Open Source Intelligence Case Studies | HackTheBox Easy Phish, Infiltration & ID Exposed.

We covered multiple OSINT case studies and challenges from HackTheBox, namely Easy Phish, Infiltration & ID Exposed, where we demonstrated how to gather information and intelligence using search engines, social media and other ways such as extracting location from email addresses.

The Complete Practical Web Application Penetration Testing Course

The Complete Penetration Testing with Backbox Linux Course

HackTheBox Easy Phish

Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?

HackTheBox Infiltration

Can you find something to help you break into the company ‘Evil Corp LLC’. Recon social media sites to see if you can find any useful information.

HackTheBox ID Exposed

We are looking for Sara Medson Cruz’s last location, where she left a message. We need to find out what this message is! We only have her email: saramedsoncruz@gmail.com

HighLights

Commands used in DNS enuemration

nslookup -type=text secure-startup.com

nslookup -type=txt_dmarc.secure-startup.com

dig secure-startup.com ANY

In the second case, the challenge flag was found in this instagram profile.

In the third case, the location of the email owner was found opening Google hangouts, inspecting the page and looking for “jsdata” till the pattern of numbers was found.

Video Walkthrough