Jan
05
Google and file searches on a website are good ways to accomplish manual Human OSINT. However, most penetration testers like automation. There is a tool called “Maltego” that automates many of the search processes one would use on multiple search engines and social media platforms. Maltego is an application that has many plugins that interface with APIs of various internet databases. Some of these databases are ones that previous articles have mentioned like shodan.io. These APIs can be... Read More
Dec
29
When gathering initial information, penetration testers need to focus on an organization’s human element. In the last article, we covered the technical aspects of Open Source Intelligence or OSINT. OSINT traditionally comes in two different forms, Technical and Human. For penetration tests, it is equally important to know the human aspect of the target network just as well as knowing the technical aspects. Read More
Dec
07
This is a new series of articles that will cover the complete penetration testing methodology based largely on case studies of previous hacks. These articles will cover initial reconnaissance, picking an attack vector, gaining a foothold, maintaining presence, lateral movement, and finally going after the prize. A guide to Open Source Intelligence One of the main case studies these articles will borrow from is the APT1 report published by Mandiant in 2013. Though the report focuses on a... Read More

Subscribe to INE Blog Updates

New Blog Posts!