In this section, we'll show you how to use web resources, including personal search engines, social networking sites, financial services, third-party data repositories, groups, forums, blogs, and more, to obtain publically available information about the target organisation. Using this information, an attacker may build a hacking strategy to break into the target organization's network and carry out advanced system attacks.
This topic is divided into two articles. Continue Reading Part 1.
via People Search Services
Websites that list public records can be used to research an individual. With
this search, one can get information on relatives and friends, properties,
companies, social networking profiles, addresses, contact information, date of
birth, images, videos, and more.
Social Networking sites such as Facebook, Twitter, LinkedIn, and Instagram
allow you to find people by name, keyword, company, school, friends,
colleagues, and the people living around them. These websites contain
information that users provide in their profiles. These sites are a great
platform for finding people and their related information as the sites allow
people to share information in real-time. It is simple and
anonymous to look for people on social networking sites because many of them
enable visitors to do so without creating an account.
Through people searching, an attacker can gather critical information that
will help them in performing social engineering or other kinds of
attacks.
via Job Sites
On the job posting page of many organisations' websites, recruiting data is
made available, which in turn reveals hardware and software information,
network-related information, and technologies used by the business (such as
firewall, internal server types, operating system details, network appliances,
database schema, etc.).
Additionally, hackers have access to employee resumes that have been uploaded
on job sites and can pull out details like employment history. This may
disclose technical data about the target organisation. Technical
information can be gathered from job sites such as Dice, LinkedIn,
Monster.com, naukri.com, and Simply Hired to detect underlying vulnerabilities
in the target IT infrastructure.
via Business Profile Sites
A crucial element in the information-gathering process is finding helpful
information on corporate websites. Attackers can acquire vital details about
the target companies, like their location, phone numbers, email addresses,
personnel databases, department names, service offerings, and industry, by
using business profile websites like opencorporates, corporationwiki, and
Crunchbase.
via Groups, Forums, and Blogs
Attackers frequently concentrate their search for information on groups,
forums, and blogs to learn more about a target organisation and its members.
Organisations frequently overlook the exchange of information that employees
reveal to other users via such platforms. Attackers take advantage of
this and gather sensitive data about the target, including details about its
public network, its system, and the personal information of its employees
like,
- Full Name, Place of Work and Residence.
- Personal and Organizational mobile numbers and email addresses.
- Pictures of the employee's residence or work location that include identifiable information.
- Pictures of employee awards and rewards or upcoming goals.
via NNTP Usenet Newsgroups
A Usenet newsgroup is a repository containing a collection of notes or
messages on various subjects and topics that are posted by users in
different locations using the Internet. Many professionals use
newsgroups to resolve their technical issues by posting questions on
Usenet. To obtain solutions for these issues, sometimes they post more
details information about the target than needed. Attackers can get
useful information on the operating systems, software, web servers, etc. by
searching Usenet newsgroups such as Stackoverflow or mailing lists like
Newshosting, Eweka, and Supernews.
via Deep and Dark Web
To know about the Surface, Deep and Dark Web,
Click Here.
Attackers can gather private information about the target, including credit
card information, passport information, identification card information,
medical records, social media accounts, and the Aadhar Card Number, using
deep and dark web searching tools like Tor Browser, ExoneraTor, and
OnionLand Search Engine.
You might be interested in,
- Footprinting through Web Services - Part 1
- Phases of Hacking
- Introduction to Footprinting - First Step to Hacking
- Information Obtained in Footprinting
- Objective and Threats of Footprinting
- Countermeasures of Footprinting
- Footprinting - First Step on Hacking (Summary) with Tools
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment