In the past few months I've become increasingly more interested in online security and hacking. In school — where teach web development and server management — I like to educate myself and my students about online risks and techniques hackers are using against our web apps and servers. By knowing how our apps can be attacked and exploited we can all be better informed and aware of the risks that arise when building and deploying apps.
I believe the best way to learn anything is by doing. That's why I decided to try and hack my own students during our weekly labs. Every week I studied a new technique and tried to use that as an attack verctor to target my students. Sometimes these techniques were technical, other times not at all.
Of course, my students were all aware of me doing this in class and we clearly agreed on what I could do and what not. There was never a moment where I would grab their actual passwords because I would not feel comfortable doing so but we did log the length of the password in order to prove that their accounts had been compromised. However, it would have been equally easy to log the full passwords.
Please be aware that the techniques I'm writing about on this blog are illegal in most places and that you should have explicit (preferrably written) consent to test the security of certain systems. Anyway, I'm not a lawyer and you should make sure that you operate within the law.
On this blog I'll be posting small articles that will hopefully inspire you to dig deeper into certain topics. These are not in-depth articles explaining step by step how to perform certain hacks but I'll make sure to link to more detailed videos or tutorials where possible.
What is information gathering and why do we need it?
There are many paths you can take when trying to attack a target but before even thinking about a strategy it makes sense mapping out and gathering as much information about your target as you can get. Gathering information will most likely help you to identify low-hanging fruit you would normally not know about.
One way to gather that low-hanging fruit is by using a tool such as Maltego. My mind was blown the first time I used this fantastic research tool. Within minutes Maltego will allow you to gather email addresses, hosting information, domain names owned, data breaches someone was involved in, social media connections, operating systems, tech stacks and much more.
Data is not intelligence
There's a lot of data you can gather on a target just by browsing and looking online. What's difficult is analyzing and organizing all that data into an actionable dataset. This conversion of raw data into such a dataset is what you could call intelligence. Maltego does just that.
If you want to see how it's done, here's a good beginner tutorial that shows you how to start off with nothing more than a simple domain name.
Once you have mapped out the data about your target you can start thinking about a possible attack. One example could be to spoof an email coming from a company your target is seemingly doing a lot of business with or where they are hosting their infrastructure and pivot from there.
Maltego makes it a lot easier to think about potential attack strategies by visualizing and linking all available data about your targets. Give it a try and I'll assure you that you will be a lot more careful in the future about what kind and how much data you share online and on social media.