Pentest: footprinting & scan

•

2 likes•201 views

The document discusses footprinting and scanning in penetration testing. It defines penetration testing as assessing vulnerabilities of a computer system or network. Footprinting is the process of collecting information about a target through methods like website analysis, email harvesting, network mapping, and social engineering. Scanning identifies live hosts, open ports, running services, system architecture, and potential vulnerabilities on a network. Common scanning tools and types of scans are also outlined.

Technology

Footprinting and Scan in
Pentest
P r e s e n t e d b y S O R O
JUNIOR SORO E-mail: soronijunior@gmail.com

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 2
1. What is Pentest ?
2. What is
Footprinting ?
3. What is Scan ?
Plan
2

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
3

Penetration
Test
4
1 . W h a t i s P e n t e s t ?

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
5

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Reduce
Attack area
after the
footprinting
Find
vulnerabili
ties and
exploits on
network,
system
Determine
the
operating
system
used,
plateform
running,
web server
versions..
Identifying
various
ways in
organisation
network
system
Process of
collecting as
much
information
as possible
Oracle Confidential – Internal/Restricted/Highly Restricted 6
3
2 . W h a t i s Fo o t p r i n t i n g ? 6

8
Footprinting
Tools
N E T C R A F T
2 . W h a t i s Fo o t p r i n t i n g ? 8
N M A P
B U R P
S U I T E
G O O G L E
M A L T E G O
S O C I A L
N E T W O R K
O T H E R

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 98

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |3 . W h a t i s S c a n ?
 live hosts,
 IP adress,
 Open ports,
 system architecture,
 Services running,
 vulnerabilities
10

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 11Confidential – Oracle Internal/Restricted/Highly Restricted 11Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Entreprises Data Base Network
New
Now
Port Scan
Network Scan
Vulnerabilities Scan
Other Scan
TYPES OF SCAN
33 . W h a t i s S c a n ? 11

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential 1
SCAN TOOLS
3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 7
Simplify access
to all Informations
Quickly
Govern and
secure all ports,
services
3 . W h a t i s S c a n ?
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 6
TOOLS – MORE USING
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
DO A
GOOD
SCAN
BURP SUITEZAP
NETSPARKER
12

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
• TimeThank you for your
13 13
JUNIOR SORO E-mail: soronijunior@gmail.com

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 14
Footprinting and Scan in Pentest
P r e s e n t e d b y S O R O
End
JUNIOR SORO E-mail: soronijunior@gmail.com

It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss. (Source: RSA USA 2016-San Francisco)

Introduction to the advanced persistent threat and hactivism

Global Micro Solutions

ShadyRAT: Anatomy of targeted attack

Vladyslav Radetsky

Removable Disk Hacking for Fun and Profit

Rungga Reksya Sabilillah

Combating Advanced Persistent Threats with Flow-based Security Monitoring

Lancope, Inc.

Shadow IT

Risk Analysis Consultants, s.r.o.

Gunadarma workshop security

Rungga Reksya Sabilillah

Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.

Network Attack and Intrusion Prevention System

Deris Stiawan

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.

Csc520 you are a senior level employee and you must tailor your deliverables ...

leonardjonh145

Developing A Cyber Security Incident Response Program

BGA Cyber Security

Network security

سودان وب لأمن المعلومات

Advanced persistent threat (apt)mmubashirkhan

Security protection On banking systems using ethical hacking.

Rishabh Gupta

Mobile Penetration Testing: Episode III - Attack of the Code

NowSecure

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...

Brian Kelly

Rick Holland of Forrester Research shares the results of his investigation into why targeted attacks on employees of businesses are increasing despite there being more information security products than ever. Presented by Duo Security  with guests Forrester Research and University of Tennessee, Knoxville Agenda and Presenters * How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication Rick Holland, Principal Analyst,  Forrester Research * How Duo Helps You Avoid “Expense In Depth” Brian Kelly, Principal Product Marketing Manager , Duo Security * A Case for Multi-factor Authentication Bob Hillhouse, Associate CIO and CISO  University of Tennessee, Knoxville

Secure Coding for Java - An Introduction

Sebastien Gioria

IPS Best Practices

Heather Axworthy

EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?

ITpreneurs

EC-Council Certified Ethical Hacker (CEH) program is the worlds most advanced ethical hacking course. Help information security professionals master hacking technologies. They will become a hacker, but an ethical one! ITpreneurs has formed a partnership with EC-Council to provide a diverse portfolio of IT Security training and certifications in the Middle East (Kingdom of Saudi Arabia, United Arab Emirates, Kuwait, Oman, Bahrain, Qatar, Lebanon, Jordan) and Turkey. EC Council (International Council of E-Commerce Consultants) is one of the world’s largest certification bodies for information security professionals and e-business. ITpreneurs partners can provide unique offerings to help their clients in these countries to manage the emerging challenges posed by cyber security related threats. Contact us today on info@itpreneurs.com and find out how you can bring EC-Council training to your clients.

