3. Information Gathering
Information gathering refers to gathering information
about the issue you‟re facing and the ways other
organizations and communities have addressed it
You can gather information using both existing sources
and natural examples
4. Information Gathering
Synthesis here refers to analyzing what you‟ve learned
from your information gathering, and constructing a
coherent program or approach by taking ideas from a
number of sources and putting them together to create
something that meets the needs of the community and
population you‟re working with
Synthesis involves extracting the functional elements of
both the analysis of the issue and approaches to it
Functional elements are those that are indispensable either
to understanding the issue, or to implementing a particular
program
5. Why gather information?
It will help you avoid reinventing the wheel.
It will help you to gain a deep understanding of the issue
so that you can address it properly.
You need all the tools possible to create the best program
you can.
It‟s likely that most solutions aren‟t one size fits all.
It can help you ensure your program is culturally sensitive.
Knowing what‟s been done in a variety of other
circumstances and understanding the issue from a number
of different viewpoints may give you new insights and new
ideas for your program.
7. What is Maltego?
Maltego is a unique platform developed to deliver a clear
threat picture to the environment that an organization
owns and operates
Maltego‟s unique advantage is to demonstrate the
complexity and severity of single points of failure as well as
trust relationships that exist currently within the scope of
your infrastructure
8. About Maltego
Maltego is an intelligence and forensics application. It
allows for the mining and gathering of information as well
as the representation of this information in a meaningful
way.
Coupled with its graphing libraries Maltego allows us to
identify previously unknown relationships between
information, persons and information about persons.
As such, it is a useful tool in the IT security field to map an
organization's people and relationships. A valuable aid in
exploring the social-engineering attack vector in pentesting investigations.
9. Tools
Nmap (Network Mapper) is a security scanner originally
written by Gordon Lyonused to discover hosts and services on
a computer network, thus creating a "map" of the network. To
accomplish its goal, Nmap sends specially crafted packets to
the target host and then analyzes the responses, etc.
11. NMAP Objective
Find open TCP and/or UDP listeners on a single or range of
TCP/IP Addresses
Find out software versions
Find out operating system type
Don‟t get caught doing it
Learn what you have on your network
12. Is Nmap the best tool?
Yes it is
Long history of development and support
Active user base, used in many products
Continuous development and improvements
“Industry Standard” port scanner
It‟s free, open and well documented.
Stay current! (4.00 as of this doc)
13. History of Nmap
First released September 1, 1997 in Phrack 51 “The Art of
Portscanning”
http://www.insecure.org/nmap/p51-11.txt
Many updates since then:
OS Detection (Phrack 54)
Idle scanning
Version scanning
ARP Scanning
16. TCP SYN or ACK Probes?
Send both!
Purpose is to find hosts that are up
We do not care whether the port is active yet
17. Most valuable UDP “Ping” Port
Pick a high numbered one
Anything that responds with ICMP is up
Most things respond with ICMP
18. Most Valuable ICMP “Ping” Types
Echo Request (-PE)
…plus either Timestamp (-PP)
…or Netmask (-PM)
19. ARP Ping Probing
Useful only on same subnet
VERY reliable and much faster
Sends raw ethernet ARP requests
Automatically used if host/network is on the local subnet
Unless --send-ip option specified
20. Intense Discovery!
# nmap –sP –PE –PP –PS21,22,23,25,80,113,21339
–PA80,113,443,10042 –source-port 53 –n
–T4 –iR 10000
[ … lots of IPs … ]
Host a.b.c.d appears to be up.
Host w.x.y.z appears to be up.
Nmap finished: 10000 IP addresses (699 hosts up) scanned
in 2016.564 seconds