SlideShare a Scribd company logo

Foot printing as phase of Hacking in cybersecurity

A
AliAlwesabi

Foot printing as phase of Hacking in cybersecurity

Technology
1 of 44
Download to read offline
Phases of Hacking 1-Footprinting
Traditional Hacking The traditional way to hack into a system the steps include: • Footprint: Get a big picture of what the network is, also called reconnaissance • Scan & Enumerate: Identify reachable hosts, services, OS/service versions • Gain Access : get into the target (exploit a vulnerability) • Escalate: get the privileged root permission • maintain access: create own credentials, backdoors, Trojans,...etc. • Exit and cleaning tracks to hide your attack from security analysts
Environments and the Critical Information Attackers Can Identify Internet Presence Intranet Remote Access (travelling employees) Extranet (vendors and business partners)
Internet • Domain name • Network blocks • Specific IP addresses of systems reachable via the Internet • TCP and UDP services running on each system identified • System architecture (for example, Sparc vs. x86) • Access control mechanisms and related access control lists (ACLs) • Intrusion-detection systems (IDSs) • System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames
Intranet • Networking protocols in use (for example, IP, IPX, DecNET, and so on) • Internal domain names • Network blocks • Specific IP addresses of systems reachable via the intranet • TCP and UDP services running on each system identified • System architecture (for example, SPARC vs. x 86) • Access control mechanisms and related ACLs • Intrusion-detection systems • System enumeration (user and group names, system banners, routing tables, and SNMP information)
Remote access • Analog/digital telephone numbers • Remote system type • Authentication mechanisms • VPNs and related protocols (IPSec and PPTP)
Extranet • Connection origination and destination • Type of connection • Access control mechanism
Internet Footprinting • Step 1: Determine the Scope of Your Activities • Step 2: Get Proper Authorization • Step 3: Publicly Available Information • Step 4: WHOIS & DNS Enumeration • Step 5: DNS Interrogation • Step 6: Network Reconnaissance
Step 1: Determine the Scope of Your Activities • Entire organization • Certain locations • Business partner connections (extranets) • Disaster-recovery sites
Step 2: Get Proper Authorization • Ethical Hackers must have authorization in writing for their activities • "Get Out of Jail Free" card • Criminals omit this step
Step 3: Publicly Available Information • Company web pages • wget and Teleport Pro are good tools to mirror Web sites for local analysis • Look for other sites beyond "www" • Outlook Web Access • https://owa.company.com or https://outlook.company.com • Virtual Private Networks • http://vpn.company.com or http://www.company.com/vpn
Google Hacking • Find sensitive data about a company from Google • Completely stealthy—you never send a single packet to the target (if you view the cache) • To find passwords: • intitle:"Index of" passwd passwd.bak • Collecting email addresses • allintext:email OR mail +*gmail.com filetype:txt
Other fun searches • Nessus reports • More passwords
Be The Bot • See pages the way Google's bot sees them
Custom User Agents • Add the "User Agent Switcher" Firefox Extension
Step 3: Publicly Available Information • Related Organizations • Physical Address • Dumpster-diving • Surveillance • Social Engineering • Tool: Google Earth and Google Maps Street View
Step 3: Publicly Available Information • Phone Numbers, Contact Names, E-mail Addresses, and Personal Details • Current Events • Mergers, scandals, layoffs, etc. create security holes • Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
Step 3: Publicly Available Information • Archived Information • The Wayback Machine • Google Cache • Disgruntled Employees
Step 3: Publicly Available Information • Usenet • Groups.google.com • Resumes
Maltego Data mining tool
Using Maltego
Step 4: WHOIS & DNS Enumeration • Two organizations manage domain names, IP addresses, protocols and port numbers on the Internet • Internet Assigned Numbers Authority (IANA; http://www.iana.org) • Internet Corporation for Assigned Names and Numbers (ICANN; http://www.icann.org) • IANA still handles much of the day-to-day operations, but these will eventually be transitioned to ICANN
