Companies leave paper marks for almost every activity they do, making it easy for a hacker or investigator to dig up everything from business licenses to the signature of a CEO if they know where to look. To do this, we will look at the databases of government organizations and private companies to find out everything about companies and the people behind them.
You can probably imagine why it might be useful to find out if a company is real or not. It can also be useful to check if a certain person works for a company that they say they do. Although this information almost always exists, it is usually not accessible with a simple Google search. Much of this information is in databases for which you must submit searches to discover it.
Background Checking a company
To be a good researcher, we need to figure out where the information is and what search terms we should use to extract it. Whether we are trying to reinvent the company whether it is legitimate, or are looking for a target to send the perfect phishing email to, there are many reasons why this information can be useful.
If you want to know that a business is legitimate, the best place to start is to delve into their licenses and key figures. Finding proof of a permit is a positive sign and will also lead to the names of the employees and officers mentioned on those documents. By finding these official documents, you can cross-check information to look for inconsistencies or patterns, such as the same people or addresses used to similarly register unrelated companies.
If you are a penetration tester, business research can take a more offensive turn by looking for the people, documents, and opportunities needed to get the perfect phishing e-mail. make mail. Getting a high-level supervisor to do something he shouldn't do, such as opening a PDF from a stranger, can be done if the file is one that the hacker knows his purpose expects.
If we have a malicious PDF for someone who opens it in a company, we must first know a few things. First we have to identify the people who deal with the paperwork and others they talk to to do their job. We also need to know that the document they expect to see looks like, preferably by first finding a scanned version online.
With the right information, we can compile a phishing e-mail to the right employee who looks like a document expected from someone they trust. By digging, we can even add the signatures of other executives to make our PDF even more convincing.
Let's see what we can dig up.
To follow this guide, you only need an internet connection and browser. The great thing about OSINT is that we don't need a lot of resources for it, and we can often rely on smart search terms or a well-formulated original question to extract the information we need.
Here we find a number of valuable tools for finding information about companies. We will use this page as a reference for links and will return to it later.
To begin, you see the list of secretaries of state business search websites for each state. We start our search on these links.
Step 2: Select a target and search status database
Our target today is Equifax. We start by trying to find out in which state they do business. Because the state of California is huge and requires a lot of paperwork to do business, it's a good guess that if the company you're looking for is big, they do business and have papers there.
Navigate to the California State Secretary page for business search, which allows you to search for documents from any company doing business in the state of California. Enter your search term and select a company for larger companies and an LLC for smaller companies. If you do not get a result the first time, run the search again with the other option.
The results should link to business documents, and here we will see that there is only one active entry for Equifax. We now know in which state we can find more information in Georgia.
By clicking on the active list, we can see information about the submission, including an exact address. We can also view PDF files of documents that they have submitted.
Step 3: Search for Signatures in Documents
To find signatures, we can take a look at the documents we have found . The second document that we find not only contains a signature, but also the name of everyone who is important in the company.
We have already achieved some of our goals now that we know who does the paperwork, but we still need to know who we should and to which e-mail address to send it. For that we go to another data source.
Back on the IntelTechniques page we click on the link to OpenCorporates.com. With this site we can search business documents, not only in one state, but in all states at the same time. While this may seem useful, it can quickly become overwhelming if we don't know where to look first.
Searching for "Equifax" yields more than 700 results! To reduce this, we can tick "exclude inactive" to remove entries from companies that are no longer active, which reduces the number to 373. But if we filter to include only companies in Georgia, we are only 21.  How to recognize fake companies and find the signature of CEO & # 39; s with OSINT ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>