[Irongeek]

I'm thinking my next article will be on Cyberstalking Potential Employers. The idea is you want to have more information about the IT systems the employer uses so you have a better interview, so you passively find out about their network and study up on what you need to know to impress them. Some of the ideas I want to cover are:

* Email headers that give network information.
* Google scrounging.
* Forum/Usenet posts.
* Social Networking Sites.

Other ideas?

[PhreakerD7]

Banner grabbing their sites
Social Engineering
Running through their site to learn some of their company lingo

IDK. Sounds like a cool article, though. Can't wait.

[Multi-Mode]

This sounds hot.... I need to find something diffrent.

Possibly mineing for internal payscales so you know what can be negotiated.

[PhreakerD7]

Yeah, thats a good idea.

Also, maybe tell them to probe around the network as if they were pen testing it. Maybe if they find some vulnerabilites, get hired, first week on the job, BAM. You find and fix multiple vulnerabilities. Just a thought.

[Irongeek]

PhreakerD7, on May 30 2007, 01:10 AM, said:

Yeah, thats a good idea.

Also, maybe tell them to probe around the network as if they were pen testing it. Maybe if they find some vulnerabilites, get hired, first week on the job, BAM. You find and fix multiple vulnerabilities. Just a thought.

That would most likely make them suspicious of you, I'm more thinking of passive things that can be done to find out about their systems.

[Irongeek]

Anyone else care to chime in?

[xof7]

What about familiarizing yourself with any specific software that they use in-house. Ticket software, VoIP management sw, or whatever your going to be doing for them. It kinda works in with se'ing at the job interview.

[revebo]

I very much like this idea, for example when I was working my 4 year tenure with Southwest Airlines Technology.. We ended up upgrading NDS/SMS servers and upon NeDS via AD. Now most employers I have come across have no idea what NeDS was, and some thought it might have been a typo on my part. Well That was Novell E Directory Services that were conflicting with Active Directory on W2k3. And lots of recruiters will ask if you have active directory experience after they just asked about if you have Server experience , etc.. To me that's like asking if you have control panel experience if you know about Windows Xp. Yeah you dont want to act like your a pen tester,hacker,etc.. That will flag most companies that either you are someone who is coming in their to be a know it all , or perhaps not go with the flow of their architecture. And lots of companies have different lingo/tech jargon for the things they are wanting to hire for.. Some companies have no idea about "imaging" They call it ghosting, or incorrectly "diskwiping" when they merely load another image and dont perform a full blown format. Another arena of miscommunication is the VPN arena. Some use Cirtix Terminal Client/Server, some use Ms Terminal Services, and the most inexperienced VPNs use shit like remotely anywhere, pcanywhere or Stac's reachout. Now you would be surprised how many remote authentication to corporate VPNs dont use a token based/Hardware LDAP/Radius type of authentication from Client to Server end via home. So at times the more you tell about your experience, either A, IT manager will be embarrassed by their own setup, B think you dont know their afro-engineered methods because you worked at another company whom did things differently, but methods are the same.

Then you come to the very weary of companies, that exclude all working experience and want you have have current certs, this is where you have to flat out lie, or tell them a google mined number that is expired, and offer that upon hire in 9 months-1 year you will re certify if required. Which this wont matter unless working for a company that actually assists other certified members online or on the phone. I think what will make this a good project is dumping information from companies that techs have worked for in the past, and their current enviroments...

BoA: XP, NT, OS2

United Technologies: Just migrated their carrier division to XP upon NAL App Launcher and NeDS from Netware/Zen 6

Nestle Waters: Win2k , Ms Exchange 5.5

Southwest Airlines: Currently migrating away from all Novell unto a Win2k3/XP pure environment.. With using authentication products stemming from term hp3270, oblix, and now all AD.


Then you have the option to know if some companies are using groupwise or Outlook, You;ll know if the companies need people to develop app objects in Novell App launcher or Object Oriented Polices in Ms environments..


You'll see idiots whom don't know what a bios is, that are so bound by replacing/break.fix crap that they have no ideas on what is going on till they get inside the high end of the system.. The problem with getting an interview with a client/company is knowing how they bs their needs in their crappy network environment.

