TAILIEUCHUNG - Lecture Penetration testing: Information gathering

Lecture "Penetration testing: Information gathering" provide students with knowledge about: Passive information gathering; Active information gathering; Information gathering; . Please refer to the detailed content of the lecture! | Information Gathering Contents What is information gathering Passive information gathering Active information gathering 1. What is information gathering 1. What is information gathering Information gathering is the first step in conducting a penetration test and is arguably the most important. Information gathering is the process of collecting the information from different places about individual company organization Server IP address or person. Information Gathering Types of information gathering Passive information gathering Active information gathering 2. Passive Information Gathering 2. Passive Information Gathering Passive information gathering focuses on collecting information archived on systems not located in our client s network. We try to gather as much information about our target network and systems without connecting to them directly. Information Searches Locate the target Web presence Gather search engine results regarding the target Look for Web groups containing employee and or company comments Examine the personal Web sites of employees Search archival sites for additional information Look for job postings submitted by the target Query the domain registrar Domain name system DNS information Results The penetration tester will have a wealth of information regarding the target without ever visiting the target s network. All passive information is gathered from third-party sources that have collected information about our target or have legal requirements to retain this data. Tools Netcraft http Tools Whois Lookups root@kali whois Tools DNS Reconnaissance Domain Name System DNS DNS is used to translate domain names into IP addresses and vice versa. Record in DNS A Address CNAME Canonical Name MX Mail Exchange CNAME cấu hình bí danh nghĩa là 1 ip có thể gắn vào nhiều tên. 1 IP có thể gắn nhiều CNAME . IN CNAME . A Ánh xạ tên miền vào địa chỉ IP. Vd . IN A .

• An ninh - Bảo mật
• Lecture Penetration testing
• Penetration testing
• Information gathering
• Bài giảng Kiểm thử xâm nhập
• Passive information gathering
• Active information gathering
• Introduction to penetration testing
• Types of penetration testing
• The objects of penetration testing
• Benefits of penetration testing
• Finding vulnerabilities
• Nmap scripting engine
• Web application scanning
• Capturing traffic
• Networking for capturing traffic
• ARP cache poisoning
• Password attack
• Client side exploitation
• Social engineering