PowerNET Software - PC Ad Ware Spy Ware Removal 2.x serial key or number
PowerNET Software - PC Ad Ware Spy Ware Removal 2.x serial key or number
PortScan.exe
This report is generated from a file or URL submitted to this webservice on February 1st 2018 05:51:06 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v7.30 © Hybrid Analysis
Incident Response
- Remote Access
- Contains ability to listen for incoming connections
Reads terminal service related keys (often RDP related) - Fingerprint
- Reads the active computer name
Reads the cryptographic machine GUID
Reads the windows product ID - Evasive
- Executes WMI queries known to be used for VM detection
- Spreading
- Detected a large number of ARP broadcast requests (network device lookup)
Tries to access unusual system drive letters - Network Behavior
- Contacts 4 domains and 5 hosts. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
Malicious Indicators 12
- Environment Awareness
- Reads the windows product ID
- details
- "<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION"; Key: "PRODUCTID")
- source
- Registry Access
- relevance
- 6/10
- Reads the windows product ID
- External Systems
- Detected Emerging Threats Alert
- details
- Detected alert "ET MALWARE Suspicious User Agent (Autoupdate)" (SID: 2003337, Rev: 18, Severity: 1) categorized as "A Network Trojan was detected" (PUA/PUP/Adware)
Detected alert "ET MALWARE PUP TheSZ AutoUpdate CnC Beacon" (SID: 2021401, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (PUA/PUP/Adware) - source
- Suricata Alerts
- relevance
- 10/10
- Sample was identified as malicious by at least one Antivirus engine
- details
- 2/65 Antivirus vendors marked sample as malicious (3% detection rate)
- source
- External System
- relevance
- 8/10
- Detected Emerging Threats Alert
- General
- Network Related
- Detected a large number of ARP broadcast requests (network device lookup)
- details
- Attempt to find devices in networks: "192.168.56.1/32, 192.168.56.2/31, 192.168.56.4/30, 192.168.56.8/29, 192.168.56.16/28, 192.168.56.32/27, 192.168.56.64/27, 192.168.56.96/30, 192.168.56.100/31, 192.168.56.102/32, 192.168.56.153/32"
- source
- Network Traffic
- relevance
- 10/10
- Found a reference to an external IP address lookup service
- details
- "http://checkip.dyndns.org/" (Indicator: "checkip.dyndns.org"; File: "9dbc1efca5ac912ddbbd501242e8004ba883b49e1c50c1f492b9675924785904.exe.bin")
- source
- String
- relevance
- 6/10
- Found more than one unique User-Agent
- details
- Found the following User-Agents: AutoUpdate
Microsoft-CryptoAPI/6.1 - source
- Network Traffic
- relevance
- 5/10
- Malicious artifacts seen in the context of a contacted host
- details
- Found malicious artifacts related to "24.222.55.20": ...
URL: http://microtask.ca/downloads/cspy20b.exe (AV positives: 1/64 scanned on 09/27/2017 07:47:27)
File SHA256: 7012292ff111287dfc5b302cd41711ce7e8920bc876ec515e21f960c56e1c60d (Date: 12/05/2017 19:21:15)
File SHA256: 9b0b3e628b4efe1427feac999eba04152d8ecac2b2dd16ddb5549c662ac70f98 (Date: 12/05/2017 18:29:38)
File SHA256: 37e3bfa0e9537b8f8e0008cfc7d913861dc21698e40bf702d68e336215457b46 (AV positives: 3/67 scanned on 12/01/2017 06:27:54)
File SHA256: 2d82fa1698daa568edcf379d3e5c8c4f9487a458adb8af279aa54a775e3c5cc2 (Date: 12/01/2017 13:58:34)
File SHA256: d8545aa11cd5f2744a3b054ca7188fde9e5851c00bd7a1110dc0a47e37951fab (Date: 12/01/2017 13:26:30)
File SHA256: 9235437e71169aab2d7c7abde7c887c9c7bac43d4060b7826063e5cc5f004293 (Date: 06/29/2017 14:08:39)
File SHA256: f06bc619b468ef8c1f69cffd32b3e9f2f01f0173ea44394860ea97d2c9ca0576 (AV positives: 1/47 scanned on 08/08/2014 15:14:41)
File SHA256: c9f4f6ff64c29c4345e90621aa70272ccc7f71f61fcf182847dd4a5ffb3a1740 (AV positives: 1/53 scanned on 08/08/2014 14:33:27)
File SHA256: fd1598edd1a40c83543cc90f79544c6639073f405654f2bd5fc1d57e24d39334 (AV positives: 3/47 scanned on 06/17/2013 20:06:01)
File SHA256: b80a3dd8203b2f7f3e799d7bcd6a2cfaa705e2541a1c69e3f924094d3625d0d1 (AV positives: 2/47 scanned on 05/26/2013 04:19:13)
Found malicious artifacts related to "81.169.145.149": ...
