Module 2: Footprinting

0 0

Overview

Scenario

Adam is furious. He had applied for the network engineer job at targetcompany.com He believes that he was rejected unfairly. He has a good track record, but the economic slowdown has seen many layoffs including his. He is frustrated - he needs a job and feels he has been wronged. Late in the evening he decides that he will prove his mettle.
  • What do you think Adam would do?
  • Where would he start and how would he go about it?
  • Are there any tools that can help him in his effort?
  • Can he cause harm to targetcompany.com?
  • As a security professional, where can you lay checkpoints and how can you deploy countermeasures?
Prelude

The significance of this quote in the present context is that there is no sure way of predicting the ways of a hacker. Throughout this course, we will use the term 'cracker' or 'attacker' to refer to a hacker with malicious intent. The term 'hacker' as used here, will be generic.
Here is an interesting description of a hacker drawn from the Internet.
"The hacker is an interesting entity. Hackers seek knowledge and are not afraid of solving problems or tapping into their brain power. Hackers are sometimes stubborn, always clever, curious and intelligent, and constantly learning. They are thinkers who like to be challenged. Most often good hackers are also good programmers... never use exploits unless they know exactly what the code they're executing is doing. Most of the time they only use exploits which they have written themselves..."
We have seen the activity phases of a cracker in the previous module. Beginning with this module we will detail these phases and deal with the various domains involved. This module addresses the footprinting sub phase of the reconnaissance phase.
This module discusses a scenario for the purpose of concept correlation. This scenario has been based on several real life situations. The icon legend used in the module is given below.
We begin with a scenario description. The CSI/FBI 2002 survey noted that 75% of attacks could be sourced to disgruntled employees. In this scenario we follow the actions of 'Adam', a disgruntled applicant who feels he has been denied a job on unfair grounds.
The recession had taken its toll and Adam found himself laid off from his job. Several rejected applications later, he came across a job opening for a network engineer in his city. He had eight years of experience in the field and had worked on several technologies. However, this firm presented him with the opportunity to work on one of the leading technologies, which he was very much interested in.
Unlike his previous applications, Adam took care to read about the company and its activities. He tailored his resume to fit their requirement profile. It seemed a perfect match to him. Adam's hard work paid off when he was called for an interview. Again, unlike the previous interviews he had attended, Adam took care to prepare for this interview extensively. He met up with current employees at the local coffee shop and made some friends as well.
When he reached their interview venue, he realized that there were just too many applicants - much like all the other interviews he had attended. However, he was confident he would make it. He exchanged small talk with some of the other attendees while waiting for his turn and noted that few had similar experience as his.
The interview went well and Adam expected to hear from them regarding the offer soon. Contrary to his expectations, he received an email that informed him about the company's regret in not being able to accommodate him and stating that it hoped that he would make it some other time. Adam was dejected.
He happened to meet one of the employees in the same coffee shop a few days later and found out that the new recruit was known to him. Adam was convinced that his application was rejected on unfair grounds. He felt that he was a better match for the job... and this he would prove. He would test the recruit on his home ground.
The battle call was a subtle one - Adam began by checking out the company website. The company would have to accommodate him now and he was going to make it this time.
The battle had begun... but, who would win the war?
Note to readers:
The purpose of the scenario description is not to advocate a single means of information gathering, but rather to give the perspective of a cracker. Not all crackers need to behave similarly. The hacker community takes pride in their ingenuity to seek ways of accessing a system not thought about previously or popularly.
There are various levels of sophistication among hackers. The hacker lexicon terms them as lamer, script kiddies, uberhacker etc. The original hackers do not consider themselves to be of dubious repute, and take pride in following a code of ethics. We are focusing on those who use their talent towards destructive or harmful means. The illustration here is meant to be for what it states -"illustration".
The purpose of revisiting Adam at various points in this module is to highlight some easily overlooked aspects of security that can be addressed proactively. The point to moot is that information can be easily available if sought. What information should be available publicly and what measures you can advocate to safeguard this information is our discussion here.
Module Objectives
  • Overview of the Reconnaissance Phase
  • Introducing Footprinting
  • Understanding the information gathering methodology of hackers
  • Comprehending the Implications
  • Learning some of the tools used for reconnaissance phase
  • Deploying countermeasures

