Penetration testing is most effective when you have a good grasp on the environment being tested. Sometimes this information will be presented to you by the corporation that hired you, other times you will need to go out and perform your reconnaissance to gather information.
Many corporations are not aware of the types of data that can be found and used by hackers. A penetration tester will need to bring this information to light. You will be providing the business with real data that they can then act upon in accordance to their risk appetite. The information that you will be able to find will vary from target to target, but will typically include items such as IP ranges,
domain names, e-mail addresses, public financial data, organizational information, technologies used, job titles, phone numbers, and much more. Sometimes you may be able to find confidential documents or private information that is readily available to the public via the Internet.
Two types:-
Passive reconnaissance avoids direct contact with the target network.
Active reconnaissance is done by direct contact with the target network.
The types of information that can be collected while performing reconnaissance include:
• Nameservers
• IP ranges
• Banners
• Operating Systems
• Determining if IDS/IPS is used
• Technologies used
• Network device types
Reconnaissance is most effective when performed procedurally. There are four major stages that should be followed:
1. Information gathering:- In this phase you will gather information about the organization you are attacking/pentesting by using social media networks, Google hacking, footprinting the target and so on.
2. Threat Modelling:- It uses the information that is acquired in information gathering phase to identify the existing vulnerabilities in the target system.
3. Vulnerability Analysis:-In this stage you combine the information that you have learned from the prior phases and use it to understand what attacks might be viable.
4. Exploitation:-An exploit should be performed when you are sure that this particular exploit will be successful.
Many corporations are not aware of the types of data that can be found and used by hackers. A penetration tester will need to bring this information to light. You will be providing the business with real data that they can then act upon in accordance to their risk appetite. The information that you will be able to find will vary from target to target, but will typically include items such as IP ranges,
domain names, e-mail addresses, public financial data, organizational information, technologies used, job titles, phone numbers, and much more. Sometimes you may be able to find confidential documents or private information that is readily available to the public via the Internet.
Two types:-
Passive reconnaissance avoids direct contact with the target network.
Active reconnaissance is done by direct contact with the target network.
The types of information that can be collected while performing reconnaissance include:
• Nameservers
• IP ranges
• Banners
• Operating Systems
• Determining if IDS/IPS is used
• Technologies used
• Network device types
Reconnaissance is most effective when performed procedurally. There are four major stages that should be followed:
1. Information gathering:- In this phase you will gather information about the organization you are attacking/pentesting by using social media networks, Google hacking, footprinting the target and so on.
2. Threat Modelling:- It uses the information that is acquired in information gathering phase to identify the existing vulnerabilities in the target system.
3. Vulnerability Analysis:-In this stage you combine the information that you have learned from the prior phases and use it to understand what attacks might be viable.
4. Exploitation:-An exploit should be performed when you are sure that this particular exploit will be successful.