URL: http://www.behindertenwegweiser.eu/bw/shk/impressum.php (AV positives: 1/67 scanned on 01/31/2018 11:47:53)
URL: http://eibensang.de/Statement/ (AV positives: 6/67 scanned on 01/30/2018 23:25:14)
URL: http://kurzhaarteckel-trakehner.de/pVaIOw.php (AV positives: 6/67 scanned on 01/30/2018 20:17:20)
URL: http://xn--musterschler-llb.net/ (AV positives: 2/67 scanned on 01/30/2018 20:10:44)
URL: http://www.reiz-online.de/ (AV positives: 1/66 scanned on 01/30/2018 12:50:01)
File SHA256: 03385cbccae28797e0f6b8c1f9b55e767dad487fb652162def9f8eb7a86b29a7 (AV positives: 1/59 scanned on 01/31/2018 11:08:50)
File SHA256: f090075de9346907b30b76117feef14e4183708a8ecce7d29d4b4b05df05c8ac (AV positives: 34/59 scanned on 01/30/2018 23:25:16)
File SHA256: 18ed17ce41f9cf815f2f3fef40b2310e0d6d76bb4500f7589769173eb678a0b6 (AV positives: 33/58 scanned on 01/28/2018 19:42:17)
File SHA256: 8c8840fd84218e3a39354280395295890aab39d2e84ccda5ccbc4178915af290 (AV positives: 1/60 scanned on 01/20/2018 03:56:43)
File SHA256: 656f655a2fa15cba9652a4a74f4c517f5555832b811aeb88e69d7d9d22938697 (AV positives: 2/55 scanned on 01/16/2018 13:38:43)
File SHA256: 9b0b3e628b4efe1427feac999eba04152d8ecac2b2dd16ddb5549c662ac70f98 (Date: 12/05/2017 18:29:38)
File SHA256: 2d82fa1698daa568edcf379d3e5c8c4f9487a458adb8af279aa54a775e3c5cc2 (Date: 12/01/2017 13:58:34)
File SHA256: 9235437e71169aab2d7c7abde7c887c9c7bac43d4060b7826063e5cc5f004293 (Date: 06/29/2017 14:08:39)
File SHA256: 6694dfe680ee8b14b70d41b64d8dc47b7ca38eadbaf32edfdbf217608d72199f (Date: 05/20/2017 21:33:19)
File SHA256: 71dacdd8b84331c84004f92b1479723bd9829edf84beb7d9c05baf41075b5214 (Date: 05/12/2017 17:03:52)
Found malicious artifacts related to "2.22.112.42": ...
File SHA256: 30383ea34f2781bb863e60cc3f0d0a86b0980af6649a618c9fd8e84b0c2f48c9 (AV positives: 53/64 scanned on 09/28/2017 16:48:36) - source
- Network Traffic
- relevance
- 10/10
- Multiple malicious artifacts seen in the context of different hosts
- details
- Found malicious artifacts related to "24.222.55.20": ...
URL: http://microtask.ca/downloads/cspy20b.exe (AV positives: 1/64 scanned on 09/27/2017 07:47:27)
File SHA256: 7012292ff111287dfc5b302cd41711ce7e8920bc876ec515e21f960c56e1c60d (Date: 12/05/2017 19:21:15)
File SHA256: 9b0b3e628b4efe1427feac999eba04152d8ecac2b2dd16ddb5549c662ac70f98 (Date: 12/05/2017 18:29:38)
File SHA256: 37e3bfa0e9537b8f8e0008cfc7d913861dc21698e40bf702d68e336215457b46 (AV positives: 3/67 scanned on 12/01/2017 06:27:54)
File SHA256: 2d82fa1698daa568edcf379d3e5c8c4f9487a458adb8af279aa54a775e3c5cc2 (Date: 12/01/2017 13:58:34)
File SHA256: d8545aa11cd5f2744a3b054ca7188fde9e5851c00bd7a1110dc0a47e37951fab (Date: 12/01/2017 13:26:30)
File SHA256: 9235437e71169aab2d7c7abde7c887c9c7bac43d4060b7826063e5cc5f004293 (Date: 06/29/2017 14:08:39)
File SHA256: f06bc619b468ef8c1f69cffd32b3e9f2f01f0173ea44394860ea97d2c9ca0576 (AV positives: 1/47 scanned on 08/08/2014 15:14:41)
File SHA256: c9f4f6ff64c29c4345e90621aa70272ccc7f71f61fcf182847dd4a5ffb3a1740 (AV positives: 1/53 scanned on 08/08/2014 14:33:27)
File SHA256: fd1598edd1a40c83543cc90f79544c6639073f405654f2bd5fc1d57e24d39334 (AV positives: 3/47 scanned on 06/17/2013 20:06:01)
File SHA256: b80a3dd8203b2f7f3e799d7bcd6a2cfaa705e2541a1c69e3f924094d3625d0d1 (AV positives: 2/47 scanned on 05/26/2013 04:19:13)
Found malicious artifacts related to "81.169.145.149": ...
