Information gath

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer
INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
How Important do Information Gath. Information Gath. Chance of Successful attack~
Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
Google Hack ( cont’d ) Google basic search help
Google Hack ( cont’d ) Operators and More Search help
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Other Examples :
Google Hack ( cont’d ) Other Examples :
Google Hack ( cont’d ) More Examples :
Netcraft an Internet monitoring company based on England Uptimes OS detection web server
Netcraft ( cont’d )
Whois
host
dig
REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/
1 of 21

Information gath

Download to read offline
EducationTechnologyBusiness
M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer

Recommended

iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_PentestM.Syarifudin, ST, OSCP, OSWP
14.8K views39 slides
Pentesting with MetasploitPentesting with Metasploit
Pentesting with MetasploitPrakashchand Suthar
3.4K views23 slides
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
1.5K views21 slides
MetasploitMetasploit
Metasploithenelpj
3.8K views20 slides
Multi-Agent System for APT DetectionMulti-Agent System for APT Detection
Multi-Agent System for APT DetectionThibault Debatty
532 views15 slides
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxAnshumaanTiwari2
285 views25 slides

More Related Content

What's hot

THOR Apt ScannerTHOR Apt Scanner
THOR Apt ScannerFlorian Roth
5.1K views7 slides
Eliz seminar Eliz seminar
Eliz seminar henelpj
134 views28 slides

What's hot(20)

THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth5.1K views
Eliz seminar Eliz seminar
Eliz seminar
henelpj134 views
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto4.4K views
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded2.1K views
Investigating Malware using Memory ForensicsInvestigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
Cysinfo Cyber Security Community4K views
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar3.3K views
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
Security Bootcamp725 views
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava5.2K views
Real life hacking101Real life hacking101
Real life hacking101
Florent Batard588 views
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
FFRI, Inc.447 views
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
Xavier Mertens4.3K views
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community585 views
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja353 views
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
n|u - The Open Security Community952 views
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU289 views
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
GTU37 views
MetasploitMetasploit
Metasploit
Lalith Sai436 views
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
securityxploded2.5K views
Michelle K Webster: Malware - Cryptolocker Research FinalMichelle K Webster: Malware - Cryptolocker Research Final
Michelle K Webster: Malware - Cryptolocker Research Final
M.K. Webster270 views
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad367 views

Viewers also liked

Viewers also liked(6)

My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP 25.5K views
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP 14.4K views
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP 23.6K views
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP 13.3K views
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP 16.6K views
IPTV SecurityIPTV Security
IPTV Security
M.Syarifudin, ST, OSCP, OSWP 18.4K views

Similar to Information gath

Ceh introCeh intro
Ceh introAnimesh Roy
70 views18 slides

Similar to Information gath(20)

Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
HassanAhmedShaikh150 views
Ceh introCeh intro
Ceh intro
Animesh Roy70 views
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
Vishal Kumar4.9K views
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna591 views
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism1.3K views
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
missstevenson01266 views
Hunt down the evil of your infrastructureHunt down the evil of your infrastructure
Hunt down the evil of your infrastructure
Bangladesh Network Operators Group340 views
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
MissStevenson1370 views
Ethical hackingEthical hacking
Ethical hacking
Meghal Murkute192 views
Basic of Ethical Hacking and Penetration Testing - 1st ModuleBasic of Ethical Hacking and Penetration Testing - 1st Module
Basic of Ethical Hacking and Penetration Testing - 1st Module
ankit sarode2.5K views
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin1.1K views
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
NEHA PATEL4.1K views
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
Eric Johansen, CISSP1.3K views
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey804 views
Ethical hEthical h
Ethical h
kawsarahmedchoudhuryzzz826 views
Ethical hackingEthical hacking
Ethical hacking
kawsarahmedchoudhuryzzz6.1K views
Ethical hEthical h
Ethical h
Dr. Salman Iqbal774 views
Ethical hackingEthical hacking
Ethical hacking
sumanth12011.4K views
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
Megawatt Content Marketing263 views
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING1.4K views

Recently uploaded

Dance KS5 BreakdownDance KS5 Breakdown
Dance KS5 BreakdownWestHatch
53 views2 slides
ICANNICANN
ICANNRajaulKarim20
61 views13 slides

Recently uploaded(20)

Compare the flora and fauna of Kerala and Chhattisgarh ( Charttabulation) Compare the flora and fauna of Kerala and Chhattisgarh ( Charttabulation)
Compare the flora and fauna of Kerala and Chhattisgarh ( Charttabulation)
AnshulDewangan3154 views
STYP infopack.pdfSTYP infopack.pdf
STYP infopack.pdf
Fundacja Rozwoju Społeczeństwa Przedsiębiorczego159 views
Dance KS5 BreakdownDance KS5 Breakdown
Dance KS5 Breakdown
WestHatch53 views
ICANNICANN
ICANN
RajaulKarim2061 views
Classification of crude drugs.pptxClassification of crude drugs.pptx
Classification of crude drugs.pptx
GayatriPatra1460 views
DU Oral Examination Toni SantamariaDU Oral Examination Toni Santamaria
DU Oral Examination Toni Santamaria
MIPLM128 views
BYSC infopack.pdfBYSC infopack.pdf
BYSC infopack.pdf
Fundacja Rozwoju Społeczeństwa Przedsiębiorczego160 views
CWP_23995_2013_17_11_2023_FINAL_ORDER.pdfCWP_23995_2013_17_11_2023_FINAL_ORDER.pdf
CWP_23995_2013_17_11_2023_FINAL_ORDER.pdf
SukhwinderSingh895865480 views
Class 10 English notes 23-24.pptxClass 10 English notes 23-24.pptx
Class 10 English notes 23-24.pptx
TARIQ KHAN74 views
SIMPLE PRESENT TENSE_new.pptxSIMPLE PRESENT TENSE_new.pptx
SIMPLE PRESENT TENSE_new.pptx
nisrinamadani2159 views
Narration lesson plan.docxNarration lesson plan.docx
Narration lesson plan.docx
TARIQ KHAN92 views
ACTIVITY BOOK key water sports.pptxACTIVITY BOOK key water sports.pptx
ACTIVITY BOOK key water sports.pptx
Mar Caston Palacio275 views
OEB 2023 Co-learning To Speed Up AI Implementation in Courses.pptxOEB 2023 Co-learning To Speed Up AI Implementation in Courses.pptx
OEB 2023 Co-learning To Speed Up AI Implementation in Courses.pptx
Inge de Waard158 views
Lecture: Open InnovationLecture: Open Innovation
Lecture: Open Innovation
Michal Hron94 views
Plastic waste.pdfPlastic waste.pdf
Plastic waste.pdf
alqaseedae94 views
Nico Baumbach IMR Media ComponentNico Baumbach IMR Media Component
Nico Baumbach IMR Media Component
InMediaRes1368 views
ICS3211_lecture 08_2023.pdfICS3211_lecture 08_2023.pdf
ICS3211_lecture 08_2023.pdf
Vanessa Camilleri79 views
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
Jisc65 views
231112 (WR) v1 ChatGPT OEB 2023.pdf231112 (WR) v1 ChatGPT OEB 2023.pdf
231112 (WR) v1 ChatGPT OEB 2023.pdf
WilfredRubens.com118 views
Class 10 English lesson plansClass 10 English lesson plans
Class 10 English lesson plans
TARIQ KHAN189 views

Information gath