From the course: Security Testing Essential Training
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
Open-source intelligence
From the course: Security Testing Essential Training
Open-source intelligence
- [Teacher] Another passive information gathering technique is open-source intelligence or OSINT gathering. With OSINT gathering, you use publicly available repositories in an effort to identify target systems without ever touching the target systems themselves. OSINT gathering can be very useful but it's not without its drawbacks. For one, OSINT gathering could be inaccurate or outdated. OSINT gathering may return information about a system that was decommissioned months ago resulting in a false positive. Another drawback to OSINT gathering is that it's often geared toward internet-facing systems. It's highly likely that you'll find useful relevant information about live hosts on the customer's internal network using this technique. The one exception to that rule is a DNS zone transfer. If your customer hasn't properly restricted DNS zone transfers to internal authorized hosts, or better yet disabled them entirely, then…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
Network discovery2m 35s
-
(Locked)
Open-source intelligence3m 23s
-
(Locked)
Network port and service identification2m 45s
-
(Locked)
Nmap demo5m 19s
-
(Locked)
Vulnerability scanning2m 42s
-
(Locked)
Determining severity2m 10s
-
(Locked)
Nessus demo7m 49s
-
(Locked)
Wireless scanning3m 32s
-
(Locked)
Wireless testing process1m 52s
-
(Locked)
Aircrack-ng demo7m 41s
-
-
-
-