URL: http://www.behindertenwegweiser.eu/bw/shk/impressum.php (AV positives: 1/67 scanned on 01/31/2018 11:47:53)
URL: http://eibensang.de/Statement/ (AV positives: 6/67 scanned on 01/30/2018 23:25:14)
URL: http://kurzhaarteckel-trakehner.de/pVaIOw.php (AV positives: 6/67 scanned on 01/30/2018 20:17:20)
URL: http://xn--musterschler-llb.net/ (AV positives: 2/67 scanned on 01/30/2018 20:10:44)
URL: http://www.reiz-online.de/ (AV positives: 1/66 scanned on 01/30/2018 12:50:01)
File SHA256: 03385cbccae28797e0f6b8c1f9b55e767dad487fb652162def9f8eb7a86b29a7 (AV positives: 1/59 scanned on 01/31/2018 11:08:50)
File SHA256: f090075de9346907b30b76117feef14e4183708a8ecce7d29d4b4b05df05c8ac (AV positives: 34/59 scanned on 01/30/2018 23:25:16)
File SHA256: 18ed17ce41f9cf815f2f3fef40b2310e0d6d76bb4500f7589769173eb678a0b6 (AV positives: 33/58 scanned on 01/28/2018 19:42:17)
File SHA256: 8c8840fd84218e3a39354280395295890aab39d2e84ccda5ccbc4178915af290 (AV positives: 1/60 scanned on 01/20/2018 03:56:43)
File SHA256: 656f655a2fa15cba9652a4a74f4c517f5555832b811aeb88e69d7d9d22938697 (AV positives: 2/55 scanned on 01/16/2018 13:38:43)
File SHA256: 9b0b3e628b4efe1427feac999eba04152d8ecac2b2dd16ddb5549c662ac70f98 (Date: 12/05/2017 18:29:38)
File SHA256: 2d82fa1698daa568edcf379d3e5c8c4f9487a458adb8af279aa54a775e3c5cc2 (Date: 12/01/2017 13:58:34)
File SHA256: 9235437e71169aab2d7c7abde7c887c9c7bac43d4060b7826063e5cc5f004293 (Date: 06/29/2017 14:08:39)
File SHA256: 6694dfe680ee8b14b70d41b64d8dc47b7ca38eadbaf32edfdbf217608d72199f (Date: 05/20/2017 21:33:19)
File SHA256: 71dacdd8b84331c84004f92b1479723bd9829edf84beb7d9c05baf41075b5214 (Date: 05/12/2017 17:03:52)
Found malicious artifacts related to "2.22.112.42": ...
File SHA256: 30383ea34f2781bb863e60cc3f0d0a86b0980af6649a618c9fd8e84b0c2f48c9 (AV positives: 53/64 scanned on 09/28/2017 16:48:36) - source
- Network Traffic
- relevance
- 10/10
- Detected a large number of ARP broadcast requests (network device lookup)
- Unusual Characteristics
- Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
Suspicious Indicators 30
- Anti-Detection/Stealthyness
- Anti-Reverse Engineering
- Possibly checks for known debuggers/analysis tools
- details
- "C4-62-6B (hex)ZPT Vigantice" (Indicator: "ntice")
"C4626B (base 16)ZPT Vigantice" (Indicator: "ntice")
"Vigantice 266" (Indicator: "ntice")
"44900 Prentice Drive" (Indicator: "ntice") - source
- String
- relevance
- 2/10
- Possibly checks for known debuggers/analysis tools
- Cryptographic Related
- Found a cryptographic related string
- details
- "DES" (Indicator: "des"; File: "9dbc1efca5ac912ddbbd501242e8004ba883b49e1c50c1f492b9675924785904.exe.bin")
- source
- String
- relevance
- 10/10
- Found a cryptographic related string
- Environment Awareness
- Possibly tries to implement anti-virtualization techniques
- details
- "VBoxNetAdp" (Indicator: "vbox")
"VMnetAdapter" (Indicator: "vmnet")
"00-1C-14 (hex)VMware, Inc." (Indicator: "vmware")
"001C14 (base 16)VMware, Inc." (Indicator: "vmware")
"00-0C-29 (hex)VMware, Inc." (Indicator: "vmware")
"000C29 (base 16)VMware, Inc." (Indicator: "vmware")
"00-50-56 (hex)VMware, Inc." (Indicator: "vmware")
"005056 (base 16)VMware, Inc." (Indicator: "vmware")
"00-05-69 (hex)VMware, Inc." (Indicator: "vmware")
"000569 (base 16)VMware, Inc." (Indicator: "vmware") - source
- String
- relevance
- 4/10
- Reads the cryptographic machine GUID
- details
- "<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
- Possibly tries to implement anti-virtualization techniques
- External Systems
- General
- Installation/Persistance
- Contains ability to download files from the internet
- Monitors specific registry key for changes
- details
- "<Input Sample>" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4; Subtree: 582144)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1; Subtree: 6091520)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1; Subtree: 6091520)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32" (Filter: 4; Subtree: 9895168)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Microsoft\SystemCertificates\Root" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates" (Filter: 5; Subtree: 9889537)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Microsoft\SystemCertificates\trust" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Policies\Microsoft\SystemCertificates" (Filter: 5; Subtree: 9889537)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Microsoft\SystemCertificates\CA" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\USER\S-1-5-21-686412048-2446563785-1323799475-1001\Software\Microsoft\SystemCertificates\Disallowed" (Filter: 5; Subtree: 9895169)
"<Input Sample>" monitors "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed" (Filter: 5; Subtree: 9895169) - source
- API Call
- relevance
- 4/10
- Network Related
- Contains ability to listen for incoming connections
- Detected increased number of ARP broadcast requests (network device lookup)
- details
- Attempt to find devices in networks: "192.168.56.7/32, 192.168.56.8/29, 192.168.56.16/29, 192.168.56.24/31, 192.168.56.26/32, ..."