The Next Generation Security

Cybera Inc.

Ethical Hacking & Penetration Testingecmee

Demo intelligent user experience with oracle mobility for publishing

Vasily Demin

Oracle Management Cloud

Fabio Batista

What's hot

How to assign a CVE to yourself?

Ramin Farajpour Cami

Future Prediction: Network Intrusion Detection System in the cloud

Sedthakit Prasanphanich

Hunting The Shadows: In Depth Analysis of Escalated APT Attacks

F _

Penetration and hacking training brief

Bill Nelson

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...

Luigi Delgrosso

Security Intelligence: Advanced Persistent Threats

Peter Wood

Network Attack and Intrusion Prevention System

Deris Stiawan

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

MITRE - ATT&CKcon

Csc520 you are a senior level employee and you must tailor your deliverables ...

leonardjonh145

Developing A Cyber Security Incident Response Program

BGA Cyber Security

Network security

سودان وب لأمن المعلومات

Advanced persistent threat (apt)mmubashirkhan

Security protection On banking systems using ethical hacking.

Rishabh Gupta

Mobile Penetration Testing: Episode III - Attack of the Code

NowSecure

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...

Brian Kelly

Secure Coding for Java - An Introduction

Sebastien Gioria

IPS Best Practices

Heather Axworthy

EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?

ITpreneurs

The Next Generation Security

Cybera Inc.

Ethical Hacking & Penetration Testingecmee

What's hot (20)

How to assign a CVE to yourself?

Future Prediction: Network Intrusion Detection System in the cloud

Hunting The Shadows: In Depth Analysis of Escalated APT Attacks

Penetration and hacking training brief

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...

Security Intelligence: Advanced Persistent Threats

Network Attack and Intrusion Prevention System

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

Csc520 you are a senior level employee and you must tailor your deliverables ...

Developing A Cyber Security Incident Response Program

Network security

Advanced persistent threat (apt)

Security protection On banking systems using ethical hacking.

Mobile Penetration Testing: Episode III - Attack of the Code

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...

Secure Coding for Java - An Introduction

IPS Best Practices

EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?

The Next Generation Security

Ethical Hacking & Penetration Testing

Similar to Pentest: footprinting & scan

Demo intelligent user experience with oracle mobility for publishing

Vasily Demin

Oracle Management Cloud

Fabio Batista

eProseed Oracle Open World 2016 debrief - Oracle Management Cloud

Marco Gralike

Splunk for ITOA Breakout Session

Splunk

A5 cloud security_now_a_reason_to_move_to_the_cloud

Dr. Wilfred Lin (Ph.D.)

Jfokus 2017 Oracle Dev Cloud and Containers

Mika Rinne

Are You Vulnerable to IP Telephony Fraud and Cyber Threats?

Carl Blume

David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...

Government Technology and Services Coalition

Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment Presenter: David Knox, Vice President of National Security Solutions, Oracle Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.

Oracle Management Cloud - HybridCloud Café - May 2016

Bastien Leblanc

Oracle Cloud Café hybrid Cloud 19 mai 2016

Sorathaya Sirimanotham

BGOUG 2014 Decrease Your MySQL Attack Surface

Georgi Kodinov

Ch07.ppt

ImXaib

Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud

MarketingArrowECS_CZ

Survey Presentation About Application Security

Nicholas Davis

20190615 hkos-mysql-troubleshootingandperformancev2

Ivan Ma

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements

Olivier DASINI

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data by enabling data-at-rest encryption in the database. It protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and numerous others. MySQL Enterprise Audit provides an easy to use, policy-based auditing solution that helps organizations implement stronger security controls and satisfy regulatory compliance. As more sensitive data is collected, stored and used online, database auditing becomes an essential component of any security strategy. To guard against the misuse of information, popular compliance regulations including HIPAA, Sarbanes-Oxley, and the PCI Data Security Standard require organizations to track access to information. MySQL Enterprise Firewall guards against cyber security threats by providing real-time protection against database specific attacks. Any application that has user-supplied input, such as login and personal information fields is at risk. Database attacks don't just come from applications. Data breaches can come from many sources including SQL virus attacks or from employee misuse. Successful attacks can quickly steal millions of customer records containing personal information, credit card, financial, healthcare or other valuable data. MySQL Enterprise Masking and De-identification provides an easy to use, built-in database solution to help organizations protect sensitive data from unauthorized uses by hiding and replacing real values with substitutes. MySQL Enterprise Edition provides ready to use external authentication modules to easily integrate existing security infrastructures, including Linux Pluggable Authentication Modules (PAM) and Windows Active Directory.

The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era

Luca Martelli

Data, People and Software security: how does them relate to the GDPR security principles? In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.

10 Razões para Usar MySQL em Startups

MySQL Brasil

O MySQL é o banco de dados open source mais popular do mundo, usado em grandes websites como Facebook, Youtube, Twitter, Globo.com e também em aplicações mobile e embarcadas. Um fato que surpreende é que estes grandes websites desde seus primórdios se apoiam no MySQL como principal tecnologia de armazenamento de dados. No Vale do Silício (EUA), o MySQL continua forte e crescendo em popularidade. Nesta palestra destacaremos os principais motivos que levam as Start Ups Web a utilizar o MySQL, além de apresentar um guia prático de como começar a desenvolver com MySQL.

