Employees & Company Info

Employee Information

We want to learn about the employees. This can help with social engineering (covered later) if we need to get to that point. We also want to see if we can find a company directory to learn about positions and who holds them. This will be helpful if we are sending phishing emails or pretending to be someone's boss. 


One of the first steps you should do is look up the address. This should be very easy to find on the company's website. As we are not interacting with their server we have moved from passive to active. I will use our campus as an example.  

Leeward CC campus locations.

Leeward CC

Going to Leeward CC homepage and scrolling to the bottom of the page you will find the information to the left. We can tell that there are two campuses one in Pearl City and the other in Wai`anae. We also have address information. Google Maps provides a great feature called "Street View." Go and load up the address of the company/business in Google Maps and go to street view and you can get a virtual tour of the companies surroundings! This clues you in on their phsyical security.  The image below you can see that Leeward CC has several golf carts for use by campus security. You can also find more information by just virtually walking around campus! See what else you can find.


While you are still on the campanies website I would see if they provide any contact information or a company directory. This might make your life easier and you do not need to go hunting for this information.  Depending on the website it might be easier to find, but spend some time searching for it and see if you can find it.  

LinkedIn

If you are unfamiliar with LinkedIn it is a professional networking platform designed for professionals and businesses. It is a social media platform that allows individuals to create profiles highlighting their professional experience, skills, education, and achievements. LinkedIn facilitates connections and interactions between professionals, companies, recruiters, and job seekers. 


Due to how LinkedIn functions it can be a treasure-trove of information! You should just search for the company/organization and start finding job posts or current/former employees. This will provide you with skills and technologies that the company uses.  

Email

Emails.  Where to start with these...


Emails are so important when it comes to PenTesting and Ethical Hacking. They play such an important role in our every day life and in our work life too! How does email play an important role? Please see the various reasons below.


Attack Surface Assessment: Email addresses associated with an organization can provide insight into the attack surface. By identifying email addresses of employees, contractors, or key personnel, ethical hackers can understand potential targets and plan their attack strategies accordingly. 

Social Engineering:  Email addresses are valuable for social engineering attacks. Ethical hackers may use email addresses to craft convincing phishing emails or conduct targeted spear-phishing campaigns. By mimicking trusted individuals or organizations, they can attempt to trick employees into revealing sensitive information, clicking on malicious links, or executing malicious attachments.

Credential Testing: Pentesters often perform credential testing by attempting to log in to systems or applications using known or leaked email addresses and passwords. This helps assess the strength of authentication mechanisms, identify weak passwords, and determine if any user accounts are vulnerable to credential-based attacks.

Account Enumeration: Ethical hackers may perform account enumeration by collecting email addresses associated with a target system or platform. This involves identifying valid email addresses to determine the existence of user accounts or to discover potential usernames for further testing or exploitation.

Phishing Attacks: Email addresses serve as essential elements in phishing attacks. Ethical hackers may need to simulate phishing campaigns to assess the security awareness of an organization or to test the effectiveness of email filtering systems. By utilizing email addresses, hackers can craft convincing phishing emails tailored to specific individuals or groups.

Password Spraying: Email addresses can be used in password spraying attacks, where hackers attempt to gain unauthorized access to accounts by trying commonly used passwords against multiple email addresses. This technique allows ethical hackers to identify weak or compromised accounts within an organization, assess password strength policies, and raise awareness about potential security risks.

Password Recovery: Email addresses are commonly used for password recovery processes. Ethical hackers may attempt to gain access to an email account associated with a target organization to test password recovery mechanisms, assess the effectiveness of account recovery procedures, or gain access to other accounts linked to that email address.

Post-Exploitation Activities: Once inside a target network, ethical hackers may utilize compromised email accounts to further their access and conduct lateral movement. Accessing email accounts allows them to gather information, escalate privileges, exfiltrate data, or gain deeper visibility into the organization's communication channels.

Below you can find several means to find email addresses associated with a company. I have provided a quick demo of how to use each of these items.

Hunter.io

Hunter.io is an online tool that can be used to find professional email addresses. Basically, we can use it to find email addresses!

Skymem.info

Skymem is the same idea as Hunter.io, just another utility that can provdide different results.

emailharvester & infoga

Tools that can be installed in Kali Linux that can also provide you with information.  

Email Google Dork

Let us use those Google Dorks to see what documents we can find!