SlideShare une entreprise Scribd logo

Footprinting

P
prashant3535

RISC Meet - 20th July RMIT Information Security Collective RMIT University

TechnologieBusiness
1  sur  38
Télécharger pour lire hors ligne
Prashant Mahajan RISC Meet RMIT Information Security Collective 20 th July 8.9.43
 Footprinting refers to the preparatory stage where an attacker seeks to gather as much information as possible about the target before launching attack(s).  Types:-  Passive  Attack
 Basic information about the target and its network  OS, platforms running, web server versions and likes
 Locate company’s URL  Internal URL’s  Provide an insight into different departments and business units in the organisation  Can be found via trial and error OR?  http://news.netcraft.com  http://www.webmaster-a.com/link-extractor- internal.php
 SpiderFoot (http://www.binarypool.com)  Will scrape the websites as well as Google, Netcraft, Whois and DNS
 Robtext (http://www.robtex.com)
 Google  Bing  Dogpile (Goole+Yahoo+Bing+Yandex)  Web Wombat (Original Australian)  Cuil  Alexa
 Some of my favourite resources are:
 http://www.peekyou.com  http://www.yoname.com  http://www.123people.com  http://www.aafter.com  http://blogsearch.google.com  All Social Networking Sites  MySpace, Facebook, Orkut, Twitter, LinkedIn
 How do you find images using Google?  Google Image Search  http://images.google.com  Image search may give results according to keywords or metadata from images.  Are all the results you get related to what you searched for?
 So, basically, it is google image search in reverse.  You can submit an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions
 When you submit an image to be searched, TinEye creates a unique and compact digital signature or 'fingerprint' for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match.  TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized.
 Financial Services like Google Finance, Yahoo Finance  Job Sites:  Job Descriptions can be used to gather the infrastructure details  Tech Support Websites:  Many times employees give out information in order to get some solutions for their problems
 When did it start?  Where is it located?  How did it develop?  Who leads it?  What are the company’s plans?
 nslookup  dnsrecon
 http://www.morris-pictures.com  The one you need to know is a comment in the source code of the index-2.html, "<!-- Mirrored from www.silvertipfilms.co.uk/index.php by HTTrackWebsite Copier/3.x [XR&CO'2008], Thu, 16 Oct 2008 02:10:39 GMT -->" morris-pictures.com was registered on 2008-10-14
 http://www.hackersforcharity.org/ghdb/
Prashant Mahajan corrupt@null.co.in +61 0421 804 786 Follow Me on Twitter @prashant3535

Recommandé

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
Patel Mit
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
robin_bene
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 

Recommandé

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
Patel Mit
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
robin_bene
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analytics
NetFort
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
Sophos Benelux
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
 
Removable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and ProfitRemovable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and Profit
Rungga Reksya Sabilillah
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
Uday Verma
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
Rungga Reksya Sabilillah
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entities
Quick Heal Technologies Ltd.
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
Tripwire
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force Attack
Ahmad karawash
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attack
securityxploded
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
Anthony Hasse
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Career In Search Engine Optimization
Career In Search Engine Optimization Career In Search Engine Optimization
Career In Search Engine Optimization
Abu Talha
 
SEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for youSEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for you
Uy Hoàng
 

Contenu connexe

Tendances

OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 

Tendances (20)

FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analytics
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
 
Removable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and ProfitRemovable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and Profit
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entities
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
 
Footprinting
FootprintingFootprinting
Footprinting
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force Attack
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attack
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 

Similaire à Footprinting

SEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for youSEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for you
Uy Hoàng
 
Vikram seo ppt
Vikram seo pptVikram seo ppt
Vikram seo ppt
vickybish
 
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
jward5519
 
Seo report
Seo reportSeo report
Seo report
Manojkumar Kambale
 
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy Cabral
 
Report on search engines
Report on search enginesReport on search engines
Report on search engines
Amandeep Kaur
 
Website requirements and planning document
Website requirements and planning documentWebsite requirements and planning document
Website requirements and planning document
Erika Feinberg
 

Similaire à Footprinting (20)

Career In Search Engine Optimization
Career In Search Engine Optimization Career In Search Engine Optimization
Career In Search Engine Optimization
 
SEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for youSEO Tools For Marketers - Seo tools for you
SEO Tools For Marketers - Seo tools for you
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Top 20 Search Engine Optimization (SEO) Tools
Top 20 Search Engine Optimization (SEO) ToolsTop 20 Search Engine Optimization (SEO) Tools
Top 20 Search Engine Optimization (SEO) Tools
 
Search Engine Optimisation
Search Engine OptimisationSearch Engine Optimisation
Search Engine Optimisation
 
BEST SEO TIPS - Tricks SEO
BEST SEO TIPS - Tricks SEO BEST SEO TIPS - Tricks SEO
BEST SEO TIPS - Tricks SEO
 
Vikram seo ppt
Vikram seo pptVikram seo ppt
Vikram seo ppt
 
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
Free Traffic Seo Smo 101 (Search Engine Social Media Optimization) Present...
 
