Skip to content

OSINT

Theory

When it comes to social engineering, gathering information about the target is crucial, especially if you target a specific person. **

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. (Art of war, Sun Tzu)

In this part we will see how to get information about people _**_which could be useful to personalize social engineering attacks to make them more efficient.

Practice

General search: -https://webmii.com -Google Dork : site:linkedin.com -inurl:dir “at company” “Current”

About companies: -https://opencorporates.com/ -https://www.societe.com/ (For France) Employee's feedback and information about companies: -https://www.glassdoor.fr/ -https://www.indeed.fr/companies?from=gnav-acme--acme-webapp

Social networks/medias:

Image recognition: -https://tineye.com/

Resources

https://gbhackers.com/external-black-box-penetration-testing/

https://github.com/jivoi/awesome-osint