- source
- Network Traffic
- relevance
- 10/10
- Found potential IP address in binary/memory
- details
- "192.168.1.1"
Heuristic match: "1.3.6.1.2.1.4.20.1.2"
Heuristic match: "1.3.6.1.2.1.2.2.1.1"
Heuristic match: "1.3.6.1.2.1.2.2.1.6"
Heuristic match: "1.3.6.1.2.1.2.2.1.3"
Heuristic match: "1.3.6.1.2.1.2.2.1.2"
Heuristic match: "1.3.6.1.2.1.2.1.0"
Heuristic match: "1.3.6.1.2.1.4.20.1.3"
Heuristic match: "1.3.6.1.2.1.4.20.1.1"
Heuristic match: "1.3.6.1.2.1.1.5.0"
Heuristic match: "1.3.6.1.2.1.1.4.0"
Heuristic match: "1.3.6.1.2.1.1.3.0"
Heuristic match: "1.3.6.1.2.1.1.2.0"
Heuristic match: "1.3.6.1.2.1.1.1.0"
"224.0.0.251"
Heuristic match: ".1.3.6.1.2.1.99"
"224.0.1.60"
Heuristic match: "OPTIONS / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601translate: fHost: 192.168.56.1_"
Heuristic match: "OPTIONS /pages/error.html HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601translate: fHost: 192.168.56.1Cookie: PHPSESSID=0f821108dcef6b11b88917841bf3b44b_"
Heuristic match: "OPTIONS /C$ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601translate: fHost: 192.168.56.1_"
Heuristic match: "OPTIONS /pages/error.html HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601translate: fHost: 192.168.56.1Cookie: PHPSESSID=e1eb75a787b2d434c41e71d54565bf95_"
Heuristic match: "PROPFIND /C$ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 192.168.56.1_"
Heuristic match: "PROPFIND /pages/error.html HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 192.168.56.1Cookie: PHPSESSID=db774742ae211ed86119ddb3c5eee1d8_"
"8.8.8.8"
Heuristic match: "1.2.1.2.2.1.6"
"2.2.1.3"
Heuristic match: "1.2.1.2.2.1.2"
Heuristic match: "1.4.20.1.3"
Heuristic match: "2.1.4.20.1.1"
Heuristic match: "1.2.1.1.3.0"
Heuristic match: "3.6.1.2.1.1.2.0"
Heuristic match: "6.1.2.1.1.1.0"
"4.0.0.251"
Heuristic match: "Av. D Joao II, Lote 1.03.2.3" - source
- String
- relevance
- 3/10
- Pattern Matching
- Remote Access Related
PTES Technical Guidelines¶
This section is designed to be the PTES technical guidelines that help define certain procedures to follow during a penetration test. Something to be aware of is that these are only baseline methods that have been used in the industry. They will need to be continuously updated and changed upon by the community as well as within your own standard. Guidelines are just that, something to drive you in a direction and help during certain scenarios, but not an all encompassing set of instructions on how to perform a penetration test. Think outside of the box.
Intelligence Gathering¶
Intelligence Gathering is the phase where data or “intelligence” is gathered to assist in guiding the assessment actions. At the broadest level this intelligence gathering includes information about employees, facilities, products and plans. Within a larger picture this intelligence will include potentially secret or private “intelligence” of a competitor, or information that is otherwise relevant to the target.
OSINT¶
Open Source Intelligence (OSINT) in the simplest of terms is locating, and analyzing publically (open) available sources of information. The key component here is that this intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor. For the most part, OSINT is more than simply performing web searches using various sources.
Corporate¶
Information on a particular target should include information regarding the legal entity. Most states within the US require Corporations, limited liability companies and limited partnerships to file with the State division. This division serves as custodian of the filings and maintains copies and/or certifications of the documents and filings. This information may contain information regarding shareholders, members, officers or other persons involved in the target entity.
Physical¶
Often the first step in OSINT is to identify the physical locations of the target corporation. This information might be readily available for publically known or published locations, but not quite so easy for more secretive sites. Public sites can often be location by using search engines such as:
Shared/Individual¶
As part of identifying the physical location it is important to note if the location is an individual building or simply a suite in a larger facility. It is important to attempt to identify neighboring businesses as well as common areas.
Owner¶
Once the physical locations have been identified, it is useful to identify the actual property owner(s). This can either be an individual, group, or corporation. If the target corporation does not own the property then they may be limited in what they can physically do to enhance or improve the physical location.
Land/tax records
Tax records:
http://www.naco.org/Counties/Pages/CitySearch.aspx
Land and tax records generally include a wealth of information on a target such as ownership, possession, mortgage companies, foreclosure notices, photographs and more. The information recorded and level of transparency varies greatly by jurisdiction. Land and tax records within the United States are typically handled at the county level.
