The remote assessment methodology focuses on direct observation of an organization and their infrastructure, consisting of passive reconnaissance of publicly available data sources ("Open Source Intelligence") This allows the auditor to identify publicly available resources (such as websites, extranets, email servers, but also social media information) connected to the organization and remotely gather information about those resources.
While much of SAFETAG focuses on digital security challenges within and around the office, unintended information available from "open sources" can pose real threats and deserve significant attention. This also builds the Auditor's understanding of the organization's digital presence and will guide specific vulnerabilities to investigate once on site.
Open Source Intelligence (General)
Standard: Intelligence Gathering (The Penetration Testing Execution Standard)
Guide: "Passive Reconnaissance" (Security Sift)
Tool: "NameChk account search" (NameChk)
List: "Open Source Intelligence Links" (Intel Techniques)
List: "OSINT Tools - Recommendations List Free OSINT Tools." (subliminalhacking.net)
Guide: "OWASP Testing Guide v4 - Information Gathering" (OWASP)
Organizational Information Gathering
Searching
Online Courses: Power Searching and Advanced Power Searching online courses (Power Searching With Google)
Online Course: Advanced Power Searching By Skill (Power Searching With Google)
Cheat Sheet: Google Search Operators (Google Support)
Cheat Sheet: Google Hacking and Defense Cheat Sheet (SANS)
Cheat Sheet: Google Searchable Filetypes (Google Support)
Cheat Sheet: Google Search Punctuation Operators (Google Support)
Cheat Sheet: Google Power Searching Quick Reference Guide (Power Searching With Google)
Database: Google Hacking Database (Exploit Database)
Pastebin Searching
Article: "Using Pastebin Sites for Pen Testing Reconnaissance" (Lenny Zeltser)
Custom Search "This custom search page indexes 80 Paste Sites:" (Intel Techniques)
Article "Pastebin: How a popular code-sharing site became the ultimate hacker hangout" (Matt Brian)
Advanced Search "Github Advanced Search" (Github)
Recon-ng
Site: "Recon-ng: Website" (Bitbu * Guide: [The Recon-ng Frameworkcket)
Type: "Recon-ng: Usage Guide" (Bitbucket)
Demonstration: "Look Ma, No Exploits! – The Recon-ng Framework - Tim "LaNMaSteR53" Tomes" (Derbycon 2013)
Guide: toolsmith guide to Recon-ng
Video: Tektip ep26 - Information gathering with Recon-ng Video Tutorial
Guide: The Recon-ng Framework : Automated Information Gathering
undefined