Presentation is loading. Please wait.

Presentation is loading. Please wait.

This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.

Published byFranklin Rhoades Modified over 9 years ago

Similar presentations

Presentation on theme: "This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology."— Presentation transcript:

1 This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology of Hackers  Competitive Intelligence gathering  Tools that aid in Footprinting  Footprinting steps Agenda

2 Defining Footprinting  Footprinting is the blueprint of the security profile of an organization, undertaken in a methodological manner  Footprinting is one of the three pre- attack phases. The others are scanning and enumeration  An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack  Footprinting results in a unique organization profile with respect to networks (Internet/ intranet/extranet/wireless) and systems involved

3 Information Gathering Methodology  Unearth initial information  Locate the network range  Ascertain active machines  Discover open ports/access points  Detect operating systems  Uncover services on ports  Map the network

4 Unearthing Initial Information  Commonly includes:  Domain name lookup  Locations  Contacts (telephone / mail)  Information sources:  Open source  Whois  Nslookup  Hacking tool  Sam Spade

5  Search for a company’s URL using a search engine such as www.google.com www.google.com  Type the company’s name in the search engine to get the company URL  Google provides rich information to perform passive reconnaissance  Check newsgroups, forums, and blogs for sensitive information regarding the network Finding a Company’s URL

6  By taking a guess, you may find an internal company URL  You can gain access to internal resources by typing an internal URL  For example:  beta.xsecurity.com  customers.xsecurity.com  products.xsecurity.com  Partners.xsecurity.com  Intranet.xsecurity.com  Asia.xsecurity.com  Namerica.xsecurity.com  Samerica.xsecurity.com  Japan.xsecurity.com  London.xsecurity.com  Hq.xsecurityc.om  Finance.xsecurity.com  www2.xsecurity.com  www3.xsecurity.com Internal URL

7  You can get information on a company website since its launch at www.archive.orgwww.archive.org  For example: www.microsoft.com  You can see updates made to the website  You can look for employee database, past products, press releases, contact information, and more Extracting Archive 0f a Website

8  Using Google, search company news and press releases  From this information, get the company’s infrastructure details Google Search for Company’s Info.

9  You can find personal information using  Facebook  Linkedin  Twitter  Tumblr  Spokeo  Tineye  You can get details like residential addresses, contact numbers, date of birth, and change of location  You can get satellite pictures of private residences People Search

10 People Search Website

11 Polls

12  You can gather company infrastructure details from job postings  Look for company infrastructure postings such as “looking for system administrator to manage Solaris 10 network”  This means that the company has Solaris networks on site  E.g., www.jobsdb.comwww.jobsdb.com Footprinting Through Job Sites  Job requirements  Employee profile  Hardware information  Software information

13 Footprinting Through Job Sites

14 “Business moves fast. Product cycles are measured in months, not years. Partners become rivals quicker than you can say ‘breach of contract.’ So how can you possibly hope to keep up with your competitors if you can't keep an eye on them?”  Competitive intelligence gathering is the process of gathering information about your competitors from resources such as the Internet  The competitive intelligence is non-interfering and subtle in nature  Competitive intelligence is both a product and a process Competitive Intelligence Gathering

15  Compare your products with that of your competitors’ offerings  Analyze your market positioning compared to the competitors  Pull up list of competing companies in the market  Extract salesperson’s war stories on how deals are won and lost in the competitive arena  Produce a profile of CEO and the entire management staff of the competitor  Predict their tactics and methods based on their previous track record Why Do You Need Competitive Intelligence?

16  A company might maintain public and private websites for different levels of access  Footprint an organization’s public www servers  Example:  www.xsecurity.com www.xsecurity.com  www.xsecurity.net www.xsecurity.net  www.xsecurity.net www.xsecurity.net  Footprint an organization’s sub domains (private)  Example:  http://partners.xsecurity.com http://partners.xsecurity.com  http://intranet.xsecurity.com http://intranet.xsecurity.com  http://channels.xsecurity.com http://channels.xsecurity.com  http://www2.xsecurity.com http://www2.xsecurity.com Public and Private Websites

17  With whois lookup, you can get personal and contact information  For example, www.samspade.com Whois Lookup

18 Whois Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name: targetcompany.COM Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Administrative Contact: Surname, Name (SNIDNo-ORG) targetcompany@domain.com targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Technical Contact: Surname, Name (SNIDNo-ORG) targetcompany@domain.com targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX

19 Locate the Network Range  Commonly includes:  Finding the range of IP addresses  Discerning the subnet mask  Information Sources:  ARIN (American Registry of Internet Numbers)  Traceroute  Hacking Tool:  NeoTrace  Visual Route

20  Information gathering phase can be categorized broadly into seven phases  Footprinting renders a unique security profile of a target system  Whois and ARIN can reveal public information of a domain that can be leveraged further  Traceroute and mail tracking can be used to target specific IP, and later for IP spoofing  Nslookup can reveal specific users, and zone transfers can compromise DNS security Summary

21 Thank You! Stick around for Raffle & Q&As

Download ppt "This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology."

Similar presentations

Module II Footprinting

Module II Footprinting
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Mine Action Information Center

Mine Action Information Center
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
CSC586 Network Forensics IP Tracing/Domain Name Tracing.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.

Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
MIS 5211.001 Week 3 Site:

MIS Week 3 Site:
Jamie Bratten, President & CEO Joe Wagner, Director Business Development Using Business Intelligence To WIN.

Jamie Bratten, President & CEO Joe Wagner, Director Business Development Using Business Intelligence To WIN.
EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

Similar presentations

Ads by Google