Preview Mode Links will not work in preview mode

Tradecraft Security Weekly (Video)


Jun 27, 2017

During the reconnaissance phase of a penetration test being able to discover the external assets of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools it is possible to enumerate an organizations external assets without sending any data directly from your computer system to the target organization's subnets. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses some of the tools and techniques that can be used to do this.


LINKS:
Recon-ng: https://bitbucket.org/LaNMaSteR53/recon-ng
Datasploit: https://github.com/DataSploit/datasploit
Spiderfoot: http://www.spiderfoot.net/
Censys: https://censys.io/
Shodan: https://www.shodan.io/
Threatcrowd: https://www.threatcrowd.org/
HackerTarget: https://hackertarget.com/
Netcraft: https://www.netcraft.com/

Certificate Search Tool - crt.sh
Internet-Wide Scan Data Repository - scans.io

Full Show Notes: https://wiki.securityweekly.com/TS_Episode08