- Lists of employees for targeted social engineering
- Website sub-domains that contain additional sites
- Forum posts from employees containing code snippets, applications in use, and specific technologies
- Employee passwords and hashes from recent 3rd party compromises
At this point we can type ‘help’ to see a list of available commands, or begin by actually loading specific modules. I’m going to start by seeing what I can learn about the Secure Ideas company. One module that might help scrapes the Jigsaw.com website for employees. We can load the module using the following command.
Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at email@example.com or visit the Secure Ideas – Professionally Evil site for services provided.