hakantan
commented
6 years ago Update
Any changes in direction or topic?
No changes.
Problems/Questions
One of the APIs returns ~100 results max. and I don't know why. Maybe it is an API limitation, but that somewhat skews the results in a weird way, because there a way more than 100 mail-addresses associated with these companies.
Repo can be found here.
Checklist
- [x] I have included my visuals
- [x] I have filled out the sections above
- [ ] I have been updating my DIARY.md with details about my process
- [x] I have uploaded/updated any Jupyter Notebooks or other datasets into my code repository
sarahslo
Pitch
There are a lot of tools that enable scouring the web, finding information on companies and people that can later be used to set up a hacking campaign. A mail-address you find with one tool can be checked against a database that will tell you whether this address has been part of a data breach in the past. If yes, that password might be exposed. Security-wise, that can be a huge risk.
Summary
For this project, I want to understand ways in creating such a campaign. I'm looking at companies from the german blue-chip stock market index.
Due to time limits I will just look at one aspect of this campaign. (Normally, you would check the names of the mail addresses you've found, see if it as a person, find more information about them etc. I'm only looking at mail-addresses.)
Details
My challenges are two-fold:
This is obviously being done for research purposes only.
Possible headline(s):
Getting a foot in the door: How hackers leverage open source intelligence to set up their campaigns
Data set(s): Using two scripts. Infoga and Datasploit.
Code repository:
Not yet available, due to privacy issues.Here. (I won't be releasing the names/addresses of the people I've found.)Possible problems/fears/questions:
Work so far
Started collecting mail addresses, running into problems with the script. No images so far.
Checklist
This checklist must be completed before you submit your draft.