Module 03: Open Source Intelligence (OSINT) Methodology

Objective

The objective of this lab is to help students learn different techniques to gather information about a company; you will learn how to:

• Extract a company’s information
• Perform network tracerouting
• Perform passive OS fingerprinting

Scenario

Penetration testing is much more than just running exploits against vulnerable systems. In fact, a penetration test begins before penetration testers have even made contact with the victim’s systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to the target system, or at the very least make the target un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the target network with no preparation.

A penetration tester collects the information of a company such as internal and external links of the company’s website, people working in the company, geographical location, DNS information, competitive intelligence, network range etc. This information is collected in order to search for vulnerabilities, so as to exploit and sniff valuable information. In order to become an expert penetration tester and security auditor, you must know various techniques to gather a company’s information