Many, if not most, security professionals spend a comparatively small amount of time profiling their targets in comparison to the attack phase, and rarely step outside O/S and application enumeration. This is unfortunate, since proper enumeration can expose critical information and vulnerabilities, increasing the chances of success while reducing the noise of the attack.
In this intensive, hands-on course, two-time Defcon social engineering CTF winner Shane MacDougall will run through a gamut of tools, websites, and procedures that every penetration tester/attacker should have in their toolkit, and collect data points that at might not seem relevant, but can in fact yield huge lift to the attacker, all without sending a single packet to the target network.
Basic computer skills, understanding of basic security concepts
USB stick with all required software
Shane MacDougall is a two-time winner of the Defcon Social Engineering Capture The Flag, and has placed in the top three of the attack portion in every year of the contest's existence. He runs the threat intelligence program for Intuit, and is a principal partner in Tactical Intelligence, a boutique InfoSec consulting firm in Canada that specializes in social engineering and corporate information gathering. Mr. MacDougall started in the computer security field in 1989 as a penetration tester with KPMG, and worked on the attack side of the field until 2002, when he joined ID Analytics, the world's largest anti-identity theft detection company as the head of information security. In 2011 he left the firm to start his own company. Mr. MacDougall has presented at several security conferences, including BlackHat Abu Dhabi, BlackHat EU, BSides Las Vegas, DerbyCon, LASCON, and ToorCon. He is currently doing research in the areas of integrating near-realtime OSINT into IDS/SIEM, as well as the generation of a realtime pre-text generator..