Welcome to the SE United blog

Inspired by Social-Engineer.org
I started this blog because I’ve taken a big interest in the information security section of Social engineering. This area is just a place where I like to dive a little deeper into subject’s from the Social Engineering field all the way to Psychology relating to behaviors and personality’s.
The website is in development will be coming soon, no date yet.
Come join us at the IRC channel ##SEunited at freenode.
A  project in the works is the “Information Gathering Framework” will be a good break down reference for information gathering tools used in a simple but efficient methodology about your target.
Here is just a snippet of some information  from it:
Types of Information Gathering
-Passive
-Semi-Passive
-Active

Passive:

– Great care is taken to ensure that the target organization does not detect the profiling. This means that        no packets can ever be sent to the target.
-This type of profilling is typically time intensive
-NO TRAFFIC

Semi-Passive:

Profiling the target with methods that would apperar to the target as normal intnernet traffic and behavior
NORMAL TRAFFIC

Active:

-This type of profiling should be detected by the target organization.
-Actively seeking out new/unpublished servers, directories, files, documents along with full network visibility scans
-ABNORMAL TRAFFIC
NO TRAFFIC

Catorgries of Information Gathering

-Infrastructure

Every organization with an internet presence requires some form of infrastructure to support that presence. That information is what we want to discover.
Infrastructure profiling is far easier to do and automate than profiling people or (in?) organizations, because it requieres less manual work.
Goal : make a map of the company infrastructure without its knowledge

-People in the Organization

Since every organization needs people to support it and it’s hardware, one of the most interesting question we should ask is “Who runs the company?”. To answer this we must ask “Who runs IT?”, “Who runs finance, and who HR?”. The information we get from the answers to this question is what we seek. Profiling people or organizations is much more difficult then profiling infrastructure, because it requieres a huge amount of manual work (e.g.: “Which John Doe is the right one?”).
So, where do we get these information?

-Public data and records

The internet is also a good source of information, especially if the company has their own website.
Since registering a website reuqieres the use of real personal data, it is sometimes possible to get a lot of information on someone in the company from Whois records, DNS servers etc.
Also while having a presence on the internet, that means there is data uploaded to the page from the target, and sometimes even from the target’s users, which when gathering correctly (knowing where and what for too look is the key), can yield interesting results about the company, and help with profiling it.