Reconnaissance Processes Flashcards
How do we carry out reconnaissance
Internet Research
What areas can you research on internet for your mission
- Company Websites
- Social Media
- Discussion Groups
- Financial Reports
- News Articles
What is Social Engineering
Going undercover to get to know the employees or vendors of the company
What are examples of Social Engineering?
Afterwork social gatherings
What kind of information can you get from afterwork social gatherings?
- Just in casual conversations with work colleagues you can find out
a lot of information that could help you know when the vulnerable
times are at the company - Someone may inadvertently give enough information about
themselves and their lifestyles for you to work out their password
What is Dumpster diving?
Going through the trash to maybe get:
1. Employee Names
2. Account numbers
3. Client Names
4. Vendor information
So in general, What are we looking for in the stages of Reconnaissance?
In marketing themselves a business will share a lot of information about themselves. You can find:
1. Contact Names
2. Phone numbers
3. Email addresses
4. General information about their security systems
5. Technical Infrastructure
What can you accomplish once you get addresses?
You can use location applications to:
1. Research surrounding neighbourhoods
2. Building layout
3. Work out any geographical or physical barriers
What can you accomplish once you get employee names?
You can then search their social media connections for information such as:
1. Facebook
2. Linkdin
3. Tik Tok
4. Instagram …………… etc
What is the distinction between an Ethical Hacker and a criminal hacker?
An Ethical Hacker must ALWAYS have permission from the client
What does this ‘permission’ entail
Before starting any work, a written documentation must be obtained, that gives the Ethical Hacker permission from the customer
What should be included in the written documentation for permission?
- Scope
- Guidelines
- Any limitations
Do you need to record all information, document information
Yes, documenting every aspect of your mission should be done as soon as possible so that it is still fresh in your mind!
What is Google Hacking, and is it legal?
Google Hacking is a means of securing a lot of information that a company does not know is public. You will use some ‘operators’ to find deeper company information that can be useful.
Yes, Google Hacking is legal!
What is ‘Foot-printing’
You can use email and web site foot-printing to:
1. Gather some information that was not meant to be
public, but has been accidentally put out there
2. Gather information that was old but has not been disposed of
properly
What can web site and email foot-printing provide?
- Information Flow
- Operating systems
- File names
- Network connections
It is possible to create a network map without even entering the building depending on the level of the company’s security,
What is Domain Name System (DNS) used for?
Using DNS is a convenient network addressing method
What can an IP address provide you with?
Network access point such as an email or web server
What are some internet researching tools?
- Google Earth
- Google Maps
- Webcams
- Echosec
- Maltego
- Wayback Machine
What is Google Earth?
Google Earth is a satellite imagery tool that provides current and historical images of most locations. Images can date back over several decades.
What is Google Maps?
Google Maps is a web mapping service that provides a street view of houses, businesses, roadways, and topologies.
What are Webcams?
Webcams are online streaming digital cameras that can provide video of places, people, and activity in an area.
What is Echosec?
Echosec is a tool that can be used to pull information from social media postings that were made using location services. You can select a location on a map and view all posts that have occurred at that location. These results can be filtered by user, date, or keyword.
What is Maltego?
Maltego is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information.