Step 4: WHOIS & DNS Enumeration • Domain-Related Searches • Every domain name, like msn.com, has a top- level domain - .com, .net, .org, etc. • If we surf to http://whois.iana.org, we can search for the authoritative registry for all of .com • .com is managed by Verisign
Step 4: WHOIS & DNS Enumeration
Step 4: WHOIS & DNS Enumeration • Verisign Whois • Search for mit.edu and it gives the Registrar • Whois.educause.net • Three steps: • Authoritative Registry for top-level domain • Domain Registrar • Finds the Registrant
Step 4: WHOIS & DNS Enumeration • Automated tools do all three steps • Whois.com • Sam Spade • Netscan Tools Pro • They are not perfect. Sometimes you need to do the three-step process manually.
Step 4: WHOIS & DNS Enumeration • Once you've homed in on the correct WHOIS server for your target, you may be able to perform other searches if the registrar allows it • You may be able to find all the domains that a particular DNS server hosts, for instance, or any domain name that contains a certain string
Step 4: WHOIS & DNS Enumeration • How IP addresses are assigned: • The Address Supporting Organization (ASO http://www.aso.icann.org) allocates IP address blocks to • Regional Internet Registries (RIRs), which then allocate IPs to organizations, Internet service providers (ISPs), etc. • ARIN (http://www.arin.net) is the RIR for North and South America
Internet Registry Regions http://www.iana.org/numbers/
Step 4: WHOIS & DNS Enumeration • IP-Related Searches • To track down an IP address: • Use arin.net • It may refer you to a different database • Examples: • 147.144.1.1 • 61.0.0.2
Step 4: WHOIS & DNS Enumeration • IP-Related Searches • Search by company name at arin.net to find IP ranges, and AS numbers • AS numbers are used by BGP (Border Gateway Protocol) to prevent routing loops on Internet routers Examples: Google, CCSF
Step 4: WHOIS & DNS Enumeration • Administrative contact gives you name, voice and fax numbers • Useful for social engineering • Authoritative DNS Server can be used for Zone Transfer attempts • But Zone Transfers may be illegal now
Step 4: WHOIS & DNS Enumeration • Public Database Security Countermeasures • When an administrator leaves an organization, update the registration database • That prevents an ex-employee from changing domain information • You could also put in fake "honeytrap" data in the registration
Step 5: DNS Interrogation • Zone Transfers • Gives you a list of all the hosts when it works • Usually blocked, and maybe even illegal now • 14% of 1 million tested domains were vulnerable
Step 5: DNS Interrogation • Determine Mail Exchange (MX) Records • You can do it on Windows with NSLOOKUP in Interactive mode
Excellent Tutorial
Step 5: DNS Interrogation • DNS Security Countermeasures • Restrict zone transfers to only authorized servers • You can also block them at the firewall • DNS name lookups are UDP Port 53 • Zone transfers are TCP Port 53 • Note: DNSSEC means that normal name lookups are sometimes on TCP 53 now
Step 5: DNS Interrogation • DNS Security Countermeasures • Attackers could still perform reverse lookups against all IP addresses for a given net block • So, external nameservers should provide information only about systems directly connected to the Internet
Step 6: Network Reconnaissance • Traceroute • Can find route to target, locate firewalls, routers, etc. • Windows Tracert uses ICMP • Linux Traceroute uses UDP by default
Tracert
NeoTrace • NeoTrace combines Tracert and Whois to make a visual map
Step 6: Network Reconnaissance • Firewalk uses traceroute techniques to find ports and protocols that get past firewalls • Uses low TTL values and gathers data from ICMP Time Exceeded messages • This should be even more effective with IPv6 because ICMPv6 is mandatory and cannot be blocked as well
Step 6: Network Reconnaissance • Countermeasures • Many of the commercial network intrusion- detection systems (NIDS) and intrusion prevention systems (IPS) will detect this type of network reconnaissance • Snort – the standard IDS • Bro-IDS is another open source free NIDS
Step 6: Network Reconnaissance • Countermeasures • You may be able to configure your border routers to limit ICMP and UDP traffic to specific systems, thus minimizing your exposure

Recommended

ch01.ppt
ch01.pptch01.ppt
ch01.pptmeghana092
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxBoston Institute of Analytics
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 

