This is just the start of our master OSINT list, but i wanted to put out the ones we talked about in class as a reference for further practice. Many links and edits will be made to this page in the future so watch close! And as always GET THE MONEY!
http://www.jigsaw.com/ <- find employees info
http://www.linkedin.com/ <-<- find employees info
http://entitycube.research.microsoft.com/ <- business and personal relationship maps
http://www.hoovers.com/ <- finance, market and executive info
http://www.intelius.com/<- find business relationships and personal info
http://littlesis.org/ <- find business relationships
http://muckety.com/ <- find business relationships
http://pentest-standard.org/index.php/PTES_Technical_Guidelines <- Primer on Intel Gatehering with step by step
http://www.microsoft.com/web/solutions/bing-twitter.aspx <- see who is tweeting in a specific area
http://www.spokeo.com/<- Find target personal info
http://www.advancedbackgroundchecks.com/ <- good for finding addresses n locating people
http://namechk.com/ <- find targets alias on many social networks
http://knowem.com/ <- find targets alias on many social networks checks 500+ sites for username
https://appexchange.salesforce.com/category/intelligence <- Personell intel/osint
http://pastebin.com/ <- look for intel leaks, hacks, password drops
http://www.emailsherlock.com/ <- find syntax for any corp email address
https://github.com/ <- look for their sourcecode/passwords/etc
http://www.robtex.com/ <- find network/netblock info
http://www.shodanhq.com/ <-search portscan and banners of target
https://github.com/wick2o/gitDigger <- search github archive passwords and sensetive info
http://tineye.com <- image based search
http://www.jailbase.com/ <- search mugshots with facial recognition
http://www.bing.com/ <- remember... bing powers facebook's graph search AND has facial recognition
http://wigle.net/ <- global wifi network search
http://webmii.com/ <- Personal info/pix
http://www.zabasearch.com/ <- personal info like spokeo and others, make a fake facebook acct and get premium for free!
https://pipl.com/ <- another spokeo/zabba type site
http://pentest-tools.com/?p=home <-remote portscan and profile company
https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home RECON-NG <- Osint framework
https://www.elevenpaths.com/labstools/foca/index.html FOCA <-metadata,docs,newtork discovery
http://www.offensivecountermeasures.com/forum/topics/pushpin-1 PUSHPIN <-social network monitoring
http://www.paterva.com/web6/ MALTEGO/CASEFILE <- Osint framework/information mapping tool
http://www.touchgraph.com/navigator Touchgraph NAVIGATOR<- relationship mapping
http://nodexl.codeplex.com/<- NODE XL relationship mapping
https://github.com/SMRFoundation/ThreadMill <- ThreadMill is a software framework for processing and visualizing message-board post data.
http://www.netglub.org/ <- free maltego like base
http://ilektrojohn.github.com/creepy/ CREE.py <- geolocation tool for twitter/fb and others
http://www.rtl-sdr.com/big-list-rtl-sdr-supported-software/ <-Software Defined Radio List of Programs.
http://www.onstrat.com/osint/ <- IMO, the best collection of OSINT links on the internet!
http://www.phibetaiota.net/ <- tons of intel based resources/reviews and blogs
http://www.phibetaiota.net/wp-content/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf <- 2013 osint guide AWESOME!.... best PDF on osint i have ever read.
In the previous post we talked a bit about what red team engagements are, and generally what we'll cover during the training. In this post I'd like to talk a bit about one of the critical parts of a red team test, which separates it from a standard pentest: intelligence gathering.
I often like to think that a red team engagement is decided at it's earliest stages - during intelligence gathering. At that point, I can usually tell how successful will the engagement be. That's because when intel gathering is done correctly, you almost certainly have all the information you need to accomplish your goal. In the "information age" there is so much that can be gathered on an organization, it's employees, and business partners, that it has become an issue of data processing and analysis rather than actual data collection (as the guys who run PRISM ;-) ).
In the training, we'll focus on different types of intelligence gathering and profiling. We'll obviously cover the OSINT (Open Source INTelligence) methodology, while utilizing open resources, social networks, assortment of government and organizational information sites, and more.
Additionally, there is nothing more effective than actually seeing and experiencing your targets, so physical and electronic intelligence are also a crucial part of the intel gathering phase. It's always nice to already have close familiarity with a building (outside, and in) that you may end up operating in, especially when it comes to establishing a backstory and in cases where social engineering is involved.
So, DO expect to meet some really cool techniques for monitoring, recording, and visiting physical facilities, along with where and how to obtain the tools to do so (some of which we plan to include in the (in)famous goodie bag that Chris already told you about in the previous post…).
We'll discuss who to disseminate information effectively, and how to store it in ways that would make it accessible and meaningful in later parts of the red team engagement. As intel is the basis for all red team operations, he who owns the information is more likely to have an advantage when facing challenging circumstances in the field.
So far for this quick post - as I mentioned earlier, the goodie bag is shaping up to be of epic proportions, and my partner in crime is pulling some amazing tricks to make it happen for Vegas. Until next time!
p.s. image: red team pulling some intel
Please, subscribe to get an access.