Professional Documents
Culture Documents
Information Gathering and Social Engineering
Information Gathering and Social Engineering
Information Gathering and Social Engineering
(Brock University)
Goals
The basic goal of this task is to extract information and perform social engineering on the Brock
University. The task has to be performed without any physical or any other contact with the
university and also without even attacking the university database. The information gathering has
to be Ethical and should not attack the University in any manner.
Executive Summary
This report consist of the information about the Brock University through various kind of
methods with searching the online databases. This does not include any type of breaching into
private database, any type of active or passive attack, hacking and contacting the university via
email, phone or personally. The source of information of this project is the website of the
university and other online sources available on the internet. The university was mirrored in
order to refer and extract information offline and gain the information even if the website is
down or the content is updated.
Social Engineering and Information gathering steps which are mentioned in the 2nd week slides
in DC connect is referred and all the relevant steps are followed in order to gain the accurate and
enough information about the university without contacting or hacking. The conclusion part
includes the small summary of the steps that were related to attack the university but they could
have been more useful in extracting the information about Brock University.
Steps:
1. Crawl the companys Web site and mirror the pages on a PC.
5. List the companys contact information, including e-mail addresses and telephone numbers.
+1 905-688-5550 ssekel@brocku.ca
(Source: https://brocku.ca/international-services/exchanges-study-abroad/outbound-
exchanges/Partner-Institutions)
8. Search newsgroups, bulletin boards, and Web sites for information about the company.
http://www.brockpress.com/
(Source: http://scripts.ranking.com/data/details.aspx?theurl=brocku.ca)
(Source: https://web.archive.org/web/19981212023404/http://www.brocku.ca/)
15. Search job posting sites for jobs the company has posted.
Indeed: http://www.indeed.ca/jobs?q=brock+university&l=
Brock University Job Center: https://careerzone.brocku.ca/student/overview.htm
(Source: https://brocku.ca/directory)
(Source: http://viewdns.info/dnsrecord/?domain=brocku.ca)
Conclusion:
Of all the attacks that were skipped because the attacks were active attacks, the most beneficial
attacks would be no. 22 visit the company as a customer and extract privileged information.
Though all the online tools were very helpful and it provided some vital information about the
university but the most advance step in this case because if a social engineer/hacker visits the
university as a student and ask about the information about the university, university
representatives would be obliged to give at most information about the university to a potential
student and he/she can also get a campus tour to know more about the university and the
infrastructure. The most important part of pretending to be a customer is that it is very easy to
hack a human rather than a machine, talking to a human and extracting some very vital
information which are not generally very easy to hack on the machine. Humans are easy to hack
and manipulate.
References:
Academic OneFile. (n.d.). Retrieved July 25, 2016, from
http://www.torontopubliclibrary.ca/detail.jsp?Entt=RDM613183
Brock University | Revenue and Financial Reports. (n.d.). Retrieved July 25, 2016, from
http://www.hoovers.com/company-information/cs/revenue-
financial.brock_university.e2f88f94ec7741f8.html
DNS Record Lookup. (n.d.). Retrieved July 25, 2016, from http://viewdns.info/dnsrecord/?
domain=brocku.ca