Upload File

module 3 – information gathering

16
Module 3 – Information Gathering Phase II Controls Assessment Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access Cover the Tracks Heorot.net

Upload: adolfo

Post on 14-Jan-2016

54 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

Module 3 – Information Gathering. Phase II  Controls Assessment  Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access Cover the Tracks. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Module 3 – Information Gathering

Module 3 – Information Gathering

Phase II Controls Assessment Scheduling

○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks

Heorot.net

Page 2: Module 3 – Information Gathering

Information Gathering

Locate the target Web presence

Examine the target using search engines

Search Web groups Search employee personal

Web sites Search Security & Exchange

Commission and finance sites Search uptime statistics sites Search system/network survey

sites Search on P2P networks

Search on Internet Relay Chat (IRC)

Search job databases Search newsgroups (NNTP) Gain information from domain

registrar Check for reverse DNS lookup

presence Check more DNS information Check Spam database lookup Check to change WHOIS

information

Heorot.net

Page 3: Module 3 – Information Gathering

Information Gathering

IMPORTANT!! This phase does not

involve “touching” the target

Information gathered may not be “Public Domain”

Tools:FirefoxDogpile.comAlexa.orgArchive.org

Document, document, document…Screenshots, screenshots, screenshots…

Heorot.net

Page 4: Module 3 – Information Gathering

Information Gathering

What to Document…

Website Address Web Server Type Server Locations Dates Listed Date Last Modified Web Links Internal Web Links External Web Server Directory Tree Technologies Used Encryption standards Web-Enabled Languages

Form Fields Form Variables Method of Form Postings Keywords Used Company contactability Meta Tags Comments Noted e-commerce Capabilities Services Offered on Net Products Offered on Net Features

Heorot.net

Page 5: Module 3 – Information Gathering

Information Gathering

Locate the target Web presenceCool tool called “nmap”

Heorot.net

Page 6: Module 3 – Information Gathering

Information Gathering

Examine the target using search engines

Rank 53,545 / Linking In: 2,415

Heorot.net

Page 7: Module 3 – Information Gathering

Information Gathering

Examine the target using search engines

Heorot.net

Page 8: Module 3 – Information Gathering

Information Gathering

Dates Listed / Modified

Heorot.net

Page 9: Module 3 – Information Gathering

Information Gathering

Search Web groups

Heorot.net

Page 10: Module 3 – Information Gathering

Information Gathering

Search newsgroups (NNTP)

http://freenews.maxbaud.net

Heorot.net

Page 11: Module 3 – Information Gathering

Information Gathering

Gain information from domain registrar Check to change WHOIS information

Heorot.net

Page 12: Module 3 – Information Gathering

Information Gathering

Check for reverse DNS lookup presence Check more DNS information

DNS

ReverseDNS

http://www.dnswatch.infoHeorot.net

Page 13: Module 3 – Information Gathering

Information Gathering

Why care about Reverse DNS?

Insecure.org

seclists.org

Heorot.net

Page 14: Module 3 – Information Gathering

Information Gathering

Check Spam database lookup

http://www.dnsbl.info

Heorot.net

Page 15: Module 3 – Information Gathering

Information Gathering

Search employee personal Web sites Search Security & Exchange Commission

and finance sites Search uptime statistics sites Search system/network survey sites Search on P2P networks Search on Internet Relay Chat (IRC) Search job databases

Heorot.net

Page 16: Module 3 – Information Gathering

Module 3 – Conclusion

Information Gathering What to Document Not “touching” the target Information may not be “Public Domain”

Heorot.net


GATHERING INVESTMENT INFORMATION

Modern information information gathering gathering

Planning, Execution, & Information Gathering

Owasp modern information gathering

Mis gathering information

Resume Information Gathering

Slide Handouts: Instruction – Gathering the Information Part 3 · RPMs | Module 6 Instruction • Gathering the Information Part 3 • Slide Notes . Page 6 of 22 Slide notes . To

Information Gathering With Google

Information gathering interactive methods

Gathering Marketing Information

Assessment Training for Information Gathering Information... ·  · 2010-08-16Information Gathering Primary Data Gathering Techniques. ... • Snowball sampling • Interviewing

information-gathering conformism

Information Gathering - Islamic University of Gazasite.iugaza.edu.ps/...Lab3_Information_Gathering.pdf · Information Gathering Objectives To be familiar with information gathering

Lab 4. Information Gathering and Information Sniffingfac.ksu.edu.sa/sites/default/files/lab_4_-_information... · 2018. 2. 18. · What is Information Gathering? • Information Gathering

Module 5 – Vulnerability Identification Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification

Information Gathering and Processing

RPMs | Module 1: Interaction Gathering Information• Slide Notes · 2018-07-03 · RPMs | Module 1: Interaction • Gathering Information• Slide Notes . Page 6 of 48 . Now, let’s

Data and information gathering

Secure data gathering & Federate breeder services Recording Module • Collecting all information concerning milking : • Animal identification • Farm information ... 2 possible

Paternity Information Gathering Form

Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability

Information Gathering | OWASP

Information Gathering Lecture

Gathering Information

Gathering Performance Information Ppt

SMTP Information Gathering

Module 5 Information Gathering - Department of · PDF fileModule 5: Information Gathering Pg. 3 UN Peacekeeping PDT Standards, Specialized Training Material for Staff Officers 1 st

CBB REPORTING REQUIREMENTS MODULE · MODULE: CBB Reporting Requirements Table of Contents Date Last Changed BR-6 Information Gathering by the CBB BR-6.1 Power to Request Information

Information Gathering Knowledge Generationeprints.rclis.org/9221/1/Information_gathering.pdf · Information Gathering & Knowledge Generation. ... • Amount of information can vary

Information Gathering Final Essay

Slide Handouts: Family – Gathering the Information Part 1 · 2018-07-05 · RPMs | Module 5 Family • Gathering the Information Part 1 • Slide Notes . Page 29 of 29 Slide notes

INFORMATION GATHERING

Information gathering

Slide Handouts: Family – Gathering the Information Part 2...RPMs | Module 5 Family • Gathering the Information Part 2 • Slide Notes Page 16 of 26 Slide notes Notice how in the

Module:1 (Information Gathering: Port Scanning)2 Module:2 ... · Stored (Persistent).....65 Detection.....65