Companies leave a trail of paperwork in almost every one of their activities, so hackers or researchers can easily look up business licenses to the signature of a CEO if they know where to look. To do this, we search the databases of government and private companies to find out everything about companies and the people behind them.
You can probably imagine why it can be useful to find out if a company is real or not. It may also be helpful to check if a particular person works for a company that they say they do. Although this information is almost always there, you will not normally be able to access it with a simple Google search. Much of this information is in databases where you need to send search queries to find them.
Background information on a business
To be a good researcher, we need to find out where the information is located and what criteria are searched for, terms that we need to use to extract it. Whether we're enlightening a business to see if it's legitimate, or looking for a target to create the perfect phishing email, there are many reasons why this information could be useful.
If You Want to Know A business is legitimate. The best start is to delve into the licenses and key people. Proof of licensing is a positive sign, as well as the names of the employees and officers listed in these documents. When you find these official documents, you can check the information to look for inconsistencies or patterns, such as: For example, the same people or addresses used to register companies with similar segregation.
As a Penetration Tester, business research can become more offensive by looking for individuals, documents, and opportunities that are needed for creating the perfect phishing e-mail are. Getting a high-level leader to do something she is not supposed to do, such as opening a PDF from a stranger, can be done if the file is a file the hacker knows she's expecting ,
If we wanted to send a malicious PDF to someone who opens it in a company. We have to know a few things first. First of all, we need to identify the people involved in the paperwork and others they talk to to get their work done. We also need to know that the document you are likely to see looks like this: First, find a scanned version online.
With the right information, we can create a phishing email to the right person who looks like a document, expects to see someone they trust. By digging, we can even add the signatures of other executives to make our PDF even more compelling.
Let's look at what we can dig up.
To follow this You only need an internet connection and a browser. The great thing about OSINT is that we do not need a lot of resources and often rely on clever search terms or a well-framed original question to extract the information we need.
Here are a few useful tools for finding business information. We will use this page as a reference for links and come back to this later.
To begin, you will notice the list of secretaries of state business search websites for each state. These links start our search.
Step 2: Select a destination and search state database.
Our goal today is Equifax. We will first try to identify the state in which you do business. Because the state of California is huge and needs a lot of paperwork to do business, you can be sure that the companies you are looking for are doing big business and archiving paperwork there.
Navigate to the California Foreign Secretary's Business Search page, where you can search for documents from companies that do business in the state of California. Enter your search term and choose a company for larger companies and an LLC for smaller ones. If you get no result the first time, try the search again with the other option.
The Results Should Be Linked to Business Documents There is only one active entry for Equifax. We now know in which state we can find more information, Georgia.
When you click on the active listing, you will see submission information, including an exact address. We can also display PDF files of submitted documents.
Step 3: Identifying Signatures in Documents
To begin the search for signatures, we can do the following: Look at the documents that appear we found. The second document we list contains not just a signature, but also the name of everyone in the business.
We've already achieved some of our goals Now we know who's processing the papers, but we still need to know who's going to and what email Address we should send you. For this we turn to another data source.
Back on the IntelTechniques page, we click on the link to OpenCorporates.com. This site enables us to search corporate documents not only in one state but in all states simultaneously. This may seem useful, but it can quickly become overwhelming if we do not know where to look first.
The search for "Equifax" yields over 700 results! To reduce this, we can turn on Exclude Inactive to remove entries from companies that are no longer active. This reduces the number to 373. However, if we filter to include only companies in Georgia, we are limited to 21.
In this list of 21 companies, a company called the Equifax Foundation looks interesting. If we click on it, the name of the employee we saw earlier in the company information will be displayed. We can also click on the employee's name and search for additional documents on LittleSis.org mentioning them.
The same name and the same address as in the other documents mean that this company is affiliated with the core business of Equifax. Below is a link to a registration page in Georgia.
If we follow the link, we'll see an entry for that business unit that also has a link to the deposit history. This link leads to scanned documents that have been used to create this company at a reasonable price lately.
At last we get what we're looking for! In the only document uploaded with this entry, we will receive an email address, a name, and other information about the persons responsible for the paperwork. We now know the e-mail addresses and phone numbers of the two individuals who need to contact each other through filing papers, and have enough information to make a properly targeted phishing e-mail using OSINT ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>