[Remix]

This will be a cool article I am looking forward to reading it.

[unsupported]

How about good old dumpster diving? A wi-fi audit?

-un

[ragweed]

Call the IT guys and ask them.

[mubix]

ragweed, on Jun 29 2007, 07:09 PM, said:

Call the IT guys and ask them.

This would fall under the Social Engineering category, same with almost everything I would suggest. Some things you could get familiar with though
Create a profile:

Network Ranges
Domains
Ports / Protocols (Could help you find out what they run)
Web site crawling
Google cache crawling
DNS Googling

laptop battery dieing.. I'll edit later

[nwbell]

I'd have to agree on the PASSIVE part. You could probably learn more about their setup than their own techs know, but it would probably scare your interviewer when you started finishing his/her sentences for them

I know I'd be a bit suspicious if someone knew too much. A little bit is great and goes a long way. But if they seem to know things that outsiders would have no reasonable way of finding out, I'd start asking where they got their facts from. If they didn't have a good answer, I'd be done right there.


OK: any info available from the company website, even if it's buried (bonus points if it's buried, IMHO); stuff found on Google; info from email headers; info on what software/hardware is in use based on what you saw on the way in. This shows interest and commitment.

Iffy: banner grabs; info from friend who is a current or former employee (maybe I get along with So-N-So, maybe I don't). This shows you're a little bit too into it, and can easily rub them the wrong way.

Not OK: anything you'd have to SE, crack, shoulder surf, UE, blackmail, bribe, break and enter, etc. to obtain. This shows you're not above using questionable methods to get what you want, and thus casts you in an unfavorable light.


Just my US$0.02.

[tehbizz]

I know a lot of people that have done this, I know I have. While I haven't gone as far as trying to map their systems or anything like that, I did do my fair share of social engineering and information scraping. It's always better for you when you know the company's financial background and where they're going than knowing their systems. If you come in talking how about nicely laid out their network is, you'll raise flags.

[Irongeek]

Here is a preview before I post it to the front page:
http://irongeek.com/i.php?page=security/ho...ntial-employers

let me know what you think.

[Poet]

That was a very insightful article. I've never thought about doing something along the lines of looking up possible employers but it seems like a very good idea. The link you posted inside the article "What can you find out from an IP?" doesn't seem to work for me but I found it after browsing about.

Normally when looking up information I also simply google the email address. Normally people wouldn't use their company email addresses for anything other than email but you could get lucky? This was kind of covered anyhow, I guess.

Looking forward to reading more :)

Edit: Never try to spell before you've had your morning coffee

This post has been edited by Poet: 04 July 2007 - 09:25 AM

[Irongeek]

Thanks for letting me know. I think I fixed it, but the old page is still cached at this moment.

[tehbizz]

Having employers cyberstalk you is extremely common these days. I know most HR people will frequently run Google/Yahoo searches for potential background information during a background search. It offers them a look into your private life and how well you conduct yourself there and how that can potentially transfer into your professional life. As you stated, those drunken pics on Myspace won't bode well with a potential employer if they find them and if they find out things of a more lascivious nature, your outlook is dire with them.

How you conduct yourself outside of work is just as important to an employer as how you conduct yourself at work. If you're a womanizing drunk who loves to go clubbing, they think there's a high probability that you'll end up sexually harassing a female coworker or you may come to work still drunk from the night before. Your online life is just as important as your offline life is these days.

[Irongeek]

It's been up one day, and it's number one in Google for "How to cyberstalk":

http://www.google.com/search?hl=en&q=h...G=Google+Search

Yippy.

As tehbizz mentions, employers may cyberstalk you before employment. That kind of worries me because I hate the idea of employers messing in peoples personal lives.

[R3c0n]

This can actually be to your advantage if you think about it....(unless you already got tons of details about you thats not appealing). If you were half smart, (and you got a bad past/nasty habits to hide) you would setup some sites/profiles online that would be appealing/impressive to your future employers...

P.S: Oh yea...you can always setup a Google Alert,..so that you are notified as soon as something distasteful about you hits the internet.

This post has been edited by R3c0n: 05 July 2007 - 05:46 PM