COMMENTS

BLOGGER
Group Of Oceninfo™ © , All Rights Reserved.
Name

©2012 Oceninfo.co.cc,2,10:29 IST,1,2012,1,Adfly Bot,2,AFCEH,1,Ajax security,1,all posts for education purpose only...www.facebook.com/princebhalani,1,Android,1,android developer,1,android phone,1,android phone-1,1,anonymous email,1,Anti-Trojan software,8,Antivirus,1,Apple,1,article marketing,1,at risk,1,attacks,1,australian federal police,1,Auto Clicker,1,Auto surfer,1,backtrack link,2,Bank Hacking,2,BCMSN,2,BIOS Update,1,Blockchain,1,Blog and tagged Ransomware,1,boot fast...,1,boot xp faster,1,Business Deals,1,Bypass Antivirus and Hack Window Systems,1,CCIE,2,CCNA,2,CCNP,2,CEH,2,challenge-response system,1,Changing Root Bridge Election Results,2,code,2,commands,1,company deals,1,Computer Hacking,3,Connect,1,cookie stealing,3,Country,1,Crack,1,Credit Card Fraud,2,credit cards,1,Cryptography,1,cyber cell updated,1,cyber security,1,DATA CARD TRICK,1,delhi,1,Digital Marketing,1,direct admission in any colleges,2,Direct Link,3,Directory Traversal Attacks,1,Dos and Ddos,1,DotNetNuke Remote File Upload Vulnerability,1,Earn Lots of money,3,EARN MONEY PART2,1,earnings in$,1,email hacking,4,email spoofing,2,Er Prince Bhalani jobs,1,Ethical Hacker job,1,ethical hacking,8,exploit,1,facebook autoliker,1,Facebook tricks,3,Fake Mail,1,fake sms,1,FB hackz,1,FBI,1,FBI HACKERS,2,FBI Jobs,2,featured,6,Finger scan,1,fingerprint Hacking,1,format without pain,1,Free Download,1,Free Flash Templates,1,free hacking book,5,Free Recharge,1,free sms,2,Freebeacon,1,friendship day,2,friendship day image,2,friendship image,1,Future Computer,2,future of hacking,1,Gadgets,1,good clean fun,1,google,3,Google Ads,1,google adsense account,1,Google hacking,3,google hacks,1,google search,1,hack,2,hack the world,2,HACK WEBSITES USING SQL INJECTION,2,hacker,1,hacker uni,1,hacker/LPT/etc,1,hackers,2,Hackerz info,1,hacking,4,hacking games,1,hacking matterial,1,HACKING OFER,1,hacking softwares,1,hacking tools,2,Hacking with Mobile phones,1,HackingTeacher Security Solutions,1,hacks,1,hijack,1,history of hacking,1,How to,8,How to Hack,37,how to play,1,How to sniff,1,html,1,HTTPS/SSL secured sites,1,I LOVE YOU VIRUS,1,i-phone hacking,1,ICITAM 2012,1,iCloud Era,1,In Flow,1,indian cyber cell,4,information security,1,interesting,1,inurl:fcklinkgallery.as,1,IP hacks,1,iphone,1,IT Act,1,IT Decision Maker,1,IT Implem_App/LOB Spec,1,IT Implem_Desktop/EndUser Spec,1,IT Implem_Infrastructure Spec,1,IT Implem_IT Generalist and IT Manager.,1,it security,1,java,1,jobs for ethical hacker,3,jobs in hacking,5,Joe job,1,Just for education purpose only,1,Kaspersky,1,kaspersky crack 2013,1,keyboard hacking,1,keyloggers,1,keywords,1,Laptop Tracking,1,Laws of computer crime,1,Learn Cracking,1,Learn Website Hacking,7,Linkbucks Bot,1,Macromedia Flash,1,make some rules...