We analyze vacancies.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
The Vacancies section may contain descriptions of requirements for applicants, including for IT specialists. If there is no such section, you can try to search for vacancies for this company on job search sites. The job description for a system administrator very often indicates the name of the hardware, operating systems, and applications that you will have to work with. Here is an example of a description of a real job in one company:
A network administrator in a large company of ~ 1000 people.
The company has branches in regions throughout the country and the CIS.
Responsibilities and requirements:
Support for network devices: switches, routers, and firewalls from Checkpoint, Cisco, and 3COM;
monitoring of network devices and communication channels based on HPOpenView solutions;
ensuring network interaction with branches;
interaction with the communication service provider during the entire life cycle of the provided communication service;
ensuring the fastest possible recovery of the network infrastructure.
From this seemingly harmless description, an attacker can draw the following conclusions: there are about 1000 machines in the company's network, the network is geographically distributed, which means that a VPN is used or channels are rented. Checkpoint, routing, and switching on Cisco and 3Com are most likely used as security measures. Communication channels from only one provider are probably used to connect to the Internet. So far, everything is quite blurry, there are still many questions.
To clarify them, the hacker needs to proceed to personal communication with specialists. The easiest way for an attacker to do this is to use the contact information provided on the website. For example, you can call and ask about vacancies posted on the website. In order to save time, many companies conduct an initial interview by phone. Thus, HR specialists screen out obviously unsuitable candidates. An attacker is unlikely to be able to get a lot of useful technical information from communicating with an HR manager, except to specify the number of users and branches, and even then not always. But during a telephone interview, an attacker can show himself to be a qualified specialist in the required field and be invited for an interview.
A large number of specialists (network administrators, server engineers, security specialists) are often invited to interviews with qualified candidates. There is a lot of scope for an attacker to operate here. During the discussion, you can unobtrusively find out the number of branches. In addition, a potential employee will be "driven" primarily by those technologies that are used in the corporate network. For example, the company's system administrators are interested in the applicant's knowledge in the field of Windows server operating systems and ActiveDirectory. The applicant talks about Windows 2016, then about Windows 2019. To which the interviewees reply that not all controllers use Windows 2019 yet. Next, the topic of domain migration is discussed, as a result of which it turns out that all branches are located in the same domain. Subdomains are not used.
