Many, if not most, security professionals spend a comparatively small amount of time profiling their targets in comparison to the attack phase, and rarely step outside O/S and application enumeration. This is unfortunate, since proper enumeration can expose critical information and vulnerabilities, increasing the chances of success while reducing the noise of the attack.
In this intensive, hands-on course, two-time Defcon social engineering CTF winner Shane MacDougall will run through a gamut of tools, websites, and procedures that every penetration tester/attacker should have in their toolkit, and collect data points that at might not seem relevant, but can in fact yield huge lift to the attacker, all without sending a single packet to the target network.
Pentesters, IT security personnel, IT Auditors, investigators
Basic computer skills, understanding of basic security concepts
Laptop running Windows and Linux, community version of Maltego, Pythonand Ruby, foca, recon-ng.
USB stick with all required software
Shane MacDougall is a two-time winner of the Defcon Social Engineering Capture The Flag, and placed in the top three of the attack portion in every year he competed. He is principal partner at Tactical Intelligence, and a security analyst for JL Bond Consulting. Mr. MacDougall started in the computer security field in 1989 as apenetration tester with KPMG, and worked on the attack side of the field until 2002, when he joined ID Analytics, the world's largest anti-identity theft detection company as the head of informationsecurity. In 2011, he left the firm to start his own company. Mr. MacDougall has presented at several security conferences, including Black Hat Abu Dhabi, Black Hat EU, BSides Las Vegas, DerbyCon, LASCON,and ToorCon. He is currently doing research in the areas of integrating near-realtime OSINT into IDS/SIEM, as well as the generation of a realtime pre-text generator.