|||_|||,1,malicious code,1,Malware,1,malware analysis,1,man in the middle attack (LAN),1,master,1,master list,1,metasploit,3,Microsoft scams,1,mobile,1,mobile recharge,1,moblie phone hacking,1,munging,1,network hack,1,Network Sniffers,1,new command set,1,new projects,1,nmap,1,No Survey,1,not infrequent,1,online scanners,1,paisa live hack,1,panetration for educational purpose only,1,Parental Controls,1,password hacking,4,Password sniffing with arp poisoning,1,PC TIPS,1,PE_PARITE (Trend Micro),1,penetration testing,1,pharming,1,phishing,1,phone hacking charged,1,PHP,1,pin ball,1,Play WMV Files,1,Press Trust of India / New Delhi Aug 15,1,Prime minister,1,prince bhalani,1,princebhalani,1,Professional job in FBI,1,Professional Penetration Testing,1,Programming,1,Programming of virus,2,protect my pc against hackin,1,proxy list by http,1,Proxy SOCKS Port,1,R-Admin With Key,1,Radmin,1,RAW Jobs,1,Real Hackers vs fake ethical hackers. ..:),1,Register of Known Spam Operations (ROKSO),1,repair corrupt hard disk,1,RFT,1,Robbery,1,Rupert Murdoch,1,SAMPLE,1,Sample dynamic flash template from TM website,1,Scams,2,Scanned Vulnerabilities,1,SEA,2,search engine hacking,1,Search Operators,1,Security,2,Security breach,1,security code brack,1,SEM,4,SEO,112,SEO Mistakes,1,SEO TOOLS,1,SEO Tricks,3,SERM,1,SERP,1,Session Hijacking,4,SET,1,shell commands...,1,shell list with download,1,SITES,1,Smart Home,1,Smartphones,1,SMM,1,SMO,2,sms spoofing,1,SMTP Servers,1,Sniffing passwords,1,Sothink SWF Decompiler,1,spam cocktail (or anti-spam cocktail),1,spam trap,1,spear phishing,2,SQL hacking,2,SQL Injection Attacks by Example,2,SSL,1,SSL Analysis,1,starting of help,1,System Information,1,System Restore,1,Tablet in 1000,1,Tablets,1,Temporary Email Service,1,time need,1,timer,1,tracing,1,Traffic,3,tricks,5,Tricks and Tips,1,Trojan,1,Trojan tools,1,Trojans and Backdoors,2,trojon,7,Turbo C++,1,UK phone hacking,1,UK phone hacking arrest,1,USA JOBS,4,Virus,2,virus writing,2,VPN,1,vulnerabilities,1,vulnerability assessment,1,W32/Pate (McAfee),1,W32/Pinfi (Symantec),1,Washington,2,web hacking,6,web security,1,Website Development,1,Website Hacking,3,White House,1,wifi hacking,3,Win32 : parite (Avast),1,Win32.Parite (Kaspersky),1,Win32/Parite,1,windows,2,Windows 8 event for IT Professionals,1,wirless hack,1,WordPress,1,WordPress hacking,1,working with Virus and worm,9,XP Hacking,1,xp hacking-1,1,XP part 3,1,xss hacking,1,
ltr
item
Group Of Oceninfo: Module 2: Footprinting
Module 2: Footprinting
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRtiGjsbl-7QtDaan3HY_cNUUscV36dgTMHOBXhUXRZpwjPkrcBQCKImo3EVuhA9pmKpuQxPMYppDz9dYeC6H-ZHxIKxgT3DyAh50e33KjpxwgrlnnoVYT9WEPQ2aZ7MlpoI4g5EtN4Y0y/s1600/ppp.JPG
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRtiGjsbl-7QtDaan3HY_cNUUscV36dgTMHOBXhUXRZpwjPkrcBQCKImo3EVuhA9pmKpuQxPMYppDz9dYeC6H-ZHxIKxgT3DyAh50e33KjpxwgrlnnoVYT9WEPQ2aZ7MlpoI4g5EtN4Y0y/s72-c/ppp.JPG
Group Of Oceninfo
https://oceninfo.blogspot.com/2011/09/module-2-footprinting.html
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/2011/09/module-2-footprinting.html
true
6415817773321450103
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy