OpSec sources

26th August 2024

Uncategorised

OpSec is an early part of the Penetration Testing process. It is a detailed investigation of the target company to learn all that has been posted about the company that may give clues as to where the weak points may be.

This is used by the Red/Offensive team to find weak points and data leaks but can also be used by the Blue/Defensive team to quell the flow of information OR to lay some subtle traps and alarms.

OpSec Sources:
Company website; pay particular attention to the Careers section as this will announce what software and Services the company is using.
LinkedIn to search for employees, their email addresses, the format of email address’ (ie first initial+lastname), what experience they have listed on their resume can show what software they use.
Google street view; can give you clues to their supply chain, every delivery truck and trucking company has their Logo splashed across their trucks

https://dnstwist.it/