Pen Testing Reconnaissance OSINT Information gathering Reconnaissance Active

  • Slides: 10
Download presentation
Pen Testing

Pen Testing

Reconnaissance • OSINT • Information gathering

Reconnaissance • OSINT • Information gathering

Reconnaissance • Active • Passive

Reconnaissance • Active • Passive

Recon Tools • HTTPTrack: website copier • Google Hacking: • • • Site: Filetype:

Recon Tools • HTTPTrack: website copier • Google Hacking: • • • Site: Filetype: Allintitle: Inurl: Cache: • Exploit DB: GHDB

Recon Tools • Harvester: emails • Who. is • Netcraft • Host <IP or

Recon Tools • Harvester: emails • Who. is • Netcraft • Host <IP or URL> • Nslookup • Dig @ target_IP –t AXFR • Fierce

Recon Tools • Recon email server with. bat or. exe file • Metagoofil: metadata

Recon Tools • Recon email server with. bat or. exe file • Metagoofil: metadata • Robtex • Maltego

Recon Data • IPs • Host names • DNS server names/IP • Email server

Recon Data • IPs • Host names • DNS server names/IP • Email server names • Emails • URLS • People names • People interests…

Recon sites • http: //osintframework. com/ • http: //www. hackersforcharity. org/ghdb/

Recon sites • http: //osintframework. com/ • http: //www. hackersforcharity. org/ghdb/

Summary • Reconnaissance is the first step in pen testing • Linux and some

Summary • Reconnaissance is the first step in pen testing • Linux and some windows tools, websites can be useful as well • You can make your own tools if you need something more sophisticated

Sources • “Vulnerability Assessments: The Pro-active Steps to Secure Your Organization”, Robert Boyce, SANS

Sources • “Vulnerability Assessments: The Pro-active Steps to Secure Your Organization”, Robert Boyce, SANS Institute • VA vs PT: https: //www. secureworks. com/blog/vulnerability-assessmentsversus-penetration-tests • Threat Modeling: http: //threatmodeler. com/threat-modeling-data-flowdiagram-vs-process-flow-diagram/ • “Toward A Secure System Engineering Methodology”, Chris Salter, O. Sami Saydjari, Bruce Schneier, Jim Wallner • Attack Trees: https: //www. schneier. com/academic/archives/1999/12/attack_trees. html

UNCLASSIFIED OSINT Operational OSINT What its not UNCLASSIFIEDUNCLASSIFIED OSINT Operational OSINT What its not UNCLASSIFIED
Open Source Intelligence OSINT Introduction to OSINT WhatOpen Source Intelligence OSINT Introduction to OSINT What
PEN Partner India Putting PEN to Paper PENPEN Partner India Putting PEN to Paper PEN
PEN workshop 2009 PEN RQs Arild Angelsen PENPEN workshop 2009 PEN RQs Arild Angelsen PEN
OPENSOURCE INTELLIGENCE OSINT RECONNAISSANCE DR JOHN W CARLSOPENSOURCE INTELLIGENCE OSINT RECONNAISSANCE DR JOHN W CARLS
Penetration Testing Dr X Pen Testing Penetration TestingPenetration Testing Dr X Pen Testing Penetration Testing
Higher PE Gathering Information Cycle of Analysis GatheringHigher PE Gathering Information Cycle of Analysis Gathering
FMF Amphibious Reconnaissance Corpsman 84278403 FMF Amphibious ReconnaissanceFMF Amphibious Reconnaissance Corpsman 84278403 FMF Amphibious Reconnaissance
Procdure de reconnaissance Procdure de reconnaissance Cest leProcdure de reconnaissance Procdure de reconnaissance Cest le