Hackers typically engage in the following types of activities when collating information and data about employees, individuals, enterprises etc : 1) Information gathering 2) Determining the network range 3) Identifying active machines 4) Finding open ports and access points 5) OS fingerprinting 6) Fingerprinting services 7) Mapping the network attack surface

1. Footprinting and Scanning-
Seven Step Information
Gathering Process

2. Overview of
the Seven Step
Information –
Gathering
Process
• Scope of footprinting comprises of collating information
which can be in the form of it being passive or active
• Deceptively phoning the helpdesk to elicit sensitive
information is categorised as active information
gathering.
• Reviewing company information from a website is
defined as passive footprinting.
• Scope of scanning entails pinging machines, identifying
network ranges, port scanning systems
• EC Council developed a framework for footprinting and
scanning into 7 steps

3. Footprinting
and Scanning
Framework
Information gathering
Determining the network range
Identifying active machines
Finding open ports and access points
OS fingerprinting
Fingerprinting services
Mapping the network attack surface

4. 1. Information
Gathering
• Critical step within the process of footprinting and
scanning
• Information about companies can be elicited from
company website, trade papers, financial databases
or from ex employees etc
• Developing a documentation with matrix fields such
as domain name, IP address, DNS Servers, Employee
information, e-mail addresses, IP Addresses, open
ports etc can help you structure your analysis
• Collating information about a website can typically
comprise of the following: Company URL, Internal
URL, Restricted URL, Internal Pages,

5. Jobsites
• Job sites can be used to collate valuable company information,
most popular job boards are the following: Careerbuilder.com
Monster.com Dice.com Indeed.com etc
• Attackers can also use the following types of websites to collate
information about people and employees:
1. Pipl: https://pipl.com/ Spokeo:
2. http://www.spokeo.com/ BirthdayDatabase.com:
3. http://www.birthdatabase.com/
4. Whitepages: http://www.whitepages.com
5. People Search Now: http://www.peoplesearchnow.com/
6. Zabasearch: http://www.zabasearch.com/
7. Peoplefinders: http://www.peoplefinders.com/
8. Justia email finder:
http://virtualchase.justia.com/content/finding-email-
addresses

6. Social Networking
• Social networking sites can also be utilised to collate people
information: Facebook Twitter LinkedIn Google+ Pinterest etc
• Financial Information about a company can be collated using
the following websites:
1. Marketwatch: http://www.marketwatch.com
2. Experian: http://www.experian.com
3. Wall Street Consensus Monitor:
http://www.wallstreetconsensusmonitor.com/
4. Euromonitor: http://www.euromonitor.com

7. Basic Google Hacking
• Google as a search engine can be pursued to perform
detailed searches on people
• Google search engine has the powerful capabilities to
translate documents, perform new searches and do
image searches.
• Hackers can use Google advanced operators and use it as
a powerful vulnerability search tool
• Advanced Google operators can be used to identify
sensitive information that shouldn’t be revealed.

8. Google
Advanced
Operators

10. UK - Cyber Defence Academy
• Specialist provider in bespoke classroom, online and self learning
cyber security and cyber defence training.
• Visit us on : www.tech-strategygroup.com
• Empower your employees to become aware about cyber security
• Implement bespoke cyber security training programmes for your
employees in alignment to your cyber security strategy,
transformation programmes and projects.
• For more information e-mail us on: info@tech-strategygroup.com