We are Digital Puppets
We are Digital PuppetsWe are Digital Puppets
We are Digital Puppets
 
best Digital Marketing ppt for all......
best Digital Marketing ppt for all......best Digital Marketing ppt for all......
best Digital Marketing ppt for all......
 
What is-seo-smbme
What is-seo-smbmeWhat is-seo-smbme
What is-seo-smbme
 
Seo report
Seo reportSeo report
Seo report
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
 
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)
 
Lecture7
Lecture7Lecture7
Lecture7
 
Report on search engines
Report on search enginesReport on search engines
Report on search engines
 
Powerful sourcing tips
Powerful sourcing tipsPowerful sourcing tips
Powerful sourcing tips
 
Internet Marketing Tools: SEO Software
Internet Marketing Tools: SEO SoftwareInternet Marketing Tools: SEO Software
Internet Marketing Tools: SEO Software
 
Website requirements and planning document
Website requirements and planning documentWebsite requirements and planning document
Website requirements and planning document
 
how does google works?
how does google works?how does google works?
how does google works?
 

Plus de prashant3535

Plus de prashant3535 (12)

BSides Pune 2024
BSides Pune 2024BSides Pune 2024
BSides Pune 2024
 
ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018ADRecon - Detection CHCON 2018
ADRecon - Detection CHCON 2018
 
Mimikatz
MimikatzMimikatz
Mimikatz
 
Active Directory Recon 101
Active Directory Recon 101Active Directory Recon 101
Active Directory Recon 101
 
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs PresentationADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
 
ADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal PresentationADRecon BH ASIA 2018 : Arsenal Presentation
ADRecon BH ASIA 2018 : Arsenal Presentation
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
What Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox ForensicsWhat Firefox can tell about you? - Firefox Forensics
What Firefox can tell about you? - Firefox Forensics
 
Tracking Emails
Tracking EmailsTracking Emails
Tracking Emails
 
One Laptop Per Child
One Laptop Per ChildOne Laptop Per Child
One Laptop Per Child
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Footprinting

  • 1. Prashant Mahajan RISC Meet RMIT Information Security Collective 20 th July 8.9.43
  • 2.  Footprinting refers to the preparatory stage where an attacker seeks to gather as much information as possible about the target before launching attack(s).  Types:-  Passive  Attack
  • 3.  Basic information about the target and its network  OS, platforms running, web server versions and likes
  • 4.  Locate company’s URL  Internal URL’s  Provide an insight into different departments and business units in the organisation  Can be found via trial and error OR?  http://news.netcraft.com  http://www.webmaster-a.com/link-extractor- internal.php
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.  SpiderFoot (http://www.binarypool.com)  Will scrape the websites as well as Google, Netcraft, Whois and DNS
  • 12.  Google  Bing  Dogpile (Goole+Yahoo+Bing+Yandex)  Web Wombat (Original Australian)  Cuil  Alexa
  • 13.  Some of my favourite resources are:
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.  http://www.peekyou.com  http://www.yoname.com  http://www.123people.com  http://www.aafter.com  http://blogsearch.google.com  All Social Networking Sites  MySpace, Facebook, Orkut, Twitter, LinkedIn
  • 19.  How do you find images using Google?  Google Image Search  http://images.google.com  Image search may give results according to keywords or metadata from images.  Are all the results you get related to what you searched for?
  • 20.  So, basically, it is google image search in reverse.  You can submit an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.  When you submit an image to be searched, TinEye creates a unique and compact digital signature or 'fingerprint' for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match.  TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized.
  • 26.
  • 27.  Financial Services like Google Finance, Yahoo Finance  Job Sites:  Job Descriptions can be used to gather the infrastructure details  Tech Support Websites:  Many times employees give out information in order to get some solutions for their problems
  • 28.  When did it start?  Where is it located?  How did it develop?  Who leads it?  What are the company’s plans?
  • 29.
  • 30.
  • 31.
  • 32.
  • 34.
  • 35.  http://www.morris-pictures.com  The one you need to know is a comment in the source code of the index-2.html, "<!-- Mirrored from www.silvertipfilms.co.uk/index.php by HTTrackWebsite Copier/3.x [XR&CO'2008], Thu, 16 Oct 2008 02:10:39 GMT -->" morris-pictures.com was registered on 2008-10-14
  • 37.
  • 38. Prashant Mahajan corrupt@null.co.in +61 0421 804 786 Follow Me on Twitter @prashant3535