Recommended

ch01.ppt
ch01.pptch01.ppt
ch01.pptmeghana092
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxBoston Institute of Analytics
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
Security tools
Security toolsSecurity tools
Security toolsGreater Noida Institute Of Technology
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and WhoisAPNIC
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
DNS Abuse Handling
DNS Abuse HandlingDNS Abuse Handling
DNS Abuse HandlingAPNIC
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...AliAlwesabi
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...AliAlwesabi
 

More Related Content

Similar to Foot printing as phase of Hacking in cybersecurity

CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and WhoisAPNIC
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
DNS Abuse Handling
DNS Abuse HandlingDNS Abuse Handling
DNS Abuse HandlingAPNIC
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 

Similar to Foot printing as phase of Hacking in cybersecurity (20)

CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
Security tools
Security toolsSecurity tools
Security tools
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 Leads
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
 
DNS Abuse Handling
DNS Abuse HandlingDNS Abuse Handling
DNS Abuse Handling
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 

More from AliAlwesabi

pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...AliAlwesabi
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...AliAlwesabi
 
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...AliAlwesabi
 
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...AliAlwesabi
 
lte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdflte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdfAliAlwesabi
 
Securing the LTE Core the Road to NFV 2014.pdf
Securing the LTE Core the Road to NFV 2014.pdfSecuring the LTE Core the Road to NFV 2014.pdf
Securing the LTE Core the Road to NFV 2014.pdfAliAlwesabi
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...AliAlwesabi
 
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfeu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfAliAlwesabi
 
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfCCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfAliAlwesabi
 
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfD1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfAliAlwesabi
 
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfD2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfAliAlwesabi
 
CISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfCISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfAliAlwesabi
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresAliAlwesabi
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfAliAlwesabi
 
Guide to Network Defense Router Security
Guide to Network Defense Router SecurityGuide to Network Defense Router Security
Guide to Network Defense Router SecurityAliAlwesabi
 
DNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityDNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityAliAlwesabi
 
Intrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfIntrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfAliAlwesabi
 
ISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksAliAlwesabi
 

More from AliAlwesabi (18)

pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
pdfslide.net_ims-enabling-services-wherever-the-customer-and-whatever-the-acc...
 
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
pdfslide.net_ims-basics-standardization-ims-components-and-ip-multimedia-subs...
 
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
pdfslide.net_status-of-ims-based-next-generation-networks-for-fixed-of-ims-ba...
 
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
pdfslide.net_architectural-overview-of-ip-multimedia-subsystem-3-3gpp-ims-arc...
 
lte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdflte-design-and-deployment-strategies-zeljko-savic.pdf
lte-design-and-deployment-strategies-zeljko-savic.pdf
 
Securing the LTE Core the Road to NFV 2014.pdf
Securing the LTE Core the Road to NFV 2014.pdfSecuring the LTE Core the Road to NFV 2014.pdf
Securing the LTE Core the Road to NFV 2014.pdf
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
 
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdfeu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
 
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdfCCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
CCC-AdaptiveMobileSecurity_WhoWatchesTheWatchers_v7_FINAL.pdf
 
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdfD1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov.pdf
 
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdfD2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
D2T2 - Emmanuel Gadaix and Philippe Langlois - The SS7 Protocols.pdf
 
CISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdfCISSP -Access Control Domain knowlege.pdf
CISSP -Access Control Domain knowlege.pdf
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
 
Guide to Network Defense Router Security
Guide to Network Defense Router SecurityGuide to Network Defense Router Security
Guide to Network Defense Router Security
 
DNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS SecurityDNS Security Issues NES 554 for DNS Security
DNS Security Issues NES 554 for DNS Security
 
Intrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdfIntrusion detection and prevention systems.pdf
Intrusion detection and prevention systems.pdf
 
ISP Network Design workshops how to design networks
ISP Network Design workshops how to design networksISP Network Design workshops how to design networks
ISP Network Design workshops how to design networks
 

Recently uploaded

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 

Recently uploaded (20)

