Automated Open Source Intelligence (OSINT) Using APIs

Introduction

The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement. In this post, we will discuss what Open Source Intelligence (OSINT) is and why it takes so much time, as well as ways we can use various application programming interfaces (APIs) to automate much of this process for us. Hopefully this post will help shed light on the importance of proper privacy settings, and the threat of automated information gathering due to APIs.

Social Engineering Social Networks - How I Will Be Your Friend

Introduction

As detailed in a previous post, social engineering is a common, yet effective, tactic used by attackers that involves "manipulating a person to accomplish goals that may or may not be in the “target’s” best interest." This usually results in the attacker gaining unauthorized access to systems, areas, or information that would otherwise be unavailable. However, while it was briefly mentioned, we didn't really discuss the opportunities available for an attacker or pentester by utilizing one of the most common goldmines of information available today: social networks.

Almost everyone has one or more social networking profiles on one of the major social networking sites (Facebook, Twitter, LinkedIn, Google+, or Myspace), including high-value targets for a social engineering engagements (e.g. "C-level execs", President's, VP's, etc.). These profiles include information that can be critical to a social engineer when crafting the most effective spear-phishing email possible, obtaining answers to secret questions to gain access to systems, or when harvesting data that can be used in further targeted attacks. In this post, we'll look at how to utilize our social engineering skills to methodically "befriend" employees in order to quickly gain access to specific targets.

Social Engineering - Exploiting the Human Element of Security

Introduction

"Hi, this is Rick from [Internet Service Provider]. We're seeing some unusual traffic from your location. It's most likely nothing to worry about, but we have a field tech on his way to diagnose the problem. Can you make sure he has access to the network to run some quick tests?"

At most, this phone call may take 3-5 minutes, and already the risk for the target being compromised is very high, especially if the individual on the other end of the line agrees to help the "field tech" (very likely the same person who called). This technique is one very specific example of "Social Engineering," and throughout this post, we will see how these techniques are often leveraged by attackers to exploit the human element of security for malicious gain.