Abstract
Business Intelligence is one of the many powerful types of information we can gather on targets through reconnaissance. However, besides using search engines, many of the sites available either have restrictions in place to try and protect customer data or have API services which require paying for credits. As hackers, it is in our nature to try and evade these types of restrictions in order to obtain the data we are in need of.
We will cover some different approaches for gathering business intelligence through OSINT resources as well a specific example on how to evade and abuse the weak business processes that have been put in place by LinkedIn to protect information from 3+ degree connections. I will demonstrate a case example of bypassing and abusing LinkedIn business processes to gather intelligence on your target. Who said reconnaissance can’t be sexy?
Biography
Danny Chrastil is a hacker of all things web. Coming from a past life of web development and system administration, he has retained his passion for writing code and enjoys writing scripts that make hacking more efficient and interesting. Danny is a Sr. Security Consultant for HP Fortify on Demand, and has been in web application security for 6 years.