To start, if you know the city or zipcode in which your target resides, use a site such as http://publicrecords.netronline.com/ to determine which county that is in. Then switching over to Google you can use a query such as “XXXX county tax records”, “XXXX county recording office” or “XXXX county assessor” and that should lead you to a searchable online database if one exists. If it does not exist, you can still call the county recording office and request that they fax you specific records if you have an idea of what you are looking for.
Building department:
For some assessments, it might make sense to go a step further and query the local building department for additional information. Depending on the city, the target’s site might be under county or city jurisdiction. Typically that can be determined by a call to either entity.
The building department generally has floor plans, old & current permits, tenant improvement information and other similar information on file. Buried in that information might be names of contracting firms, engineers, architects and more. All of which could be used with a tool such as SET. In most cases, a phone call will be required to obtain any of this information but most building departments are happy to hand it out to anyone who asks.
Here is a possible pretext you could use to obtain floor plans: You could call up and say that you are an architectural consultant who has been hired to design a remodel or addition to the building and it would help the process go much smoother if you could get a copy of the original plans.
Datacenter Locations¶
Identifying any target business data center locations via either the corporate website, public filings, land records or via a search engine can provide additional potential targets.
Time zones¶
Identifying the time zones that the target operates in provides valuable information regarding the hours of operation. It is also significant to understand the relationship between the target time zone and that of the assessment team. A time zone map is often useful as a reference when conducting any test.
TimeZone Map
Offsite gathering¶
Identifying any recent or future offsite gatherings or parties via either the corporate website or via a search engine can provide valuable insight into the corporate culture of a target. It is often common practice for businesses to have offsite gatherings not only for employees, but also for business partners and customers. Collecting this data could provide insight into potential items of interest to an attacker.
Product/Services¶
Identifying the target business products and any significant data related to such launches via the corporate website, new releases or via a search engine can provide valuable insight into the internal workings of a target. It is often common practice for businesses to make such notifications publicly in an effort to garner publicity and to inform current and/or new customers of the launch. Publicly available information includes, but is not limited to, foreign language documents, radio and television broadcasts, Internet sites, and public speaking.
Company Dates¶
Significant company dates can provide insight into potential days where staff may be on alert higher than normal. This could be due to potential corporate meetings, board meetings, investor meetings, or corporate anniversary. Normally, businesses that observe various holidays have a significantly reduced staff and therefore targeting may prove to be much more difficult during these periods.
Position identification¶
Within every target it is critical that you identify and document the top positions within the organization. This is critical to ensure that the resulting report is targeting the correct audience. At a minimum, key employees should be identified as part of any engagement.
Organizational Chart¶
Understanding the organizational structure is important, not only to understand the depth of the structure, but also the breadth. If the organization is extremely large, it is possible that new staff or personnel could go undetected. In smaller organizations, the likelihood is not as great. Getting a good picture of this structure can also provide insight into the functional groups. This information can be useful in determining internal targets.
Corporate Communications¶
Identifying corporate communications either via the corporate website or a job search engine can provide valuable insight into the internal workings of a target.
Marketing
Marketing communications are often used to make corporate announcements regarding currently, or future product releases, and partnerships.
Lawsuits
Communications regarding the targets involvement in litigation can provide insight into potential threat agent or data of interest.
Transactions
Communications involving corporate transactions may be indirect response to a marketing announcement or lawsuit.
Job openings¶
Searching current job openings or postings via either the corporate website or via a job search engine can provide valuable insight into the internal workings of a target. It is often common practice to include information regarding currently, or future, technology implementations. Collecting this data could provide insight into potential items of interest to an attacker. Several Job Search Engines exist that can be queried for information regarding the target.
Relationships¶
Identifying the targets logical relationships is critical to understand more about how the business operates. Publicly available information should be leveraged to determine the target business relationship with vendors, business partners, law firms, etc. This is often available via news releases, corporate web sites (target and vendors), and potentially via industry related forums.
Charity Affiliations¶
Identifying any target business charity affiliations via either the corporate website or via a search engine can provide valuable insight into the internal workings and potentially the corporate culture of a target. It is often common practice for businesses to make charitable donations to various organizations. Collecting this data could provide insight into potential items of interest to an attacker.
Network Providers¶
Identifying any network provisioning or providers either via the allocated netblock /address information, corporate website or via a search engine can provide valuable insight into the potentially of a target. It is often common practice for businesses to make charitable donations to various organizations. Collecting this data could provide insight into potential items of interest to an attacker.
Business Partners¶
Identifying business partners is critical to gaining insight into not only the corporate culture of a target, but also potentially technologies being used. It is often common practice for businesses to announce partnership agreements. Collecting this data could provide insight into potential items of interest to an attacker.
Competitors¶
Identifying competitors can provide a window into potential adversaries. It is not uncommon for competitors to announce news that could impact the target. These could range from new hires, product launches, and even partnership agreements. Collecting this data is important to fully understand any potential corporate hostility.
Individuals¶
Social Networking Profile
The numbers of active Social Networking websites as well as the number of users make this a prime location to identify employee’s friendships, kinships, common interest, financial exchanges, likes/dislikes, sexual relationships, or beliefs. It is even possible to determine an employee’s corporate knowledge or prestige.
