Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester performs up front. Often times testers only resort to using publicly available tools which can overlook critical assets.
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingCorporateIntel.pdf
In this one-hour BHIS webcast (recorded live on 4/16/19), we will begin by examining some commonly overlooked methods to discover external resources. Next, we will show how to discover employees of a target organization and quickly locate their social media accounts. Finally, we will strategically identify and weaponize personal information about the employees to target the organization directly using new attack techniques.
You will learn an external defense evasion method, a new process to gain credentialed access, and get a demo on a newly released tool — FireProx!
While the approach is designed to assist offensive security professionals, the webcast will be informative for technical and non-technical audiences; demonstrating the importance of security-awareness for everyone