Showing posts from February, 2019

09 - How to maybe not be so bad at OSINT?

09 - How to maybe not be so bad at OSINT?
Disclaimer: For this post, I've taken a lot of IP / DNS info from google and simply modified it to be similar to a scenario I encountered a little while back at work.  It's not intended to be perfect, nor accurate as far as the DNS information goes, this post is just about the process.
BlAcK bOx TeStInG?A while ago we had a client who had requested a 'full black-box test', as they'd put it.  As a tester, visions of grandeur and epic hacks flooded my mind straight away, imagining myself owning the perimeter in some non-specific way, dodging IPS laser beams, battling AI defenses-- but definitely getting root.

Thinking about it though, I realized that my OSINT skills aren't actually all that sharp...  What would happen if, say, the client didn't have any IPs registered to them?  Could we locate IPs to test?  There are lots of ways, but when it came down to it, how would I?

After many logistics, and what I'd assume wa…