Social Networking Websites
Name | URL | Description/Focus |
Academia.edu | http://www.academia.edu | Social networking site for academics/researchers |
Advogato | http://www.advogato.org | Free and open source software developers |
aNobii | http://www.anobii.com/anobii_home | Books |
aSmallWorld | http://www.asmallworld.net | European jet set and social elite world-wide |
AsianAvenue | http://www.asianave.com | A social network for the Asian American community |
Athlinks | http://www.athlinks.com | Open Running, Swimming |
Audimated.com | http://www.audimated.com | Independent Music |
Avatars United | http://www.avatarsunited.com | Online games |
Badoo | http://badoo.com | General, Meet new people, Popular in Europe and LatAm |
Bebo | http://www.bebo.com | General |
Bigadda | http://bigb.bigadda.com | Indian Social Networking Site |
Federated Media’s BigTent | http://www.federatedmedia.net | Organization and communication portal for groups |
Biip.no | http://www.biip.no | Norwegian community |
BlackPlanet | http://www.blackplanet.com | African-Americans |
Blauk | http://blauk.com | Anyone who wants to tell something about a stranger or acquaintance. |
Blogster | http://www.blogster.com | Blogging community |
Bolt.com | http://www.bolt.com | General |
Buzznet | http://www.buzznet.com | Music and pop-culture |
CafeMom | http://www.cafemom.com | Mothers |
Cake Financial | http://www.cakefinancial.com | Investing |
Care2 | http://www.care2.com | Green living and social activism |
CaringBridge | http://www.caringbridge.org | Not for profit providing free websites that connect family and friends during a serious health event, care and recovery. |
Cellufun | http://m.cellufun.com | Mobile social game network, Number 8 US mobile website |
Classmates.com | http://www.classmates.com | School, college, work and the military |
Cloob | http://www.cloob.com | General. Popular in Iran |
CouchSurfing | http://www.couchsurfing.org | Worldwide network for making connections between travelers and the local communities they visit. |
CozyCot | http://www.cozycot.com | East Asian and Southeast Asian women |
Cross.tv | http://www.cross.tv | Faith Based social network for Christian believers from around the world |
Crunchyroll | http://www.crunchyroll.com | Anime and forums. |
Cyworld | General. Popular in South Korea. | |
DailyBooth | http://dailybooth.com | Photo-blogging site where users upload a photo every day |
DailyStrength | http://www.dailystrength.org | Medical & emotional support community - Physical health, Mental health, Support groups |
Decayenne | http://www.decayenne.com | European and American social elite |
delicious | http://www.delicious.com | Social bookmarking allowing users to locate and save websites that match their own interests |
deviantART | http://www.deviantart.com | Art community |
Disaboom | http://www.disaboom.com | People with disabilities (Amputee, cerebral palsy, MS, and other disabilities) |
Dol2day | http://www.dol2day.de | Politic community, Social network, Internet radio (German-speaking countries) |
DontStayIn | http://www.dontstayin.com | Clubbing (primarily UK) |
Draugiem.lv | http://www.draugiem.lv | General (primarily LV, LT, HU) |
douban | http://www.douban.com | Chinese Web 2.0 website providing user review and recommendation services for movies, books, and music. It is also the largest online Chinese language book, movie and music database and one of the largest online communities in China. |
Elftown | http://www.elftown.com | Community and wiki around Fantasy and sci-fi. |
Entitycube | http://entitycube.research.microsoft.com | |
Eons.com | http://www.eons.com | For baby boomers |
Epernicus | http://www.epernicus.com | For research scientists |
Experience Project | http://www.experienceproject.com | Life experiences |
Exploroo | http://www.exploroo.com | Travel Social Networking. |
General. | ||
Faceparty | http://www.faceparty.com | General. Popular UK. |
Faces.com | British teens | |
Fetlife | http://fetlife.com | People who are into BDSM |
FilmAffinity | http://www.filmaffinity.com | Movies and TV Series |
FitFinder | http://www.thefitfinder.co.uk | Anonymous UK Student Microblogging Website |
FledgeWing | http://www.fledgewing.com | Entrepreneural community targeted towards worldwide university students |
Flixster | http://www.flixster.com | Movies |
Flickr | http://www.flickr.com | Photo sharing, commenting, photography related networking, worldwide |
Focus.com | http://www.focus.com | Business to Business, worldwide |
Folkdirect | http://www.folkdirect.com | General |
Fotki | http://www.fotki.com | Photo sharing, video hosting, photo contests, journals, forums, flexible privacy protection, friend’s feed, audio comments and unlimited custom design integration. |
Fotolog | http://www.fotolog.com | Photoblogging. Popular in South America and Spain |
Foursquare | http://foursquare.com | Location based mobile social network |
Friends Reunited | http://www.friendsreunited.com | UK based. School, college, work, sport and streets |
Friendster | http://www.friendster.com | General. Popular in Southeast Asia. No longer popular in the western world |
