Top
Navigation
« Is the iPhone helping with the Bad Password Problem? | Main | Backtrack 3 Beta »
Monday
Jan072008

Gathering Proper Intel

DateMonday, January 7, 2008 at 7:36PM

I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client's site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:

  • Wireless networks
  • Trash disposal methods
  • Physical security to the building
  • Open and exposed Ethernet network ports
  • Exposed USB ports
  • Unlocked and unused machines
Not everything has to be done thru the internet, most people are focused on the latest tool and not in thinking outside the box, in many of my presentation clients are impressed that their biggest hole is physical security. I know I'm ranting but I had to get it off my chest. take care and be secure.

AuthorCarlos Perez | Comment2 Comments | Print ArticlePrint Article

Reader Comments (2)

Hi, very nice blog indeed. Congrats!

i am the owner of http://forceonforce.blogspot.com Portuguese police techinques and tactics discussion blog.

Can i add your blog to my list of must read blogs?

Thanks for your atention, keep up the good work.

Jimmy

July 11, 2008 | Unregistered CommenterQuem sou

yes no problem with that

September 19, 2008 | Unregistered CommenterDarkOperator

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.