INFORMATION GATHERING
IN A PENTEST
By : Syarif
@fl3xu5
Cybercrime Investigation Center Mabes Polri
Jakarta, 28 Januari 2012
Agenda
About Pentest ( Penetration Testing )
Pentest Phase
How Important do Information Gathering
Passive & Active Informa...
About Pentest ( Penetration Testing )
A method to evaluate the security of computer system / network
Practice ( attacking ...
Pentest Phase
Information Gathering
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
How Important do Information Gath.
Information Gath. Chance of Successful attack~
Passive & Active Information Gathering
Passive Information Gathering Active Information Gathering
Google Hacking
Netcraft
...
Google Hack
was introduced by Johnny Long
based on google basic usage information :http://
www.google.com/help/basics.html...
Google Hack ( cont’d )
Google basic search help
Google Hack ( cont’d )
Operators and More Search help
Google Hack ( cont’d )
Examples :
Google Hack ( cont’d )
Examples :
Google Hack ( cont’d )
Examples :
Google Hack ( cont’d )
Other Examples :
Google Hack ( cont’d )
Other Examples :
Google Hack ( cont’d )
More Examples :
Netcraft
an Internet monitoring company based on England
Uptimes
OS detection
web server
Netcraft ( cont’d )
Whois
host
dig
REFERENCES
http://www.pentest-standard.org/index.php/
PTES_Technical_Guidelines
http://www.metasploit.com/about/penetratio...
Upcoming SlideShare
Loading in...5
×

Information gath

1,860

Published on

Published in: Education, Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
1,860
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
31
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Information gath

  1. 1. INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
  2. 2. Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
  3. 3. About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
  4. 4. Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
  5. 5. How Important do Information Gath. Information Gath. Chance of Successful attack~
  6. 6. Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
  7. 7. Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
  8. 8. Google Hack ( cont’d ) Google basic search help
  9. 9. Google Hack ( cont’d ) Operators and More Search help
  10. 10. Google Hack ( cont’d ) Examples :
  11. 11. Google Hack ( cont’d ) Examples :
  12. 12. Google Hack ( cont’d ) Examples :
  13. 13. Google Hack ( cont’d ) Other Examples :
  14. 14. Google Hack ( cont’d ) Other Examples :
  15. 15. Google Hack ( cont’d ) More Examples :
  16. 16. Netcraft an Internet monitoring company based on England Uptimes OS detection web server
  17. 17. Netcraft ( cont’d )
  18. 18. Whois
  19. 19. host
  20. 20. dig
  21. 21. REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/
  1. ¿Le ha llamado la atención una diapositiva en particular?

    Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

×