Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recon DSU GenCyber.

Published byΣταματία Χατζηιωάννου Modified over 5 years ago

Similar presentations

Presentation on theme: "Recon DSU GenCyber."— Presentation transcript:

1 Recon DSU GenCyber

2 Before we start talking about hacking…
This can be you! This is not you. GenCyber

3 White Hat vs. Black Hat The Good Guys! Ethical hackers
Use your abilities for good ONLY operates with permission/approval Exploits vulnerabilities in systems Reports findings to organizations, to help better their security posture Discloses vulnerabilities to developers The Bad Guys. Always in the news Use their abilities for their own personal gain Operates without permission/approval Exploits vulnerabilities in systems Steals valuable information Sells such information Disrupting services Sells vulnerabilities to the highest bidder GenCyber

4 Offensive Security Ethics
Don’t do bad stuff Play nice ALWAYS gain written permission Stay legal GenCyber

5 Offensive Security Overview
Don’t only the bad guys play the offense? No!! “The best defense is a good offense” Kind of, but not quite… Goal isn’t to hack the people who are hacking us BAD IDEA! Let’s hack our own stuff before someone else does And fix it! Need to know how the offense works to be able to do defense well Offensive Network Security, Penetration Testing Security Research, Reverse Engineering, Exploitation GenCyber

6 Cyber Kill Chain How an attack works Learn about the target
Find vulnerabilities Find weaknesses Create the exploit Execute the exploit Post-Exploitation tasks GenCyber

7 PTES Penetration Testing Execution Standard Seven main sections
Pre-engagement interactions Getting the legal documents in place, determining scope, etc. Intelligence Gathering Reconnaissance – learning about the target, systems, people Threat Modeling Determining highest value assets Vulnerability Analysis Finding vulnerabilities in the systems Exploitation Taking advantage of the vulnerabilities Post Exploitation What do we do once we got in? Move around, find other information, other systems, etc. Reporting A test is useless if we can’t tell the customer how we got in, and how to fix it. GenCyber

8 Reconnaissance GenCyber

9 Reconnaissance Preliminary surveying or research.
Before we start interacting with the target What can we learn? Information gathered during this phase guides the rest of the penetration test Arguably most important part of Penetration Testing Example: Bank Robbery Walk right in “Give me all your money!” Methodical, planned approach GenCyber

10 Recon the Recon Active vs. Passive OSINT: Open-Source Intelligence
Passive: Not interacting with the target; using information available through other means Active: Interacting directly with the target The target may know you are gathering information, or probing their systems OSINT: Open-Source Intelligence Publicly available information Never touching the target GenCyber

11 Targeted Data Collection - Business
Details about the business Who they are What they do (products/services) Relationships with other companies Organizational Chart Physical Location Employees Websites Usernames Addresses GenCyber

12 Your turn! What can you learn about the following company through open source research on the internet? Best Buy Business size IT size IT Budget C-level employees (Chief….) Services rendered Partners GenCyber

13 Job Postings These can be great recon tools for you
Often will list specific technologies in use by the company. CVE - Common Vulnerabilities and Exposures GenCyber

14 Breaking down the recon
Three different major categories User Recon Business Recon Network Recon GenCyber

15 User Recon - Phishing Phishing – attempting to acquire sensitive information by disguising as a trustworthy entity Often carried out via Phishing vs. Spear Phishing Broad, not targeted phishing Very specific, targeted phishing GenCyber

16 Phishing Example What’s wrong with this? GenCyber

17 Phishing Example What’s wrong with this? From jymiller2@gmail.com
Why gmail? Shouldn’t it be lehigh.edu? Do you really need to login to remain active? Best to contact the real Julie to confirm The link takes you to library.lehigh.saea.ga What is .ga? Why not lehigh.edu? GenCyber

18 Spearphish Me Find me (Cody Welu) on Instagram
Using ONLY what I post there, learn about me. Interests Where I’ve been/locations Friends/Family Anything else interesting? Draft a spearphishing to me. Try to get me to click on a link, or open an attachment. Submit here: Not so great example Dearest Cody: Your long lost cousin is actually a Prince with too much money, and it’s your lucky day! Click <here> to claim your payday! GenCyber

19 Hi Cody I noticed your photography online, and I’m looking to hire you for an event. My daughter’s softball club is holding a 2-day tournament in August, and we’d like you to be our official photographer for the event. There are more details about the tournament here: <link>. Please let me know if you’re interested. Looking forward to hearing back from you! GenCyber

20 Could you be phished? Know what to look for
Be critical of s, especially attachments and links Practice good OPSEC For your safety, security, and wellbeing What do you want the world to know about you? Where you work Where you live What new expensive toy you got When you’re on vacation And not home GenCyber

21 Network Recon Now we’re getting a bit closer to the actual computer systems we’d be attacking Domain Names dsu.edu webmail.dsu.edu catalog.dsu.edu IP addresses Possible usernames addresses Specific port information GenCyber

22 Google-Fu Google Hacking Google Dorks Advanced Search Operators
inurl: site: intext: ext: GenCyber

23 If you search too much… GenCyber

24 Tools Lots of different tools that can help us gather information
All of these are available in Kali Linux Recon-ng All sorts of data acquisition tools Metagoofil Extracts metadata of documents Maltego Good at showing relations between data Nmap Network mapping/scanning Etc…. GenCyber

25 Info Gathering with Recon-ng
In a terminal, open recon-ng recon-ng Create a new workspace and add DSU workspaces add dsu.edu add domains dsu.edu Find some hosts using osint load netcraft run load bing_domain_web load google_site_web load brute_hosts Resolve to IP addresses load recon/hosts-hosts/resolve run load recon/hosts-hosts/reverse_resolve Gather information on contacts (people) load whois_pocs load pgp_search Generate a nice HTML report of info use html set creator YOURNAME set customer CUSTOMERNAME GenCyber

Download ppt "Recon DSU GenCyber."

Similar presentations

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
E safety. Ads It’s always best to not click on ads when you see them, and it’s always a good idea to ignore them, but if there are too many you can always.

E safety. Ads It’s always best to not click on ads when you see them, and it’s always a good idea to ignore them, but if there are too many you can always.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
01110000011100100110100101101111011100100110100101110100011110010010000001100 10001100001011101000110000101110000011100100110100101101111011100100110100101.

Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.

Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Computer crimes.

Computer crimes.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.

Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
The Front Range’s Largest AppSec Conference is BACK February 18, 2016 Details & registration at www.snowfroc.comwww.snowfroc.com Keynote by Jeremiah Grossman.

The Front Range’s Largest AppSec Conference is BACK February 18, 2016 Details & registration at Keynote by Jeremiah Grossman.
Modern information gathering Dave van Stein 9 april 2009.

Modern information gathering Dave van Stein 9 april 2009.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Common System Exploits Tom Chothia Computer Security, Lecture 17.

Common System Exploits Tom Chothia Computer Security, Lecture 17.
THE BEST CRM SOFTWARE FOR YOUR BUSINESS

THE BEST CRM SOFTWARE FOR YOUR BUSINESS
Online Reputation A guide for children aged 7+

Online Reputation A guide for children aged 7+

Similar presentations

Ads by Google