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

Foot printing as phase of Hacking in cybersecurity

  • 2. Traditional Hacking The traditional way to hack into a system the steps include: • Footprint: Get a big picture of what the network is, also called reconnaissance • Scan & Enumerate: Identify reachable hosts, services, OS/service versions • Gain Access : get into the target (exploit a vulnerability) • Escalate: get the privileged root permission • maintain access: create own credentials, backdoors, Trojans,...etc. • Exit and cleaning tracks to hide your attack from security analysts
  • 3. Environments and the Critical Information Attackers Can Identify Internet Presence Intranet Remote Access (travelling employees) Extranet (vendors and business partners)
  • 4. Internet • Domain name • Network blocks • Specific IP addresses of systems reachable via the Internet • TCP and UDP services running on each system identified • System architecture (for example, Sparc vs. x86) • Access control mechanisms and related access control lists (ACLs) • Intrusion-detection systems (IDSs) • System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames
  • 5. Intranet • Networking protocols in use (for example, IP, IPX, DecNET, and so on) • Internal domain names • Network blocks • Specific IP addresses of systems reachable via the intranet • TCP and UDP services running on each system identified • System architecture (for example, SPARC vs. x 86) • Access control mechanisms and related ACLs • Intrusion-detection systems • System enumeration (user and group names, system banners, routing tables, and SNMP information)
  • 6. Remote access • Analog/digital telephone numbers • Remote system type • Authentication mechanisms • VPNs and related protocols (IPSec and PPTP)
  • 7. Extranet • Connection origination and destination • Type of connection • Access control mechanism
  • 8. Internet Footprinting • Step 1: Determine the Scope of Your Activities • Step 2: Get Proper Authorization • Step 3: Publicly Available Information • Step 4: WHOIS & DNS Enumeration • Step 5: DNS Interrogation • Step 6: Network Reconnaissance
  • 9. Step 1: Determine the Scope of Your Activities • Entire organization • Certain locations • Business partner connections (extranets) • Disaster-recovery sites
  • 10. Step 2: Get Proper Authorization • Ethical Hackers must have authorization in writing for their activities • "Get Out of Jail Free" card • Criminals omit this step
  • 11. Step 3: Publicly Available Information • Company web pages • wget and Teleport Pro are good tools to mirror Web sites for local analysis • Look for other sites beyond "www" • Outlook Web Access • https://owa.company.com or https://outlook.company.com • Virtual Private Networks • http://vpn.company.com or http://www.company.com/vpn
  • 12. Google Hacking • Find sensitive data about a company from Google • Completely stealthy—you never send a single packet to the target (if you view the cache) • To find passwords: • intitle:"Index of" passwd passwd.bak • Collecting email addresses • allintext:email OR mail +*gmail.com filetype:txt
  • 13. Other fun searches • Nessus reports • More passwords
  • 14. Be The Bot • See pages the way Google's bot sees them
  • 15. Custom User Agents • Add the "User Agent Switcher" Firefox Extension
  • 16. Step 3: Publicly Available Information • Related Organizations • Physical Address • Dumpster-diving • Surveillance • Social Engineering • Tool: Google Earth and Google Maps Street View
  • 17. Step 3: Publicly Available Information • Phone Numbers, Contact Names, E-mail Addresses, and Personal Details • Current Events • Mergers, scandals, layoffs, etc. create security holes • Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
  • 18. Step 3: Publicly Available Information • Archived Information • The Wayback Machine • Google Cache • Disgruntled Employees
  • 19. Step 3: Publicly Available Information • Usenet • Groups.google.com • Resumes
  • 22. Step 4: WHOIS & DNS Enumeration • Two organizations manage domain names, IP addresses, protocols and port numbers on the Internet • Internet Assigned Numbers Authority (IANA; http://www.iana.org) • Internet Corporation for Assigned Names and Numbers (ICANN; http://www.icann.org) • IANA still handles much of the day-to-day operations, but these will eventually be transitioned to ICANN
