• Save


Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Footprinting And Intelligence Gathering



BSides DFW 2010

BSides DFW 2010
Footprinting & Intelligence Gathering Paterva & Beyond



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Footprinting And Intelligence Gathering Footprinting And Intelligence Gathering Presentation Transcript

  • Footprinting & Intelligence Gathering Paterva & Beyond Wardell Motley, C | EH, NSA IAMIEM BSides – Dallas Ft. Worth – 2010 [email_address]
  • Agenda
    • Definitions
    • So what this isn't 0 day!!
    • Why should this matter to me...
    • As a Business?
    • As a Penetration Tester?
    • As the individual?
    • The tools
    • Maltego
    • Maltego Mesh
  • Definitions
    • Footprinting
    • In computer security, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment.
    • http://www.networkdictionary.com/security/f.php
    • Intelligence Gathering
    • In government and military operations, evaluated information concerning the strength, activities, and probable courses of action of international actors that are usually, though not always, enemies or opponents.
    • http://www.answers.com/topic/intelligence-information-gathering
    View slide
  • So what this isn't 0 Day!! View slide
  • Why should this matter to me…
    • What good is 0 Day if you don’t know anything about your target?
  • As a Business?
    • Competitors
    • Compliance ≠ Security
    • Information leakage
    • I have all my boxes checked but the receptionist just gave the delivery guy the secret key code to get into the front after hours
  • As a Business?
    • User Training (This Means a Continuous Process)
    • Does the receptionist really need to give out that much information?
    • Map out your information flow
    • Who has access to what and why?
    • Avoid privilege creep
    • If someone changes functions in a company take away the old permissions.
    • *Remember Defense in Depth can be circumvented by Tom Foolery and lack of common sense…
  • As a Pen Tester?
    • Proper Intelligence gathering & footprinting is key to protecting & understanding your clients!
    • The more time spent gaining Intel the less Nessus plugin’s you will need to run!
  • As a Pen Tester?
    • What else can I look for beyond the usual?
    • Where does the information flow?
    • Over & Under the firewall
    • P2P & Torrent sites, Online Storage Sites
    • Google Docs anybody?
    • Old Exchange User Archives
  • As the Individual?
    • That ex girlfriend is back!!
  • The Tools
    • Maltego 3 by Paterva (paterva.com)
    • Zoominfo.com
    • Many Many others!!!
  • Questions?