Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.
The slides on Honeypot, a cyber security. This involves the mechanisms of defense, its system principle, and its engineering approach. This also includes the advantages and disadvantages of Honeypot
Fragments-Plug the vulnerabilities in your AppAppsecco
Appsecco presented on the common mistakes that developers make when building mobile apps.
This session covered how these mistakes make your app vulnerable to attack and abuse? How an attacker perceives security of mobile app?
https://youtu.be/EzC86gWVPZk
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.
The slides on Honeypot, a cyber security. This involves the mechanisms of defense, its system principle, and its engineering approach. This also includes the advantages and disadvantages of Honeypot
Fragments-Plug the vulnerabilities in your AppAppsecco
Appsecco presented on the common mistakes that developers make when building mobile apps.
This session covered how these mistakes make your app vulnerable to attack and abuse? How an attacker perceives security of mobile app?
https://youtu.be/EzC86gWVPZk
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
This is the presentation from Null/OWASP/g4h Bangalore December MeetUp by Vandana Verma.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Outline:
Security news from November and December 2014.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Internet of things security multilayered method for end to end data communi...Akash AR
Internet of things security -multilayered method for end to end data communications over cellular networks.
This is a seminar topic on iot security.Multilayered method for data communication is described here
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
With company-issued, IT-controlled laptops, IT has traditionally had the option to lock down the operating system to prevent the installation of potentially insecure or non-approved applications.
Inadequate Security Practices Expose Key NASA Network to Cyber AttackBill Duncan
Remote attackers using the Internet could seize control of servers on NASA's agency-wide mission networks that guide spacecraft, potentially causing havoc with America's space missions, the space agency's inspector general said in a new report.
The audit - Inadequate Security Practices Expose Key NASA Network to Cyberattack - didn't link any specific mission to specific vulnerabilities, but did mention that the NASA mission network is widely distributed and hosts more than 190 IT systems and projects run by the agency's mission directorates and Jet Propulsion Laboratory, including the Hubble space telescope, space shuttle and international space station and the Cassini and lunar reconnaissance orbiters.
Final Year Engineering Internship Report for Internship at Siemens Information Systems Ltd. Project : Network Intrusion Detection And Prevention Using Snort And Iptables
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
A CEH (Certified Ethical Hacker) is a professional who typically works within a Red Team environment. A Certified Ethical Hacker’s focus must be on attacking systems and accessing applications, networks, databases, or other crucial data on the secured systems.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
This is the presentation from Null/OWASP/g4h Bangalore December MeetUp by Vandana Verma.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Outline:
Security news from November and December 2014.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Internet of things security multilayered method for end to end data communi...Akash AR
Internet of things security -multilayered method for end to end data communications over cellular networks.
This is a seminar topic on iot security.Multilayered method for data communication is described here
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
With company-issued, IT-controlled laptops, IT has traditionally had the option to lock down the operating system to prevent the installation of potentially insecure or non-approved applications.
Inadequate Security Practices Expose Key NASA Network to Cyber AttackBill Duncan
Remote attackers using the Internet could seize control of servers on NASA's agency-wide mission networks that guide spacecraft, potentially causing havoc with America's space missions, the space agency's inspector general said in a new report.
The audit - Inadequate Security Practices Expose Key NASA Network to Cyberattack - didn't link any specific mission to specific vulnerabilities, but did mention that the NASA mission network is widely distributed and hosts more than 190 IT systems and projects run by the agency's mission directorates and Jet Propulsion Laboratory, including the Hubble space telescope, space shuttle and international space station and the Cassini and lunar reconnaissance orbiters.
Final Year Engineering Internship Report for Internship at Siemens Information Systems Ltd. Project : Network Intrusion Detection And Prevention Using Snort And Iptables
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
A CEH (Certified Ethical Hacker) is a professional who typically works within a Red Team environment. A Certified Ethical Hacker’s focus must be on attacking systems and accessing applications, networks, databases, or other crucial data on the secured systems.
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
Internet Relay Chat, or IRC, is a protocol that allows users that connect to Internet Relay Chat Servers to have conversation with others in real time. Users connect to IRC Servers using an IRC Client. Commercial chat client’s like yahoo! and google chat are quite popular in wide use. To other chat clients were worth exploring. These tools are arguably better suited for criminal activity. IRC is one such tool. There are basically two options available to investigators involved in an IRC occurrence. They can look at log files on servers or clients or they can monitor transmission directly. In this paper we have been using X Chat application for the IRC Forensic Investigation. We capture the IRC Client’s packets and analyze that packets.
Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others. We created and maintain Security
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
Security? It's simple. We have Security Team... Security of our environment, application, development it's their security. We follow Best Practices, we implementing their's suggestions (or not...).
