Synopsis
Do you enjoy the reconnaissance part of a penetration testing? Want to discover issues on your network, assets or applications proactively? Would you like to learn some new OSINT based recon tools and techniques? Follow the rabbit hole and find exploitable critical vulnerabilities in the Panama Papers law firm and politics both American and international including Trump and the DNC. Analyse network and email configurations for entry points and exploits with FOCA, Maltego, Nmap/ZenMap, and Spiderfoot. Learn how to use advanced searches, alternative search engines that don't respect robots.txt., intel tools, and leak databases. Open source intelligence gathering (OSINT) and web-based reconnaissance is an important part of penetration testing and proactive defense. The more connected we are, the more information is held about everything. Yummy, juicy information for both a penetration tester or a malicious actor. Learning what sources of are available to start your search is an important first step in learning about reconnaissance and how the information could be utilized or resold. Both issues you or your client need to know. All of the tools and techniques in this book can be ninjafied with Python, Ruby or PowerShell.Initially, this book began as a presentation at the Cyber Senate Industrial Control Cybersecurity Nuclear Summit in Warrington, UK 2016. Originally, I intended to use some of the same techniques to target a nuclear power plant or someone in a nuclear regulatory capacity. After submitting my original talk idea. Daesh, otherwise known as ISIS, began publicly threatening the European nuclear industry. Due to the threats, we decided it wasn't in anyone’s best interest to give a how to target nuclear installations and changed the target instead to the law firm behind the Panama Papers fiasco. The project expanded to include additional targets with mostly a political slant. 2016 was a very tumultuous year in politics. Brexit, Trump, and the rise of the interesting politics and coups in Turkey, Netherlands, Germany, Russia, Bulgaria and the Philippines. It’s a lot more fun to learn about a topic in an empowering way. Also, only politicians like politicians. They make a fun target.Learning a new technique is easier when it’s fun. I chose targets and case studies which gave me a happy hacker smile.
About the Author
Chris Kubecka, founder and CEO of HypaSec, is a decorated U.S. Air Force aviator and Space Command veteran whose path into technology began early. At the age of ten she hacked the U.S. Department of Justice and the FBI, a preview of the advanced technical instincts that would define her career.
She helped restore global business operations at Saudi Aramco after one of the largest cyberattacks in history, working with an exceptional team under immense pressure. She has since advised governments, militaries, and international institutions on cyber defence, artificial intelligence, drone warfare, offensive technology, and the protection of critical infrastructure.
When Russia invaded Ukraine, Chris helped organize an OSINT-driven evacuation effort. After fleeing Kyiv herself, she aided the rescue of a prominent basketball player targeted for ransom and then coordinated the safe passage of thousands of foreign students in occupied areas. She and her team guided caravans, tracked routes, managed humanitarian shipments, leveraged diplomatic back channels, and distributed intelligence in real time.
Her investigative work includes exposing vulnerabilities in Boeing's 737 MAX systems through responsible disclosure and later serving as a whistleblower when the company retaliated. She has served as Distinguished Chair in Cybersecurity and Emerging Technologies at the Middle East Institute and was recruited for the U.S. Defense Science Board as a subject-matter expert on generative AI and cyberwarfare, a role placed on hold by executive order in 2025.
Chris has been recognized with high military decorations, the Order of Thor, and other professional honours. Her research on post-quantum cryptography ranked in the top two percent of global publications on ResearchGate in 2024. Today she continues to publish under the name SecEvangelism, delivering unfiltered analysis, technical breakdowns, and sharp commentary across IG, X, Substack, Medium, BlueSky, and Rumble.
"About this title" may belong to another edition of this title.