Cisco CSIRT Case Study: Forensic Investigations with NetFlow

Lancope, Inc.

Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day. Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System. Participants will learn how to use NetFlow and the StealthWatch System to: Investigate top use cases: C&C discovery, data loss and DOS attacks Gain contextual awareness of network activity Accelerate incident response Minimize costly outages and downtime from threats Protect the evolving network infrastructure Provide forensic evidence to prosecute adversaries

Threat Modeling for the Internet of Things

Eric Vétillard

Similar to Pentest: footprinting & scan (20)

Demo intelligent user experience with oracle mobility for publishing

Oracle Management Cloud

eProseed Oracle Open World 2016 debrief - Oracle Management Cloud

Splunk for ITOA Breakout Session

A5 cloud security_now_a_reason_to_move_to_the_cloud

Jfokus 2017 Oracle Dev Cloud and Containers

Are You Vulnerable to IP Telephony Fraud and Cyber Threats?

David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...

Oracle Management Cloud - HybridCloud Café - May 2016

Oracle Cloud Café hybrid Cloud 19 mai 2016

BGOUG 2014 Decrease Your MySQL Attack Surface

Ch07.ppt

Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud

Survey Presentation About Application Security

20190615 hkos-mysql-troubleshootingandperformancev2

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements

The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era

10 Razões para Usar MySQL em Startups

Cisco CSIRT Case Study: Forensic Investigations with NetFlow

Threat Modeling for the Internet of Things

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

The Future of Platform Engineering

Jemma Hussein Allen

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

DevOps and Testing slides at DASA Connect

Kari Kakkonen

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

When stars align: studies in data quality, knowledge graphs, and machine lear...

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

The Future of Platform Engineering

The Art of the Pitch: WordPress Relationships and Sales

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Bits & Pixels using AI for Good.........

Securing your Kubernetes cluster_ a step-by-step guide to success !

Elevating Tactical DDD Patterns Through Object Calisthenics

UiPath Test Automation using UiPath Test Suite series, part 3

GraphRAG is All You need? LLM & Knowledge Graph

DevOps and Testing slides at DASA Connect

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Assure Contact Center Experiences for Your Customers With ThousandEyes

Quantum Computing: Current Landscape and the Future Role of APIs

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

Pentest: footprinting & scan

1. Footprinting and Scan in Pentest P r e s e n t e d b y S O R O JUNIOR SORO E-mail: soronijunior@gmail.com

4. Penetration Test 4 1 . W h a t i s P e n t e s t ?

6. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Reduce Attack area after the footprinting Find vulnerabili ties and exploits on network, system Determine the operating system used, plateform running, web server versions.. Identifying various ways in organisation network system Process of collecting as much information as possible Oracle Confidential – Internal/Restricted/Highly Restricted 6 3 2 . W h a t i s Fo o t p r i n t i n g ? 6

7. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Reduce Attack area after the footprinting Find vulnerabili ties and exploits on network, system Determine the operating system used, plateform running, web server versions.. Identifying various ways in organisation network system Process of collecting as much information as possible Oracle Confidential – Internal/Restricted/Highly Restricted 7 3  Website Footprinting  Email Footprinting 2 . W h a t i s Fo o t p r i n t i n g ? 6  Network Footprinting  Social Ingineering  Footprinting using Google  Competitive intelligence  WHOIS Footprinting  DNS Footprinting  Online Service of Footprinting TYPES OF FOOTPRINTING

8. 8 Footprinting Tools N E T C R A F T 2 . W h a t i s Fo o t p r i n t i n g ? 8 N M A P B U R P S U I T E G O O G L E M A L T E G O S O C I A L N E T W O R K O T H E R

10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |3 . W h a t i s S c a n ?  live hosts,  IP adress,  Open ports,  system architecture,  Services running,  vulnerabilities 10

11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 11Confidential – Oracle Internal/Restricted/Highly Restricted 11Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Entreprises Data Base Network New Now Port Scan Network Scan Vulnerabilities Scan Other Scan TYPES OF SCAN 33 . W h a t i s S c a n ? 11

12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential 1 SCAN TOOLS 3 Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 7 Simplify access to all Informations Quickly Govern and secure all ports, services 3 . W h a t i s S c a n ? Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 6 TOOLS – MORE USING Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | DO A GOOD SCAN BURP SUITEZAP NETSPARKER 12

14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 14 Footprinting and Scan in Pentest P r e s e n t e d b y S O R O End JUNIOR SORO E-mail: soronijunior@gmail.com

Pentest: footprinting & scan

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Pentest: footprinting & scan

Similar to Pentest: footprinting & scan (20)

Recently uploaded

Recently uploaded (20)

Pentest: footprinting & scan