
00:03:36,600 --> 00:03:38,440
Thirty four thousand employees.

52
00:03:38,500 --> 00:03:44,980
I would almost bet money on it that one of these employees has a password or something like fall 20

53
00:03:44,980 --> 00:03:49,430
19 or winter 20 19 exclamation or something like Tesla.

54
00:03:49,450 --> 00:03:52,800
One two three four exclamation.

55
00:03:52,960 --> 00:03:58,960
People are always the weakest point of an organization and people will be lazy with their passwords

56
00:03:59,380 --> 00:04:01,750
unless you absolutely force them to use long passwords.

57
00:04:01,750 --> 00:04:08,380
I do not know Tesla's password policy but I get in almost every external assessment with a weak password

58
00:04:08,380 --> 00:04:11,250
like fall 2019 or winter 2019.

59
00:04:11,320 --> 00:04:16,420
So I want you to think about these things we're not gonna go to death into social media but have that

60
00:04:16,420 --> 00:04:18,370
in your wheelhouse as well.

61
00:04:18,400 --> 00:04:24,580
We're just trying to utilize as much resources that are out there in order to use them for our advantage.

62
00:04:24,850 --> 00:04:29,920
So there's a lot of tools that I've shown you and I giving you a lot of the basics and really that's

63
00:04:29,980 --> 00:04:31,450
all you need for information gathering.

64
00:04:31,450 --> 00:04:33,380
Google is your best friend.

65
00:04:33,490 --> 00:04:39,250
Utilize Google to your full advantage utilize social media people post things all the time.

66
00:04:39,250 --> 00:04:46,240
They shouldn't be posting and just dig deep information gathering is one of the most important steps

67
00:04:46,360 --> 00:04:48,670
along with scanning enumeration.

68
00:04:48,670 --> 00:04:53,950
Keep repeating that to yourself and you'll be very very successful as a penetration tester.

69
00:04:53,950 --> 00:04:56,010
So that is it for this section.

70
00:04:56,020 --> 00:05:01,720
I kind of just wanted to give a brief overview of this and then give you some ideas to get your wheels

71
00:05:01,720 --> 00:05:04,160
spin and really think about it.

72
00:05:04,210 --> 00:05:07,360
Again we're harping on breach credentials mainly.

73
00:05:07,510 --> 00:05:12,120
So from here we're going to move into scanning in immigration.

74
00:05:12,130 --> 00:05:18,160
We're going to start doing our hacking getting into the real weeds of hacking and I'm very very excited

75
00:05:18,160 --> 00:05:19,050
about that.

76
00:05:19,150 --> 00:05:23,560
And you're going to see some of the stuff that you've seen before when it comes to reconnaissance pop

77
00:05:23,560 --> 00:05:24,450
back up.

78
00:05:24,490 --> 00:05:28,600
So I'm excited to see this play out through the course and how we're going to utilize it.

79
00:05:28,600 --> 00:05:30,850
So that's it for this section.

80
00:05:30,880 --> 00:05:35,530
I'll look forward to seeing you in the scanning enumeration section so I will catch you over there.