This is the second of my 3 videos recorded at BruCon 2009.
This is the excellent presentation from Chris Gates on Open Source Information Gathering.
Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we’re on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.
Also to learn more about Chris and what hes up to check out his website.
Presentation Slides – Click Here
:: Please do not copy this video without written permission of Security Active or Chris Gates | Linking to is fine ::