Tester Jobs Requirements (VIDEO GAME)

In our every day lives when we want to know something about someone or a particular thing we often end up googling it, its the fastest and the most accessible way to discover information. Here its pretty much the same thing, first you want to search on Google about your subject, no matter if its company, person or something third. Firstly you will discover personal/company websites and blogs which will give you a brief introduction into what your subject does and which activity it performs. On such websites you might find information like interests, hobbies of a person, e-mail addresses, company projects, clients, etc. This will help you in better understanding of subject environment and help you in reconnaissance. You dont want to stop on this, you will want to search things that are related to the stuff you already found and make your search as exhaustive as possible. You can make your search more exhaustive by using many Google search operators that are available or extend it by using different search engines like Bing, Yahoo and many others. Here you can find documentation of advanced search operators which can be powerful tool in your search. Google periodically takes snapshot of web pages if the current page isnt available and stores them into Google cache. Google cache can be used as a source of information since it can contain information that has been removed from the page.

Here I will list and briefly explain some of the interesting places where you can gather particular information:

Social Networks

People use social networks to make public profiles and interact with other users on web, basically they share their interest, hobbies, pictures and other content. Sites like Facebook, Twitter, Google+, LinkedIn swarm with such information and we find them interesting in reconnaissance. LinkedIn is probably the most interesting site in this aspect since it is oriented on business and professional networking. It contains information about companies, jobs, business opportunities, people, their interests, professional skills and many other things.

People-Search Websites

There are some websites like PeekYou and Pipl that search for information about particular person. This is a great way to gather information about for example employers of the specific company. They provide access to phone numbers, addresses, e-mail addresses and links to public social media profiles.

Web groups and forums

Web groups, forums and similar places which are related to a company or a person can also lead to valuable information. You might find posts written by employees where they use their work e-mail address for their forum profiles and talk about specific products and versions that are used within company. They might use technical forums to troubleshoot problems, in which case they might post information about errors (e.g. log dumps) that occurred, this can provide valuable information.

The Wayback Machine is an archive of websites on the Internet, created by the nonprofit organization Internet Archive. With this tool we can see search through archived versions of websites across time. Sometimes, on the websites there might be some information that is removed for security reasons, so with this tool we can try to obtain such information, who knows what kind of information was available in the past.

WHOIS information

WHOIS information is information which individuals, businesses and organizations provide when they register domain names. Each of them provide contact and identifying information which can contain: name, IP addresses, phone numbers, e-mail addresses, administrative and technical contacts and information about domains and sub-domains. There are many tools and websites with which you can search for WHOIS information, you can find them on Google. This information is extremely valuable and provides us possibility to identify sub-domains and other related sites. Netcraft is also an useful tool for identifying sub-domains but it can also provide information about technologies that are used on specific website. Now when we have a list of sub-domains we can perform google sub-domain search and identify related domains, ultimately having a list of interesting domains which you can then analyze.