Publicly available information serves as a launching pad for attackers initial efforts to research potential areas of exploitation.
While your organization may be exercising efforts to reduce vulnerabilities, many times attackers are looking for weaknesses in your defenses and personnel that when combined with other methodologies, can serve as an initial vector of entry or further exploit.
In this video, Nate Drier, Secureworks Managing Principal Consultant, gives a demonstration of how an attacker would utilize Gitrob to conduct passive recon when profiling a target externally.
Another great tool to use for recon is called gitrob. What gitrob does is, it will run out and query public GitHub repos or GitHub projects that different people contribute too and pull out interesting information from those projects and all the different users commits. So we start off by doing a quick search on Google to see if Dell has and public GitHub repos and of course they do. You can see the first repo here for their open source stuff, main Dell repo, dell-asm, dell-esg, so there are quite a few we can feed into this gitrob tool. Let it run, it will pull everyone that has contributed to this repo. So we will click on this first one here. So it will pull the information for all users here, all the contributors and then it will look at any other repos that they contribute to see if there are any interesting files.
So, we can take a look at the output here after we have run the tool. We can see each one of these lines here is a different repo that we’ve looked at. So we can take a peek here, let’s take a look here at a better example. So we can see over here on the right, the repository the first word is the user that contributed. The second part is what repo they contributed too. Obviously, this isn’t part of a Dell repo. This is part of a personal repo, but we can see they’ve uploaded a bash profile we can look through and see some really interesting information if we were to target these users. Here’s another batch profile that we can look through. Sometimes there is really interesting information in profiles and dot files in general, some .ssh config files. So, we can see this user has a vps that they use. The port forwards that they setup. This all really rich and interesting information when your profiling a target externally.
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.