This is the first in my series of Red Team attacks and Blue Team defenses. This first series of attacks and defenses will focus on Phishing attacks. Today phishing attacks are still the easiest and most effective way into a targets environment.
Objective: Gather public data from our target using various sources to discover email address, employees, usernames, websites, and other data that can be used to attack our target.
Purpose: Step 1 in a Red Team engagement is to use open source intelligence (OSINT) to collect data about your target from publicly available sources. We will use various tools and techniques to perform data gathering on our target.
The first tool we will use is called the Harvester.
We will use this tool to gather email accounts, domains, and employee names of our target. We will be using Kali Linux to run this tool.
- Scan public information of your target using google.
root@kali:~# theharvester – yourtarget.com -b google
- Scan public information of your target using Linkedin (this is one of my favorites as people tend to share way to much information on Linkedin about current roles, they also tend to keep it updated).
root@kali:~# theharvester – yourtarget.com -b linkedin
- To scan using all searches use the all command.
root@kali:~# theharvester – yourtarget.com -b all
- You should now hopefully have a nice database of email addresses and full names of people that work at your target. This tool may provide little to no results if your target has excellent security practices.