Any *hat worth their salt will probably tell you a lot of technical reconnaissance, enumeration and planning goes into a vulnerability assessment or attack. However, the same group will also inform you, in some circumstances it’s far easier to have someone let you into a system, than to force entry. Social Engineering carries it’s own form of information reconnaissance, enumeration and planning, but it’s an entirely different tool-set.
Google is a great first stop for many searches, but it doesn’t provide relational links to re-construct a person’s (or organisation’s) entire web-presence, including their relationships with other subjects and resources. This is where Paterva’s Evolution offering comes into play. To assess the power of the engine, there is a simplified web interface, however for graphical representation of association, there’s also a GUI based interface for Windows, *nix, and MacOS.
This is a very powerful and interesting way of manipulating search data via objects. This tool is a social engineer’s and auditor’s gold mine, and will probably also be gracing the desktop of any budding cyber-stalker :-| However, it’s all public information that’s available via searching through a number of online tools. What’s unique here is the ease of the search, and the representation of relationships and data. A great test is to audit just how much data you’ve leaked onto the Internet.
Feeds
Kudos to
1 comment
Comments feed for this article
Trackback link
http://blog.yibble.org/2007/08/09/mining-for-targets/trackback/
April 30, 2008 at 1:37 pm
Pingback from Maltego » Blog Archive » Maltego In the News