Fr¸hst¸ckstreff | http://www.fruehstueckstreff.de | General |
Fubar | http://www.fubar.com | dating, an “online bar” for 18 and older |
Gaia Online | http://www.gaiaonline.com | Anime and games. Popular in USA, Canada and Europe. Moderately popular around Asia. |
GamerDNA | http://www.gamerdna.com | Computer and video games |
Gather.com | http://home.gather.com | Article, picture, and video sharing, as well as group discussions |
Gays.com | http://gays.com | Social network for LGBT community, Guide for LGBT bars, restaurants, clubs, shopping |
Geni.com | http://www.geni.com | Families, genealogy |
Gogoyoko | http://www.gogoyoko.com | Fair play in Music - Social networking site for musicians and music lovers |
Goodreads | http://www.goodreads.com | Library cataloging, book lovers |
Goodwizz | http://www.goodwizz.com | Social network with matchmaking and personality games to find new contacts. Global, based in France. |
Google Buzz | http://www.google.com/buzz | General |
Google+ | http://plus.google.com | General |
GovLoop | http://www.govloop.com | For people in and around government |
Gowalla | http://gowalla.com | |
Grono.net | http://grono.net | Poland |
Habbo | http://www.habbo.com | General for teens. Over 31 communities worldwide. Chat Room and user profiles. |
hi5 | http://hi5.com | General. Popular in India, Mongolia, Thailand, Romania, Jamaica, Central Africa, Portugal and Latin America. Not very popular in the USA. |
Hospitality Club | http://www.hospitalityclub.org | Hospitality |
Hotlist | http://www.thehotlist.com | Geo-Social Aggregator rooted in the concept of knowing where your friends are, were, and will be. |
HR.com | http://www.hr.com | Social networking site for Human Resources professionals |
Hub Culture | http://www.hubculture.com | Global influencers focused on worth creation |
Hyves | http://www.hyves.nl | General, Most popular in the Netherlands. |
Ibibo | http://www.ibibo.com | Talent based social networking site that allows to promote one’s self and also discover new talent. Most popular in India. |
Identi.ca | http://identi.ca | Twitter-like service popular with hackers and software freedom advocates. |
Indaba Music | http://www.indabamusic.com | Online collaboration for musicians, remix contests, and networking. |
IRC-Galleria | http://www.irc-galleria.net | Finland |
italki.com | http://www.italki.com | Language learning social network. 100+ languages. |
InterNations | http://www.internations.org | International community |
Itsmy | http://mobile.itsmy.com | Mobile community worldwide, blogging, friends, personal TV-shows |
iWiW | http://iwiw.hu | Hungary |
Jaiku | http://www.jaiku.com | General. Microblogging. Owned by Google |
JammerDirect.com | http://www.jammerdirect.com | Network for unsigned artists |
kaioo | http://www.kaioo.com | General, nonprofit |
Kaixin001 | http://www.kaixin001.com | General. In Simplified Chinese; caters for mainland China users |
Kiwibox | http://www.kiwibox.com | General. For the users, by the users, a social network that is more than a community. |
Lafango | http://lafango.com | Talent-Focused media sharing site |
Last.fm | http://www.last.fm | Music |
LibraryThing | Book lovers | |
Lifeknot | http://www.lifeknot.com | Shared interests, hobbies |
http://www.linkedin.com | Business and professional networking | |
LinkExpats | http://www.linkexpats.com | Social networking website for expatriates. 100+ countries. |
Listography | http://listography.com | Lists. Autobiography |
LiveJournal | http://www.livejournal.com | Blogging. Popular in Russia and among the Russian-speaking diaspora abroad. |
Livemocha | http://www.livemocha.com | Online language learning - dynamic online courses in 35 languages - world’s largest community of native language speakers. |
LunarStorm | http://www.lunarstorm.se | Sweden |
MEETin | http://www.meetin.org | General |
Meetup.com | http://www.meetup.com | General. Used to plan offline meetings for people interested in various activities |
Meettheboss | http://www.meettheboss.tv | Business and Finance community, worldwide. |
Mixi | http://www.mixi.jp | Japan |
mobikade | http://www.mkade.com | mobile community, UK only |
MocoSpace | http://www.mocospace.com | mobile community, worldwide |
MOG | http://www.mog.com | Music |
MouthShut.com | http://www.mouthshut.com | Social Network, social media, consumer reviews |
Mubi (website) | http://mubi.com | Auteur cinema |
Multiply | http://multiply.com | Real world relationships. Popular in primarily in Asia. |
Muxlim | http://muxlim.com | Muslim portal site |
MyAnimeList | http://www.myanimelist.net | Anime themed social community |
MyChurch | http://www.mychurch.org | Christian Churches |
MyHeritage | http://www.myheritage.com | family-oriented social network service |
MyLife | http://www.mylife.com | Locating friends and family, keeping in touch (formerly Reunion.com) |
My Opera | http://my.opera.com | Blogging, mobile blogging, photo sharing, connecting with friends, Opera Link and Opera Unite. Global |
Myspace | http://www.myspace.com | General |
myYearbook | http://www.myyearbook.com | General, Charity |
Nasza-klasa.pl | http://www.nk.pl | School, college and friends. Popular in Poland |
