I had been stumped over the past few days by an issue that came up at work. A configuration issue 'seen' by our vulnerability scanner was making me and my co-worker pull out our hair, not to mention what occurred when it was known by management...
All attempts to use the information found in the methods of remediation supplied by our vuln scanner were less than useful. "Remove $SERVICE from use" "Stop using $Important_piece_of_data", and et cetera. Add to it that the CVE in question was from more than 10 years ago, and you have a recipe for disaster. (You'll forgive me for being vague above, but operational security prevents me from divulging much more than that.)
Now, I pride myself on being pretty good at doing my due diligence in finding out information. I rarely ask questions of things I do not know, because I want to find the answer myself. Google is my wingman usually, and then failing that, I try Bing and Yahoo. Dogpile used to be my search engine of choice back in the day, but most browsers don't have the search plugins for it anymore. I even used one called 'Vivisimo' for a few years, which clustered results from other engines, but I just faded away from it, for whatever reason.
It's amazing that in my quest to become a security professional, what did I find along the way? Pentesters MUST do research if they plan on attacking a target, because all the little breadcrumbs on the Internet can lead to a bigger picture of a person, or company that can be used to attack them. This is right up my alley. By finding out someone went to Purdue, or active on certain forums, that can give you a picture of who they are or what can be used in social engineering attacks
When my work colleague and I went through our pentesting and ethical hacking course, we learned that the Internet makes it super simple, heck, they'll even aggregate that information for you. Pipl.com is a good site for getting info about people, but they only give you certain info (name, DOB, places lived). But there are a grip of sites like this that will give you meta bread crumbs. You learn a woman's maiden name on one site, her address on another, even her phone number and if she's had a bankruptcy on a third. It's all about what information would be the chink in the armor. A bankruptcy? Send him/her an email at work from the 'lawyer' stating that there was a mistake in the judgment, and click on this PDF to read the summary... boom! one payload infected PDF later, and you have shell into their network.
I guess my point is that research is a very good way of getting where you need to go.
Oh yes, my original story... I managed to find a blog (much like my own) that talked about a program that I could use to test my appliance. Thankfully, it was already in my Kali Linux distro. After reading a bit of the help and man pages, I was able to query my appliance with it. I was pleasantly surprised to find that we were in fact not running what setting the vuln scanner suggested. So after agonizing over this issue, and getting management in a tizzy, we may be able to laugh this off over a couple of beers in a week or so...
So, next time you're asking yourself, "What's the capital of Swaziland**?" Get into the habit of grabbing your browser and doing your research. You'll find out on your own, which gives you a sense of empowerment, and you can leverage the various search engines to make your job easier.
Until next time...
**Swaziland, a country completely surrounded by South Africa, and Mozambique, has two capitals, Lobamba, the royal and legislative capital, and Mbabane, the administrative capital. And you thought you wouldn't learn anything here today.