When gathering initial information, penetration testers need to focus on an organization’s human element.
In the last article, Hisomeru covered the technical aspects of Open Source Intelligence or OSINT. OSINT traditionally comes in two different forms, Technical and Human. For penetration tests, it is equally important to know the human aspect of the target network just as well as knowing the technical aspects.
Malware and phishing attacks during a global pandemic emphasize the need for trained cyber security professionals
The staggering number of new COVID-19 cases reported every day are one reminder that the world is facing massive upheaval. With an unprecedented amount of the workforce resigned to home offices and IT teams struggling to monitor activities of their co-workers, the coronavirus has also turned into a boon for cyber criminals.
(This was originally emailed to all students and clients on March 23, 2020)
To our valued students and clients,
By now you’ve received countless emails from organizations worldwide, sharing support during this time and outlining a plan to move forward. The experience has been overwhelming both on- and off-line.
IT teams that access dark forums for cyber security intelligence are urged to use caution and practice transparency
While dark markets and the dark web can provide valuable information for cyber security professionals, organizations and individuals need to follow laws and regulations and maintain open lines of communication with law enforcement to avoid major investigative scrutiny.
Learn more about updates to our Threat Hunting Professional Course and Watch a Live Lab Demo
eLearnSecurity will release a new version of Threat Hunting Professionals (THPv2) during a live webinar on March 24th. During the one hour webinar, course creators Dimitrios Bougioukas and Slavi Parpulov will discuss the essentials of threat hunting and outline course updates that address the modern threat landscape.
Hisomeru’s final thoughts on Technical OSINT and gathering information in the initial penetration testing phase
If you missed missed part one or part two of our pentesting series, start there then come back to this article.
One of the most comprehensive ways to gather Technical OSINT on a penetration testing target is to use a search engine called “Shodan.” Shodan isn’t a normal search engine like Google or DuckDuckGo.
We updated our threat hunting training course to include new hunting TTPs that address the modern cyber security threat landscape.
eLearnSecurity is proud to announce a new version of our Threat Hunting Professional (THPv2) course. THPv2, which is slated for release on March 24th, has been fully updated with new approaches to threat hunting and modern TTPs.
Finding your cyber security dream job starts with the proper training pathway.
Penetration testing is a fulfilling and lucrative position within the cyber security industry. Otherwise known as ethical hackers, pentesters work with companies to exploit weaknesses in their network, systems, and applications to ultimately create a safer online environment.
Tools of the trade for cyber security professionals
In the first article in eLearnSecurity’s introduction to pentesting methodology, Hisomeru discussed why Technical OSINT is foundational to penetration testing and introduced tools to gather information from a client. In this article, Hisomeru continues the discussion on how to collect Technical OSINT.