Lazy Hacker

  What is PII? Personally Identifiable Information (PII) is the data that could identify a specific person and identity. What is included in PII? It includes Personally Identifiable Information, it varies according to your country, but usually include the following: Mobile number Phone number Physical Address Email address Aadhaar number Pan number Salary amount Social security number National ID number Session cookies Username Password How to find PII data in Splunk logs?? To find the PII data start with a basic query like  index=test “*@gmail.com” . You will get the output with the Gmail IDs, now start finding the variable names that the company is using to define the PII data like “emailAddress”, “Phonenumber”, etc from the output. In the same way, we have to search for different variable names that are used in the logs for defining the PII data. When we were searching for the PII data, we have found some variable names that companies are mostly using for defining the PII data which

  What is sub-domain Enumeration? Subdomain enumeration is a process of finding subdomains for one or more domains. Why need sub-domain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web applications that might be forgotten/left unattended by the organization for the maintenance or other reasons and may lead to the disclosure of critical vulnerabilities. Types of sub-domain enumeration There are two types of enumeration techniques available which consist of other sub techniques. 1. Passive sub-domain enumeration In passive sub-domain enumeration, an adversary or tester gathers the sub-domain information without directly connecting to the infrastructure managed by the organization. In this process, the adversary or tester gathers the information from third parties like, th