Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester performs up front. Often times testers only resort to using publicly available tools which can overlook critical assets.
In this presentation, we will begin by examining some commonly overlooked methods to discover external resources. Next, we will show how to discover employees of a target organization and quickly locate their social media accounts. Finally, we will strategically identify and weaponize personal information about the employees to target the organization directly using new attack techniques. Attendees will learn an external defense evasion method, a new process to gain credentialed access, and be the first to receive a newly released tool!
While the approach is designed to assist offensive security professionals, the presentation will be informative for technical and non-technical audiences; demonstrating the importance of security-awareness for everyone.