FOCA – Reconnaissance Complete
This week’s module was completely dedicated to FOCA. This module also concludes the “Reconnaissance” course line.
FOCA is a tool designed to search a domain and download any documents it finds. Then it takes those documents and analyses the metadata in the file in order to look for additional information, such as usernames and passwords. This is one of those niche specialty tools that really performs well, allowing you to gain a great amount of intelligence on a target. You’ll be surprised by what you’ll find (I was). I ran this tool against my company (With permission of course) and actually came across some interesting results that my security team gets to raise with the system owners. This is a very valuable tool that I recommend for any security professional (Especially penetration testers).
I had some issues trying to download the tool though. The provided link within the lab (And on the rest of the Internet) says to go here: http://www.informatica64.com/DownloadFOCA/ , however when I hit that link I get redirected to a generic FOCA information page with no download link. The module mentions you have to give them your email, and I did see a “Newsletter” registration on the side, but since it didn’t specifically point out that I have to go through that in order to download the tool I didn’t. After doing some searching, I was able to find a FOCA mirror here: http://www.downloadcrew.com/article/22211-foca_free . I ran the MSI through VirusTotal and it came up 100% clean, so I wasn’t too concerned about installing it on my machine. I don’t know if this is a recent change on the FOCA website, or perhaps I’m just being dense, but just an FYI if you run into the same troubles I did.
Since this module concludes the “Reconnaissance” course, I would like to take a second to reflect on the material. There was a lot of information in this course on gathering intelligence on targets, and after working through all of the labs I was blown away after seeing the amount of information there is available. It really is scary for those of us working on the blue team, and I highly recommend that you run all of these tools against your own organization (Realize the bad guys are already doing this and then some). I really learned a lot on how to gather intelligence and I’ve been actively utilizing it in my day job. This was a great course that I will reference in my day to day duties on a regular basis.
Kevin- A student’s perspective