Netlog | http://www.netlog.com | General. Popular in Europe, Turkey, the Arab World and Canada’s QuÈbec province. Formerly known as Facebox and Redbox. |
Nettby | http://www.nettby.no | Norwegian Community |
Nexopia | http://www.nexopia.com | Canada |
NGO Post | http://www.ngopost.org | Non-Profit news sharing and networking, mainly in India |
Ning | http://www.ngopost.org | Users create their own social websites and social networks |
Odnoklassniki | http://odnoklassniki.ru | Connect with old classmates. Popular in Russia and former Soviet republics |
OneClimate | http://www.oneclimate.net | Not for Profit Social networking and Climate Change |
OneWorldTV | http://tv.oneworld.net | Not for Profit Video sharing and social networking aimed at people interested in social issues, development, environment, etc. |
Open Diary | http://www.opendiary.com | First online blogging community, founded in 1998 |
Orkut | http://orkut.com | General. Owned by Google Inc. Popular in India and Brazil. |
OUTeverywhere | http://www.outeverywhere.com | Gay/LGBTQ Community |
Passportstamp | http://www.passportstamp.com | Travel |
Partyflock | http://partyflock.nl | Dutch virtual community for people interested in house music and other electronic dance music. Since 2001, Partyflock has evolved into the biggest online community for the dance scene in the Netherlands |
Picasa | http://picasa.google.com | |
PicFog | http://picfog.com | PicFog shows pictures from twitter as they’re posted |
Pingsta | http://www.pingsta.com | Collaborative platform for the world’s Internetwork Experts |
Plaxo | http://www.plaxo.com | Aggregator |
Playahead | http://www.playahead.se | Swedish, Danish teenagers |
Playlist.com | http://www.playlist.com | General, Music |
Plurk | http://www.plurk.com | Micro-blogging, RSS, updates. Very popular in Taiwan |
Present.ly | http://www.presently.com | Enterprise social networking and micro-blogging |
Qapacity | http://www.qapacity.com | A a business-oriented social networking site and a business directory |
Quechup | http://quechup.com | General, friendship, dating |
Qzone | http://qzone.qq.com | General. In Simplified Chinese; caters for mainland China users |
Raptr | http://raptr.com | Video games |
Ravelry | http://www.ravelry.com | Knitting and crochet |
Renren | http://renren.com | Significant site in China. |
ResearchGate | http://researchgate.net | Social network for scientific researchers |
ReverbNation.com | http://www.reverbnation.com | Social network for musician and bands |
Ryze | http://www.ryze.com | Business |
ScienceStage | http://sciencestage.com | Science-oriented multimedia platform and network for scientists |
Scispace.net | http://scispace.net | Collaborative network site for scientists |
ShareTheMusic | http://www.sharethemusic.com | Music Community. Sharing and listening to music for free and legally |
Shelfari | http://www.shelfari.com | Books |
Skyrock | http://skyrock.com | Social Network in French-speaking world |
Social Life | http://www.sociallife.com.br | Brazilian jet set and social elite world-wide |
SocialVibe | http://www.socialvibe.com | Social Network for Charity |
Sonico.com | http://www.sonico.com | General. Popular in Latin America and Spanish and Portuguese speaking regions. |
Stickam | http://www.stickam.com | Live video streaming and chat. |
StudiVZ | http://www.studivz.net | University students, mostly in the German-speaking countries. School students and those out of education sign up via its partner sites sch¸lerVZ and meinVZ. |
StumbleUpon | http://www.stumbleupon.com | Stumble through websites that match your selected interests |
Tagged | http://www.tagged.com | General. Subject to quite some controversy about its e-mail marketing and privacy policy |
Talkbiznow | http://www.talkbiznow.com | Business networking |
Taltopia | http://www.taltopia.com | Online artistic community |
Taringa! | http://www.taringa.net | General |
TeachStreet | http://www.teachstreet.com | Education / Learning / Teaching - More than 400 subjects |
TravBuddy.com | http://www.travbuddy.com | Travel |
Travellerspoint | http://www.travellerspoint.com | Travel |
tribe.net | http://www.tribe.net | General |
Trombi.com | http://www.trombi.com | French subsidiary of Classmates.com |
Tuenti | http://www.tuenti.com | Spanish-based university and High School social network. Very Popular in Spain |
Tumblr | http://www.tumblr.com | General. Micro-blogging, RSS |
http://twitter.com | General. Micro-blogging, RSS, updates | |
twitpic | http://twitpic.com | |
Vkontakte | http://vkontakte.ru/ | Social Network for Russian-speaking world including former Soviet republics. Biggest site in Russia |
Vampirefreaks.com |
Serial number 2. Diposting oleh hebwat buanget on Sabtu, 04 Juli 2009. Nero7 ultra edition : 5C82001080000000005666387016 Nero7 premium :.
.What’s New in the PowerNET Software - PC Ad Ware Spy Ware Removal 2.x serial key or number?
Screen Shot
System Requirements for PowerNET Software - PC Ad Ware Spy Ware Removal 2.x serial key or number
- First, download the PowerNET Software - PC Ad Ware Spy Ware Removal 2.x serial key or number
-
You can download its setup from given links: