📔
eCPPTv2 Notes
  • About
  • 1-System Security
    • Architecture Fundamentals
      • Security Implementations
      • References
    • Assembler Debuggers and Tool Arsenal
      • Compiler
      • NASM
      • Tool Arsenal
      • References
    • Buffer Overflow
      • Finding Buffer Overflows
      • Exploiting Buffer Overflow
      • Security Implementations
      • References
    • Shellcoding
      • Types of Shellcode
      • Encoding of Shellcode
      • Debugging a Shellcode
      • Creating our First Shellcode
      • More Advanced Shellcode
      • Shellcode and Payload Generators
      • References
    • Cryptography and Password Cracking
      • Cryptography Hash Function
      • Public Key Infrastructure
      • Pretty Good Privacy (PGP)
      • Secure Shell (SSH)
      • Cryptographic Attack
      • Security Pitfalls
      • Windows 2000/XP/2k3/Vista/7/8 Passwords
      • References
    • MALWARE
      • Techniques Used by Malware
      • How Malware Spreads
      • Samples
      • References
  • 2-Network Security
    • Information Gathering
      • Search Engines
      • Social Media
      • Infrastructures
      • Tools
      • References
    • Scanning
      • Detect Live Hosts and Ports
      • Service and OS detection
      • Firewall/IDS Evasion
      • References
    • Enumeration
      • NetBIOS
      • SNMP
      • References
    • Sniffing and MitM Attacks
      • What is Sniffing
      • Sniffing in Action
      • Basic of ARP
      • Sniffing Tools
      • Man in the Middle Attacks
      • Attacking Tools
      • Intercepting SSL Traffic
      • References
    • Exploitation
      • Vulnerability Assessment
      • Low Hanging Fruits
      • Exploitation
      • References
    • Post Exploitation
      • Privilege Escalation and Maintaining Access
      • Pillaging / Data Harvesting
      • Mapping the internal network
      • Exploitation through Pivoting
      • References
    • Anonymity
      • Browsing Anonymously
      • Tunneling for Anonymity
      • References
    • Social Engineering
      • Types of Social Engineering
      • Samples of Social Engineering Attacks
      • Pretexting Samples
      • Tools
      • References
  • 3-Powershell for Pentesters
    • Introduction
      • Why PowerShell ?
      • References
    • PowerShell Fundamentals
      • Cmdlets
      • Modules
      • Scripts
      • Objects
      • References
    • Offensive PowerShell
      • Downloading & Execution
      • Obfuscation
      • Information Gathering & Recon
      • Post-Exploitation With Powershell
      • References
Powered by GitBook
On this page

Was this helpful?

  1. 2-Network Security

Information Gathering

1.1. Information Gathering Introduction

Penetration testing must follow a methodical, organized, and controlled process in order to both effectively review targets and keep the penetration tester safe from consequences if issues arise.

One of the most important steps is the act of information gathering or footprinting.

The information gathering phase is focused on 2 essential aspects of all targets:

  • Business Regarding the type of business, its stakeholders, assets, products, services, employees, and generally non-technical information

  • Infrastructure Regarding the network, systems, domains, IP addresses, and so on.

We will focus on uncovering the infrastructure footprinting of the target.

At the end of the information gathering process you should at least have the following important information about the target:

Infrastructure

Business

Network Maps

Web presence (domains)

Network Blocks

Physical locations

IP addresses

Employees / Departments

Ports

Emails

Services

Partners and third parties

DNS

Press / new releases

OS

Documents

Alive machines

Financial information

Systems

Job postings

Information gathering techniques can be classified into 2 main disciplines:

  • Active In this type, we gather the information about our target by directly interacting with the target system. In this phase, we gather the information about ports, services, running systems, net blocks, and so on. In general, active techniques can reveal the investigation to the organization through IDS or servers logs so caution should be taken to prevent this.

  • Passive (OSINT / Open Source INTelligence) In this type, we gather the information about our target without exposing our presence. In this phase we not only try to gather information such as web presence, partners, financial info, and physical plants but also, infrastructure related information using publicly available resources (accessible by anyone)

Tools:

  • Dradis

  • Faraday

  • Magitree

  • Burp Suite

  • Nessus

  • Nexpose

  • Nmap

Parts layout:

                        Information Gathering
              --------------------|--------------------
          Business                               Infrastructure
      -------|-------                           -------|-------
Search Engines  Social Media           Full scope test    Narrowed Scope
Previous2-Network SecurityNextSearch Engines

Last updated 4 years ago

Was this helpful?

Please make sure to read the guide that will teach you how to collect and store information of your target.

Methodolgy:Handling Information