Wednesday, January 30, 2008

Collecting Data, knowing is half the battle

Collecting Data on a target.

Is there a particular company you want to know about. You would like to know about how they work their systems etc… If you’re an employee of the company you are in a great position for data collection, but let’s say you’re not.

Collecting Data from public sources.

Go to their website and read about them. If there is a staff directory take notes on the people high up in the organization, also take notes on any tech people that may be listed. Just generally get a feel for how the company operates. Do a WHOIS on their website, take notes on phone numbers and technical contacts. The people who look the most “interesting”, look up in maltego. Look the numbers up in maltego as well. Get a feel for these people. Visit their myspace pages, find out pets and kids names, and keep notes. A lot of people use their pets and kids names as passwords or something like mrskitty1. Instead of mrskitty.

Ok now the fun part. Go throw their dumpsters. Look for policy documentation or technical documentation. Burned cd’s, old hardrives, post-it notes are a boon. Lots of people write their passwords on post it notes.

No comments: