Exposed or Not

"The opportunity of defeating the enemy is provided by the enemy himself."
-Sun Tzu

How can you get into a house which has no doors or windows? Maybe it's made of bricks and has no holes. Still, it's made of bricks, right? You can break it to get inside. What if something more sustainable and stronger than this, still you can break into it to get inside, right? Everything is breakable; you just need to know what it's made of and how to crack that. Collect the exact info and strike through it.

I attended an event recently where one of the presentations contained this message. He explained some devastating situations where the enemy himself gives away all the information to tear him apart. Here the enemy was about some techy stuff or we in general. Whether its a website hacking or a human, you must gather some information first and then act accordingly. Information gathering should always be on the first priority list. No matter if you are going to defeat your enemy or win over someone.

There is a thing that we got to know while learning ethical hacking. While researching a website for possible vulnerabilities, we noticed that the more complex and huge the website is, the more potential vulnerabilities it creates. The simple and less unnecessary features are less prone to be compromised. Haven't you seen a bride who is wearing a huge dress filled with lots of ornaments and has done gorgeous makeup? What about her comfort in moving or walking freely with those heavy outfits and stuff? Too complex to move around; the lighter things get, the easier it is to manage. The same goes with any of our targets or enemy; if you observe the activities thoroughly, you will find your endpoints to break into.

Recently, during one of our practices, we got to play with a website that was still under construction. I mean, the developers were still working on various parts. So during playing with the page sources, we got some comments on the framework versions, which were meant for the other developers who checked. Usually, comments on the sources are not visible on the front page but can be viewed from the page source, which was meant to be informed not the end users but the co-developers. This may not be the proper way to pass this information, but they did, it was a mistake, and we got many such comments that became a weak point for them to be exploited.
The same could be done with a human too, maybe your enemy or someone you wanna win over. Observe them, see what they share, what they do if they are active on social media, then BOOM! You would have a ton of information to have a solid idea of how to approach; that's why I have always been on the opposite side of being so open to social media. I was always comfortable with my fewer activities and not insecure about anything, but it's always better to be preventive.

Photo by Jon Tyson on Unsplash

How exposed are you to give your enemies better ground against you? Dig yourself.