#PART 1 - INFORMATION GATHERING#
The social engineer’s mantra is “I am only as good as the information I gather” and as most of you know, Information == Power. So it goes without saying that information gathering is the most important step of any SE Attack. Of course having good social skills and the ability to improvise may help you, but the more information you gather, the more you’re likely to suceed. To reduce the risk of failure, a good social engineer tries to find every bit of information, every little detail about the target (wether it’s a company or a human being). That being said, no piece of information is useless.
_ ORGANIZING INFORMATION _
As you start gathering information and creating profiles on possible targets, it may be difficult to organize, manage and use that information so creating specific files might be a good idea. I personally recommend using Maltego CE as it is a very flexible tool and quite intuitive to use and comes pre-installed in Kali (?future tutorial maybe?)
_ GATHERING INFORMATION _
When it comes to actually gathering information, you have to change the way you view everything, you have to analyze the collected information in various angles and perspectives, i.e instead of seeing trash as just garbage lying around, see it as an opportunity to obtain knowledge of your targets’ interests and what he likes/dislikes or what might seem an irrelevant blog or forum post, might actually contain some useful information…
A lot of information can be gathered by Google Dorking or looking into those “controlled isolated bubbles” (anyone got the reference?) we call social networks (Facebook, Twitter, LinkedIn, Instagram…). Due to the continous growth of social networks and the willingness of people to share so much about their lives, nowadays it’s really easy to gather information on a certain target and his “affiliates”, i.e their interests, habits, hobbies, family & friends etc… that can tell us alot about them and at the sometime allows us to do a great amount of recon without getting into direct contact with the target (“Passive Recon” if you will).
By visiting a companies’ website, or even a personal one, you can also retrieve a lot of valuable information, like what do they do and what services they offer, contact information (emails, phone numbers, etc), maybe a forum and probably a location.
It’s always a good idea to check any public data or public records, since they might have additional information like income/profit reports. Again, no piece of information is useless.
On a more physical approach, tailling and observing a given target is a great way to get to know their routines and help create a profile. After a methodical study of the targets’ routine you could approach him/her and engage in a casual conversation (NOTE: It’s really important to think ahead of the questions you’ll ask, to try and get information from the target with him/her knowing).
If your target is a corporation, you could start by doing some dumpster diving to obtain some confidential intel (you’d be surprised how careless people are with what they put in the trash), then you could map the CCTV’s (both internal and external) and try to find out how’s the access to the building, i.e keys, RFID or some other electronic device.
Part 2 (Coming when it’s ready…) ------> ELICITATION
And that’s it guys! Hope you enjoyed the post! If you have anything to add up here, feel free to post in the comments.