SANS 550: Information Reconnaissance: Offensive Competitive Intelligence

docricedocrice Posts: 1,706Member ■■■■■■■■■■
As a second "to-do" personal obligation over the Thanksgiving weekend, I checked out SEC550 via OnDemand. This is a one-day SANS short course taught by Bryce Galbraith:

http://www.sans.org/ondemand/description.php?tid=4802
http://www.sans.org/security-training/instructors/Bryce-Galbraith

550 serves as a nice introduction to an aspect of pentesting dealing specifically with information gathering. The same ideas and tools can be used to find your own personal information (that you might be unaware exists online) which inevitably raises privacy concerns and heightened awareness.

The OnDemand bundle comes with six MP3s at roughly 45 minutes in length each. The actual amount of viewing material in the course amounts to about three and a half hours, so it's not very long. Although I haven't gone through the MP3s themselves yet, I'm guessing some of the class discussion with the students sharing their experiences might be on the audio which might have been removed from the slide-based presentation.

Unlike previous SANS courses I've taken, there were no VM-based exercises. It's not really required since recon and information gathering will primarily involve the use of a web browser and leveraging online repositories. There are references to many web resources which I didn't know about before and will definitely look into more.

I'm guessing that the class material is currently from the end of 2009. During a tool demonstration, one of the websites being used displayed a date from 12/09, so that's probably the last time the material was updated. I doubt this makes the class less relevant, however.

Knowing your enemy / target is crucial before an active attack / pentest. Having the background on your target is essential and 550 certainly provides a good foundation. I thought Bryce Galbraith was a very articulate instructor and the course was easy to follow with demonstrated examples via class video recordings of his actions on his machine.

However, the course felt rather short overall for the price paid (based solely on the number of instruction hours), and perhaps in the larger view of things pentest students might be better off price-wise with offerings from eLearnSecurity or perhaps Offensive Security. But also keep in mind this course specifically looks into the recon aspect which I don't think the other courses dives as deep into. I don't regret taking it at all. I paid for SEC550 at a slight discount using a coupon code so the hit on the wallet wasn't as painful.

I'll definitely be listening to the MP3s during my commutes for the next month or two.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • ipchainipchain Posts: 297Member
    docrice wrote: »
    Knowing your enemy / target is crucial before an active attack / pentest.

    That is so true. It never ceases to amaze me how some people simply skip the recon phase and go straight into scanning / exploitation. Knowing your target is not only crucial, it is a must for good penetration testers.

    Thanks for the great review - I am sure it will be very helpful to some people.
    Every day hurts, the last one kills.
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    If there's one thing that I learned in the basic Heorot.net class it's that doing recon takes time, lots of detailed documentation, and connecting-the-dots when scoping out a target. It can actually get quite daunting once you start enumerating an organization's employees, their backgrounds, connections, habits, interests, online presences, etc., etc.. It's the most time-consuming phase if you really want the other steps of an attack or pentest to be efficient as possible. While it may be fun for a bit to do the "authorized stalking" thing, it started to get pretty tedious for me.

    I'd guess that when most people want to get into pentesting, they don't realize this aspect of the process. They're just imagining the point-click-exploit-p0wn-I'm-in thing.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ipchainipchain Posts: 297Member
    You are absolutely correct, Kimi. Good recon will lead to more precise scanning and easier exploitation. It makes your actions repeatable and much more accurate.
    Every day hurts, the last one kills.
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    I'm trying to get my company to score me a copy of Maltego. I don't do pentesting as an official responsibility (lacking skills anyway), but there are times when it would be good to review my organization's posture from an outsider's perspective. I've used it in very limited form in the past, and being able to visualize disparate elements is very handy indeed. Plus, one can show management the shiny-shiny and maybe it'll impress them.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.