Hello, and welcome to this course on using Python for pre-attack. Or more specifically, writing Python scripts that will allow us to achieve the various techniques under the reconnaissance tactic in the pre-attack section of the miter attack framework. In this video, we're going to be talking about open technical databases or sources for open-source intelligence. There are a couple of different sources for open-source intelligence or information that is publicly available to anyone that wants to look for it. This open-source intelligence or OSINT can be a trove of useful data regarding a particular organization and the systems that are running on its network and even the applications running on those systems. Some examples of open technical databases that can be used for OS and gathering include the WHOIS database. WHOIS records are designed to provide information about the owner and operator of a particular domain or website. If someone isn't using a service to obfuscate that information, the website information could reveal the owner of the website, addresses of system administrators, etc. At a minimum, this might provide a little bit of information about how long the website's been owned, maybe the format of internal email addresses, which is useful for spear phishing, and could even provide certain targets for social engineering attacks such as knowing the system administrator, the website administrator's name within the organization. Another useful source of open-source information is the Domain Name System or DNS. DNS's role is mapping domain names like google.com, to the IP addresses that computers and routing infrastructure use to move a packet from its source to its destination. These maps of domain names to IP addresses can be used for reconnaissance since they are a record of the IP addresses, and at some level, the function of the internet-facing or public-facing systems on an organization's network. Through investigation of DNS infrastructure, you can learn the IP addresses of an organization's web server, mail servers, DNS servers, etc. Thirdly, you have CDNs. A CDN is designed to deliver content from a particular organization's website. For example, if you have the scale where a single server can't handle everything, or you might have a very geographically distributed userbase or customer base, then using a CDN might be able to allow you to serve content more quickly to your users. However, the CDNs work by caching content from websites, meaning that there is copies of websites and an organization's information that aren't directly connected to the organization's website or network infrastructure. This means that an attacker might be able to explore what's cached on a CDN to learn about an organization's website infrastructure without actually touching their network where their interests might be detected. Also, due CDN caching, if the cache on a CDN hasn't been updated, it might be possible for an attacker to see previous versions of pages that could contain information that's valuable to the attacker, but has since been taken down. These are only a couple of examples of open technical databases that are valuable sources of information to an attacker. Other examples include digital certificates, and by scanning databases. We're introducing this concept of open technical databases and OSINT because we're going to be exploring DNS infrastructure as part of reconnaissance in the next video. Thank you.
