Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.

Slides:



Advertisements
Similar presentations
Computer Technology Timpview High School. A collection of local, regional, national, and international computer networks that are linked together to exchange.
Advertisements

MediTract Contract Management Software
This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.
Module 2 – PenTest Overview
Oct 7, 2006Presented By Leonard Doucette © 2006 Welcome to the “Erica Miller Spa School” at The Hills Health Ranch “E” Marketing and the Web.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Microsoft Office Live Create Your Own Website Basics Behind Office Live Allows users to create a professional presence without the hefty expenses of.
Introduction Web Development II 5 th February. Introduction to Web Development Search engines Discussion boards, bulletin boards, other online collaboration.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Lesson 19 Internet Basics.
ABQWEB™, A division of L&S Marketing Web Site Hosting, Design and Maintenance Professional Sites that Look Good, Load Fast and Work Well.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
1 Internet Search Tools Adapted from Kathy Schrock’s PowerPoint entitled “Successful Web Search Strategies” Kathy Schrock’s complete PowerPoint available.
CHAPTER THE INTERNET, THE WEB, AND ELECTRONIC COMMERCE 22.
Increasing Website ROI through SEO and Analytics Dan Belhassen greatBIGnews.com Modern Earth Inc.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Section 13.1 Add a hit counter to a Web page Identify the limitations of hit counters Describe the information gathered by tracking systems Create a guest.
MindGenies C-22/28, Sector 57, Noida (UP), INDIA Tel. Nos , MindGenies…The E-magicians specializing in Internet.
Developed By: [ INNOVATION INFOSOFT TECHNOLOGIES ]
Forensic and Investigative Accounting
E.halFILE 2.2 New Application Features Session II.
Strengths: SEO – Moderate Page Placement Inbound Links: 11 Onsite Lead Generation Mobile Optimization Onsite Blogging -API To Social Sites - Facebook,
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
What is SMEcollaborate Primarily developed for Small and Medium Companies who wish to collaborate together. It is a:- A resource center for collaborating.
Fielding Graduate University Library Locating Tests and Measures.
Introduction to E-Marketing Understanding Marketing Techniques in the new E-conomy.
Website Presentation Written By Mark Brady. Website Advantages Company services can be activated from the customers home, or literally anywhere. Users.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Courier Tracking System. Small Courier Operations Small courier services collect Letters and parcels from customers and issues its own POD number Then.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Attack Methods Chapter 4 Corporate IT Security Copyright 2002 Prentice-Hall.
Module 8 – What's Next?  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Validating, Promoting, & Publishing Your Web Site Writing For the Web The Internet Writer’s Handbook 2/e.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Windows 2008 Configuring Server Roles and Services.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Internet Research Tips Daniel Fack. Internet Research Tips The internet is a self publishing medium. It must be be analyzed for appropriateness of research.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Catholic University College of Ghana Fiapre-Sunyani Catholic University College of Ghana Introduction to Information Technology II (Internet)
Web Search Engines AGED Search Engines Search engines (most have directories, too)  Yahoo  AltaVista  Lycos
Evaluating & Maintaining a Site Domain 6. Conduct Technical Tests Dreamweaver provides many tools to assist in finalizing and testing your website for.
Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
LIR 10: Week 10 Advanced WWW Topics. Class Announcements New features on Section 2904 Schedule Missing Homework Online Quiz due 11/16 Another WWW directory.
Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Footprinting and Scanning
Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
The Internet What is the Internet? The Internet is a lot of computers over the whole world connected together so that they can share information. It.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Modern information gathering Dave van Stein 9 april 2009.
WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.
The Web Web Design. 3.2 The Web Focus on Reading Main Ideas A URL is an address that identifies a specific Web page. Web browsers have varying capabilities.
Different Purposes for Web Pages Education –Content must be timely, accurate and appealing. Can also provide feedback, maintain records (IC) and can also.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Footprinting and Scanning
Footprinting and Scanning
Best SEO Tips to Make Your Website Stand Out. SEARCH ENGINE OPTIMIZATION It is essential that you implement Search Engine Optimization strategies to make.
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Security Essentials for Small Businesses
Passive Research Section 2 11/29/2018.
Search Engine Optimization
Footprinting. Сбор данных
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
The Internet and Electronic mail
Internet Skills ELEC135 Alan Noble Room 504 Tel:
Presentation transcript:

Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

Information Gathering  Locate the target Web presence  Examine the target using search engines  Search Web groups  Search employee personal Web sites  Search Security & Exchange Commission and finance sites  Search uptime statistics sites  Search system/network survey sites  Search on P2P networks  Search on Internet Relay Chat (IRC)  Search job databases  Search newsgroups (NNTP)  Gain information from domain registrar  Check for reverse DNS lookup presence  Check more DNS information  Check Spam database lookup  Check to change WHOIS information Heorot.net

Information Gathering IMPORTANT!!  This phase does not involve “touching” the target  Information gathered may not be “Public Domain”  Tools: Firefox Dogpile.com Alexa.org Archive.org Document, document, document… Screenshots, screenshots, screenshots… Heorot.net

Information Gathering What to Document…  Website Address  Web Server Type  Server Locations  Dates Listed  Date Last Modified  Web Links Internal  Web Links External  Web Server Directory Tree  Technologies Used  Encryption standards  Web-Enabled Languages  Form Fields  Form Variables  Method of Form Postings  Keywords Used  Company contactability  Meta Tags  Comments Noted  e-commerce Capabilities  Services Offered on Net  Products Offered on Net  Features Heorot.net

Information Gathering  Locate the target Web presence Cool tool called “nmap” Heorot.net

Information Gathering  Examine the target using search engines Rank 53,545 / Linking In: 2,415 Heorot.net

Information Gathering  Examine the target using search engines Heorot.net

Information Gathering  Dates Listed / Modified Heorot.net

Information Gathering  Search Web groups Heorot.net

Information Gathering  Search newsgroups (NNTP) Heorot.net

Information Gathering  Gain information from domain registrar  Check to change WHOIS information Heorot.net

Information Gathering  Check for reverse DNS lookup presence  Check more DNS information DNS Reverse DNS Heorot.net

Information Gathering  Why care about Reverse DNS? Insecure.org seclists.org Heorot.net

Information Gathering  Check Spam database lookup Heorot.net

Information Gathering  Search employee personal Web sites  Search Security & Exchange Commission and finance sites  Search uptime statistics sites  Search system/network survey sites  Search on P2P networks  Search on Internet Relay Chat (IRC)  Search job databases Heorot.net

Module 3 – Conclusion  Information Gathering  What to Document  Not “touching” the target  Information may not be “Public Domain” Heorot.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.