Company Reconnaissance

Employee information can overlap with your authentication systems. First and last names can be obtained from social media and are turned into email addresses. What if metadata extracted from a PDF file available on your site contained printer information and a domain? Could these details be used to authenticate elsewhere…

With more and more online resources companies in 2016 leave themselves open to attack. Criminals could use publicly obtainable information at a later date in social engineering attacks.

It really can start with what you throw away in the trash and end up with persistent and damaging consequences.

We offer the insight into what is available to an attacker and can share this with you.

  • Metadata analysis of company files
  • Staff enumeration from social media
  • Access to 600 Million records
  • Deep web company search
  • Customised word list creation

At The AntiSocial Engineer Limited we use the same tools attackers use to get the same insight into your business. We research in a similarly aggressive fashion but have the industry knowledge and expertise to really make that count.

 

OSINT – Open Source Intelligence (Wikipedia)

We really hunt for your data, true OSINT is so much more than a good search online. The AntiSocial Engineer Limited go further to develop unique information datasets. We hunt through paper records, we utilise publicly obtainable paywall type data sets, we will surveil a company for weeks to build up a portfolio of information. It is seen in the wild, attackers will work slowly to compile useful information and in a similar fashion, we work hard to really understand everything there is to know about the target company. Let us show you your own data in a truly unique way.

 

On-Site Inspection

Physically being on the site gives us a much richer supply of information, suppliers and clients can be noted visiting, vehicles registrations can be observed, physical access controls can be investigated. After dark people leave the building but a wealth of knowledge stays and we look to exploit this. We wouldn’t think twice about photographing sensitive information from desks or whiteboards at 2am.  On-site inspections are normally carried out before physical penetration tests because the information gathered can be utilised fully.

 

Enhanced Due Diligence and Corporate Monitoring

We have access to over 600 Million global records, covering:

  • Proprietary information on one million Politically Exposed Persons (PEPs) including Adverse Media Data
  • Proprietary sanctions data updated every 30 minutes
  • Over four million records on High-Risk Individuals and Organisations, growing by 25-40k profiles per month
  • Corporate registry data
  • ID data

We Can:

  • Monitor the ‘dark web’ for employee credentials being offered for sale
  • Compile detailed portfolios of company information – Own business, competitor or due diligence
  • Monitor and alert when key staff members are discussed online.
  • Screen potential business partners for fraudulent transactions.

 

 

Make contact today to discuss any of these options.

Further reading can be found in our informational PDF Download_PDF