Penetration testing without the penetration

When the subject of penetration testing and security assessments comes up, it usually conjures thoughts of highly skilled consultants deploying an array of custom tools to gather information on a target network and look for potential weak spots. But there are a number of guys out there doing these assessments who are using less-technical methods and putting the Web’s seemingly boundless stores of information to use instead. Chris Gates is one of those guys, and he gave a fascinating talk on his methods at ToorCon over the weekend, telling the audience that tools like Maltego and Metagoofil can be invaluable in gathering data on a target network.

Maltego, which finds, organizes and displays information on specific networks and reveals the relationships among companies and individual people, can be a tremendous resource, he said. “I can start with mail servers and name servers and get all the domains on those servers and then move onto netblocks,” he said.

Gate also said that programs such as email harvesters can be great sources of information on a company’s employees, as can social networking sites such as LinkedIn, Facebook and MySpace. That’s not a huge revelation, but using information gathered on those sites in conjunction with the other tools Gates talked about can lead to major caches of data on specific employees or companies in general, all of which can then be leveraged to glean more information.

Also, be sure to check out the photos of ToorCon I took this weekend.