But maybe today, in June 2018, where GDPR is a fact, we should look a little bit more in details for the security aspects. Well know and less known risks, vulnerability assessments, secure coding, secure testing,
Let's discuss: SEC/DEV/OPS/SDLC/OSSTMM/OWASP/ITIL and few other acronyms. Use freely available knowledge and specially prepared environment to check and test our security before we touch out Visual Studio, PowerShell, CLI, Visual Studio Code, or even JSON. Be #SecureByDesign
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
1. IT Security & Ethical Hacking
“FOOTPRINTING”
BY
Er. Mujmmil Shaikh
2. Appin Tech 2011
Table of Content
1. Introduction.
2. Why Footprinting Necessary?
3. Areas & Information which attackers seek.
4. Information Gathering Methodology.
5. Competitive Intelligence Gathering.
6. Footprinting Tools.
7. Who is Tools?
8. DNS Information Extraction Tools.
9. Locating Network Range.
10. E-mail Spiders.
11. Locating Network Activity.
12. Search Engines.
13. How to Fake Websites?
14. Summary.
ER.MUJMMIL SHAIKH
3. Appin Tech 2011
Introduction
Footprinting is the blueprint of the security profile
of an organization, undertaken in a methodological manner.
Footprinting is one of
the three pre attack phases; an attacker spends 90% of the
time in profiling an organization and another 10% in
launching the attack.
Footprinting results in a unique organization profile
with respect to Networks (Internet/intranet/extranet/wireless)
and systems involved.
Why Footprinting Necessary?
Footprinting is necessary to systematically and methodically
Ensure that all pieces of information related to the aforementioned
technologies are identified.
Footprinting is often the most difficult task to
determine the security posture of an entity.
ER.MUJMMIL SHAIKH
4. Appin Tech 2011
Areas and information which attackers seek
INFORMATION GATHERING
1. Information Gathering Methodology
Unearth initial information.
Locate the network range.
Ascertain active machines.
Discover open ports/access points.
Detect operating systems.
Uncover services on ports.
Map the network.
ER.MUJMMIL SHAIKH
5. Appin Tech 2011
2. Passive Information Gathering
Passive Information Gathering means
To understand the current security status of a particular
information system, organizations perform either a penetration
testing or other hacking techniques.
It is done by finding out
the freely available details over the internet and by various other
techniques without coming in contact with the organizations
servers.
Organizational and other informative websites are
exceptions as the information gathering activities carried out by an
attacker do not raise suspicion.
COMPETITIVE INTELLIGENCE GATHERING
Business moves fast. Product cycles are measured in
months, not years. Partners become rivals quicker than you can say
„breach of contract.‟ So how can you possibly hope to keep up
with your competitors if you can‟t keep an eye on them?
It is the process
of gathering information about your competitors from resources
such as the internet. The competitive intelligence is non-interfering
and subtle in nature. It is both a product and a process.
ER.MUJMMIL SHAIKH
7. Appin Tech 2011
Competitive intelligence tool:
1. Trellian
Trellian compiles and analyzes internet usage statistics
to create a powerful competitive intelligence tool that no business
should be without
ER.MUJMMIL SHAIKH
11. Appin Tech 2011
5. My Reputation.
My Reputation finds out everything that is being said
about you online and gets rid of the content you do not like.
Public & private websites
ER.MUJMMIL SHAIKH
12. Appin Tech 2011
FOOTPRINTING TOOLS
1. Big Brother
Big brother is designed to see how network is
performing in near real-time from any web browser. It
displays status information as web pages or
WML pages for WAP-enabled devices.
Big brother uses a client-server
architecture combined with methods which push and pull
data. Network testing is done by polling all monitored
services from a single machine, and reporting these results
to a central location (BBDISPLAY).
Big brother include support for
testing ftp,http,https,smtp,pop3,dns,telnet,imap,nntp and ssh
servers.
Screenshot:-
ER.MUJMMIL SHAIKH
13. Appin Tech 2011
2. Bile Suite
3. Alchemy Network Tool.
ER.MUJMMIL SHAIKH
14. Appin Tech 2011
4. Advanced Administrative Tool (AA)
5. My IP Suite
ER.MUJMMIL SHAIKH
21. Appin Tech 2011
7. Web Data Extractor Tool.
8. Online Whois Tools.
ER.MUJMMIL SHAIKH
22. Appin Tech 2011
DNS INFORMATION EXTRACTION TOOLS
1. Spider Foot.
Spider foot is a free, open-source, and domain
foot printing tool which will scrape the websites on that
domain, as well as search Google, Netcraft, Whois, and
DNS to build up information like:
Sub domains.
Affiliates.
Web server versions.
Users.
Similar Domains.
Email Addresses.
Net blocks.
Screenshot:-
ER.MUJMMIL SHAIKH
28. Appin Tech 2011
LOCATING NETWORK RANGE
1. Commonly includes:
Finding the range of IP addresses.
Discerning the subnet mask.
2. Information Sources:
ARIN (American registry of internet
Numbers).
Trace route.
3. Hacking Tool:
NeoTrace.
Visual Route.