  • 23. Step 4: WHOIS & DNS Enumeration • Domain-Related Searches • Every domain name, like msn.com, has a top- level domain - .com, .net, .org, etc. • If we surf to http://whois.iana.org, we can search for the authoritative registry for all of .com • .com is managed by Verisign
  • 24. Step 4: WHOIS & DNS Enumeration
  • 25. Step 4: WHOIS & DNS Enumeration • Verisign Whois • Search for mit.edu and it gives the Registrar • Whois.educause.net • Three steps: • Authoritative Registry for top-level domain • Domain Registrar • Finds the Registrant
  • 26. Step 4: WHOIS & DNS Enumeration • Automated tools do all three steps • Whois.com • Sam Spade • Netscan Tools Pro • They are not perfect. Sometimes you need to do the three-step process manually.
  • 27. Step 4: WHOIS & DNS Enumeration • Once you've homed in on the correct WHOIS server for your target, you may be able to perform other searches if the registrar allows it • You may be able to find all the domains that a particular DNS server hosts, for instance, or any domain name that contains a certain string
  • 28. Step 4: WHOIS & DNS Enumeration • How IP addresses are assigned: • The Address Supporting Organization (ASO http://www.aso.icann.org) allocates IP address blocks to • Regional Internet Registries (RIRs), which then allocate IPs to organizations, Internet service providers (ISPs), etc. • ARIN (http://www.arin.net) is the RIR for North and South America
  • 30. Step 4: WHOIS & DNS Enumeration • IP-Related Searches • To track down an IP address: • Use arin.net • It may refer you to a different database • Examples: • 147.144.1.1 • 61.0.0.2
  • 31. Step 4: WHOIS & DNS Enumeration • IP-Related Searches • Search by company name at arin.net to find IP ranges, and AS numbers • AS numbers are used by BGP (Border Gateway Protocol) to prevent routing loops on Internet routers Examples: Google, CCSF
  • 32. Step 4: WHOIS & DNS Enumeration • Administrative contact gives you name, voice and fax numbers • Useful for social engineering • Authoritative DNS Server can be used for Zone Transfer attempts • But Zone Transfers may be illegal now
  • 33. Step 4: WHOIS & DNS Enumeration • Public Database Security Countermeasures • When an administrator leaves an organization, update the registration database • That prevents an ex-employee from changing domain information • You could also put in fake "honeytrap" data in the registration
  • 34. Step 5: DNS Interrogation • Zone Transfers • Gives you a list of all the hosts when it works • Usually blocked, and maybe even illegal now • 14% of 1 million tested domains were vulnerable
  • 35. Step 5: DNS Interrogation • Determine Mail Exchange (MX) Records • You can do it on Windows with NSLOOKUP in Interactive mode
  • 37. Step 5: DNS Interrogation • DNS Security Countermeasures • Restrict zone transfers to only authorized servers • You can also block them at the firewall • DNS name lookups are UDP Port 53 • Zone transfers are TCP Port 53 • Note: DNSSEC means that normal name lookups are sometimes on TCP 53 now
  • 38. Step 5: DNS Interrogation • DNS Security Countermeasures • Attackers could still perform reverse lookups against all IP addresses for a given net block • So, external nameservers should provide information only about systems directly connected to the Internet
  • 39. Step 6: Network Reconnaissance • Traceroute • Can find route to target, locate firewalls, routers, etc. • Windows Tracert uses ICMP • Linux Traceroute uses UDP by default
  • 41. NeoTrace • NeoTrace combines Tracert and Whois to make a visual map
  • 42. Step 6: Network Reconnaissance • Firewalk uses traceroute techniques to find ports and protocols that get past firewalls • Uses low TTL values and gathers data from ICMP Time Exceeded messages • This should be even more effective with IPv6 because ICMPv6 is mandatory and cannot be blocked as well
  • 43. Step 6: Network Reconnaissance • Countermeasures • Many of the commercial network intrusion- detection systems (NIDS) and intrusion prevention systems (IPS) will detect this type of network reconnaissance • Snort – the standard IDS • Bro-IDS is another open source free NIDS
  • 44. Step 6: Network Reconnaissance • Countermeasures • You may be able to configure your border routers to limit ICMP and UDP traffic to specific systems, thus minimizing your exposure