1. Passive information gathering is when you use an indirect approach to obtain information about your target.
  2. Passive information gathering is when you use an indirect approach to obtain information about your target. This method obtains the information that’s publicly available from many sources, thus eliminating direct contact with the potential target.

OSINT

Gathering information before exploiting and gaining access to a network or system will help the penetration tester narrow the scope of the attack and focus on the security vulnerabilities of the target. This means the penetration tester can design specific types of attacks, exploits, and payloads that are suitable for the attack surface of the target. We will begin our information-gathering phase by utilizing the largest computer network in existence: the internet.

  • Mostly we will be using different tools like Osintgram, sherlock etc or we can utilize the internet itself.

dre_1

OSINT techniques:

Sock puppet:

A sock puppet is a piece of terminology that’s used within the cybersecurity industry, especially among penetration testers. A sock puppet is simply a misrepresentation of an individual, such as creating an entire fake identity. While pretending to be someone else is unlawful, hackers always create a fake identity on the internet when gathering information about their targets. By creating a misrepresentation of a person on an online platform such as a social media website, no one knows the true identity of the account owner. Therefore, the hacker can pretend to be an employee or a mutual friend of their target to gather data about the organization.

Another key aspect of using a sock puppet is to ensure the target does not know who is performing OSINT. This is also a good practice for penetration testers to remain stealthy. One of the best way to hide yourself from getting tracked to use a VPN service.

Creating fake identity guide:

• Creating a fake identity: https://www.fakenamegenerator.com/ • Fake profile picture: https://www.thispersondoesnotexist.com/ • Using a proxy credit card: https://privacy.com/

Tip

Remember one thing that always craft usernames/ mail accounts any kind of stuff for OSINT a person, try to know about his/her’s personal life, where they work etc, and create fake identities accordingly, not just randomly.

dre_2 dre_3

  • Also we can make use of AI for random name generation, as well as Image generation : dre_4

Anonymizing traffic:

The following are common techniques that are used by penetration testers to anonymize their traffic:

  • Virtual Private Network (VPN)
  • Proxychains
  • The Onion Router (TOR)

dre_5

Tips to choose which VPN service we need to use: • Using a VPN service provider will require a paid subscription. • Ensure the VPN service provider does not keep logs or sells user data to third parties. • Ensure the VPN service provider provides unmetered bandwidth for users. • Ensure the VPN service provider supports integrating the VPN client application on your operating system. • You can use various cloud service providers such as Azure and AWS to set up your VPN servers on the cloud. • Ensure your Domain Name System (DNS) traffic is not leaking as it will reveal your geolocation data. Use a site such as DNS Leak Test (www.dnsleaktest.com) to check this. • If your VPN service does not support IPv6, ensure you disable IPv6 on your attacker machine.

I prefer Mullvad VPN.