As a SANS instructor, we are always looking to improve our skills and knowledge. I’ve been teaching SEC401 (GSEC) and SEC560 (GPEN) for some time now, and I had been looking for additional training to supplement my knowledge in the areas those classes cover. I had heard so many great things about SEC504 (GCIH), that I decided to take it. Even though it has some overlap with 401 and 560, it covers a lot of different tools and techniques, and is more focused from the viewpoint of a blue team member.
One of the tools we use in this course I called Spiderfoot. Now, this is a very interesting tool, and as with many tools in the Information Security world, there are both commercial and open-source community versions. This tool is focused on pulling OSINT information about a target domain or keyword. OSINT, or Open Source INTelligence, is the practice of discovering information about a target from publicly available information, such as DNS records, social media, website text, and correlating the data and metadata found against various sources. In this way, one can build a detailed map about a target organization with very little initial seed data.
The challenge here is that sometimes it gets things wrong. Here’s a recent example. I decided to run the tool pointed at a friend’s site to see what it could come up with. Over a period of a couple hours, it had scraped metadata to find some usernames, and compared those to various other websites where they might also have accounts. It worked pretty well, except that one of the users has a very common name, and his username was in the format of ‘firstnamelastname.’ The tool found a user account of the same name on Wikipedia, where that ..
Support the originator by clicking the read the rest link below.
