Information Gathering Sources: Traditional
From Learn to be a true Social Engineer
Traditional sources are typically open, publicly available sources of information that don't require any illegal activity to obtain.
List of Sources
The following list covers many traditional sources:
- Corporate websites can provide a bounty of information. Spend some quality time with the site for your target and you can normally find information about the company, what they do, the products and services they provide, physical locations, job openings, contact numbers, bios on the executives or board of directors, and if there's a support forum there could be no end to the disparate nuggets sprinkled through the various posts.
- A company's publicly reachable servers are also great sources for what they don't say. Fingerprinting servers for their OS, application, and IP information can tell you a great deal about their infrastructure. If you can determine the platform and application in use, this data could be combined with a search on the corporate domain name to find entries on public support forums. IP addresses may tell you if the servers are hosted locally or with a provider and DNS records can tell you server names, functions, as well as IP's.
- Social media is a technology that many companies have recently embraced. It's cheap marketing that touches a large number of potential customers. It's also another stream of information from a company that can provide breadcrumbs of viable information. Companies will publish updates on events, new products, press releases, and updates that may relate them to current events (i.e. security companies telling how they can or already are protecting you from the latest vulnerability).
- User sites such as blogs, wikis, and online videos may provide not only information about the target company, but also offer a more personal connection through the user(s) posting the content. A disgruntled employee that's blogging about his company's problems may be susceptible to a sympathetic ear from someone with similar opinions or problems.
- Public data may be generated by entities inside and outside the target company. This data can consist of quarterly reports, government reports, analyst reports, earnings posted for publicly traded companies, etc.
Traditional - Non-Traditional