ARIN
Arin allows searches on the whois database to locate
information on a network‟s autonomous system numbers
(ASNs), network-related handles, and other related point of
contact (POC).
ARIN whois allows querying the IP
address to find information on the strategy used for subnet
Addressing.
ER.MUJMMIL SHAIKH
29. Appin Tech 2011
Trace route
Trace route works by exploiting a feature of the internet
protocol called TTL or Time to Live.
Trace route reveals the path IP packets travel between
two systems by sending out consecutive sets
Of UDP or ICMP packets with ever increasing TTLs.
As each router processes an IP packet, it
decrements the TTL, when the TTL reaches zero, that router sends back a
“TTL exceeded” message (Using ICMP) to the originator. Routers with
reverse DNS entries may reveal the name of routers, network affiliation, and
geographic location.
Screenshot:-
ER.MUJMMIL SHAIKH
30. Appin Tech 2011
Trace Route Analysis
It is a program that can be used to determine the path
from source to destination. By using this information, an attacker
determines the layout of a network and the location of each device.
For example: after running several trace routes, an attacker
might obtain the following information.
Trace route 1.10.10.20, second to last hop is 1.10.10.1.
Trace route 1.10.20.10, third to last hop is 1.10.10.1.
Trace route 1.10.20.10, second to last hop is 1.10.10.50.
Trace route 1.10.20.15, third to last hop is 1.10.10.1.
Trace route 1.10.20.15, second to last hop is 1.10.10.50.
ER.MUJMMIL SHAIKH
31. Appin Tech 2011
E-MAIL SPIDERS
Have you ever wondered how spammers generate a huge
mailing database? They pick tons of e-mail addresses by searching
in the internet. All they need is a web spidering tool picking up e-
mail addresses and storing them to a database. If these tools run the
entire night, they can capture hundreds of thousands of e-mail
addresses.
Power E-mail Collector Tool
o It is a powerful email address harvesting program.
o It can collect up to 750,000 unique valid email
addresses per hour with a cable/Dsl.
o It only collects valid email addresses.
o You do not have to worry about ending up with
undeliverable addresses.
ER.MUJMMIL SHAIKH
32. Appin Tech 2011
LOCATING NETWORK ACTIVITY
1. GEO Spider Tool
GEO spider helps you to detect, identify, and monitor
your network activity on the world map. You can see
website‟s IP address location on the earth. Geo spider
can trace a domain name.
ER.MUJMMIL SHAIKH
33. Appin Tech 2011
2. Geo where tool.
Geo where handles many popular news groups to find answers to your
queries in an easy and fast manner. it can also seek information from
country specific search engines for better results.
Use Geo where to footprint an organizations:
News groups search
Mailing list finder
Easy web search
Daily news
ER.MUJMMIL SHAIKH
34. Appin Tech 2011
SEARCH ENGINES
A web search engine is designed to search for information on the World
Wide Web and FTP servers. The search results are generally presented in a list of
results and are often called hits. The information may consist of web pages,
images, information and other types of files.
Some search engines also mine data available in databases or open
directories. Unlike Web directories, which are maintained by human editors, search
engines operate algorithmically or are a mixture of algorithmic and human input. A
new type of search engine has recently been launched where an individual can own
keywords and profit from that relationship.
1. Kartoo Search Engine.
2. Dogpile Search Engine.
Search Engine List
1. 20SEARCH
2. ALL THE WEB
3. ALTA VISTA
4. AOL SEARCH
5. ASK JEEVES
6. DOGPILE
7. EBAY
8. EXCITE
9. GIGABLAST
10.GOOGLE
11.IWON
12.JOEANT
13.LYCOS
14.MAMMA
15.MSN
16.NETSCAPE
17.OPEN DIRECTORY
18.WEBCRAWLER
19.WIKIPEDIA
20.YAHOO
ER.MUJMMIL SHAIKH
35. Appin Tech 2011
How to fake websites?
Website spoofing
Website spoofing is the act of creating a website, as a hoax, with the
intention of misleading readers that the website has been created by a different
person or organization. Another meaning for spoof is fake websites. Normally, the
website will adopt the design of the target website and sometimes has a similar
URL.
Another technique is to use a 'cloaked' URL. By using domain forwarding,
or inserting control characters, the URL can appear to be genuine while concealing
the address of the actual website. The objective may be fraudulent, often associated
with phishing or e-mail spoofing, or to criticize or make fun of the person or body
whose website the spoofed site purports to represent.
Steps to create fake login pages:
1. Open any form building website (www.xyz.com) & sign up.
2. Login with newly registered account.
3. Click > create first form.
4. Delete all pre-defined entries and just leave „first name‟.
5. Click > first name & click > power tool option.
6. Double click > password Box.
7. Click the newly form password entry to rename it as „password‟.
8. Click > properties option.
9. Give any title to the form.
10.Put any link.
11.Open source code option.
12.Code is save “.html” Format.
13.Using free hosting website upload file.
ER.MUJMMIL SHAIKH