SlideShare una empresa de Scribd logo

Owasp modern information gathering

KZA
KZA

OWASP is een wereldwijde non-profit organisatie, met een Nederlandse vestiging, die onder meer richtlijnen voor beveiliging biedt. IT Security Specialist Dave van Stein van KZA heeft op 26 juni een presentatie gegeveven

Tecnología
1 de 31
Descargar para leer sin conexión
Modern information gathering Onderwerp: Modern Information Gathering Datum: 26-JUN-2012 Aanwezigen: OWASP Classificatie: Public
Who Am I Dave van Stein 38 years Tester > 11 years (Application) Security Testing “Certified Ethical Hacker”
Agenda Goal of the presentation What is Information Gathering ? Domain scanning Search engine ‘abuse’ Other tools Some Social Engineering Remedies Conclusions
Goal of this presentation Give insight in amount of information anonymously available on internet about your system (and users) Give insight in the amount and possibilities of tools freely available Identify entrypoint Gain access Secure access Do stuff Clear up the mess Come back another time (simplified procedure)
‘Classic’ Domain Scanning Steps involved: Get network information with ping and traceroute Get DNS information with WHOIS and LOOKUP Do DNS zone transfer for subdomains Download website for extra info Scan servers Problems: DNS zone transfers often not authorized Active connection with target => detectable
Modern Information Gathering Interesting information: Domains and subdomains IP adresses Applications and technologies Hotspots (known vulnerabilities) Usernames and passwords Sensitive information Passive As little contact as possible with target No direct scanning, no intrusion No logging and no alarm triggering !
Sources of information Public records WHOIS: information about owner DNS : information about IP adresses Search engines Often little restrictions on websites Cache all information gathered Tweaking provides additional information Various websites Anonymous Combine above techniques Sort results for nice presentation Advanced and Automated Specialized (offline) Tools scanning
Shodanhq.com Shodan IP adresses Server banner X-Powered-by banner Cookies Search filters City, Country, Geo Hostname, ip address / net block Os, port date (before / after) ssl cert version, bits, issuer ssl cipher support, bit support , protocol
ServerSniff.net Server Sniff NS reports Domain reports Subdomains Various (trace)routes Various ping types Shows robots.txt Anonymous !
Domain Scanning: Server Sniff
Robtex.com
Domain Scanning: Robtex Domain ‘Swiss Army Knife’ Provides ALL information linked to a domain
Domain scanning: Robtex
Google Advanced search filetype: (or ext:) Find documents of the specified type. E.g. PDF, XLS, DOC intext: The terms must appear in the text of the page. intitle: The terms must appear in the title of the page. inurl: The terms must appear in the URL of the page.
Google Hacking Database www.johnny.ihackstuff.com (edit: http://johnny.ihackstuff.com/ghdb.php) Collection of queries for finding ‘interesting’ stuff No longer updated Possible results of GHD: Identify systems in use (including version) Identify known exploits Locations of sensitive information User-id’s & passwords Logging files Many other things
The NEW and IMPROVED GHDB
Bing.com Finds subdomains with ‘IP:x.x.x.x’
Baidu inurl: intitle: site:
Example
SearchDiggity
Stach & Liu
SEO Tools
Domain Scanning ‘on-the-fly’ Passive Recon (Firefox add-on)
FOCA
Maltego Intelligence and forensics tool Connects many different sources of info Represents in graphical way Very extensive capabilities
Maltego Can also be used for social engineering - Facebook & twitter - Email adresses - Phone numbers - etc
theHarvester
Conclusions What search engines see, hackers can abuse Anonymous, online and offline, Highly automated Many tools are freely available Networks can be mapped with much detail in minutes Much information about your company, systems and users available on internet
Remedies (1/2) Limit access • Allow search engines only to see what they need to see. • Make sure unauthorized users are not able to look into or even see files they do not need to see. • Force possible intruders to use methods that can be scanned and monitored. Use the tools of hackers • Scan your systems with the tools hackers use and check the information that is found. • Scan for error messages and other things that reveal information about the system and services and remove them. Check what spiders can see • Use a spider simulator to check what spiders can see and if your application still functions correctly.
Remedies (2/2) Awareness • Be aware of all possible sources of information. Create awareness among employees. Assume all information will possibly abused Clean documents • Remove al metadata from documents before publishing. Audit frequently • Keep your knowledge up-to-date and scan regularly for information that can be found about your systems or hire professionals do to it for you.
Interesting books on the subject

Recomendados

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Footprinting
FootprintingFootprinting
Footprinting
prashant3535
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 

Recomendados

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
maroti164
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Footprinting
FootprintingFootprinting
Footprinting
prashant3535
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
Kamal Rathaur
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
Jose Manuel Ortega Candel
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
Anjum Ahuja
 
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
Philippe Lin
 
Maltego
MaltegoMaltego
Maltego
penetration Tester
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
Olakanmi Oluwole
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegum
JamieMcMurray
 
OSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoOSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with Maltego
Raghav Bisht
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
Jose Manuel Ortega Candel
 
Information gathering
Information gatheringInformation gathering
Information gathering
Maulik Kotak
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Josh Sokol
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
Christian Martorella
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
Sagar Rahurkar
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
00heights
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniques
Seccuris Inc.
 
Basics of Maltego
Basics of MaltegoBasics of Maltego
Basics of Maltego
Yash Diwakar
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
Raghunath G
 

Más contenido relacionado

La actualidad más candente

Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Josh Sokol
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
Sagar Rahurkar
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniques
Seccuris Inc.
 

La actualidad más candente (20)

Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
 
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
Maltego
MaltegoMaltego
Maltego
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegum
 
OSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoOSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with Maltego
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
 
Information gathering
Information gatheringInformation gathering
Information gathering
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
 
A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniques
 
Basics of Maltego
Basics of MaltegoBasics of Maltego
Basics of Maltego
 

Similar a Owasp modern information gathering

Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Addmi 02-addm overview
Addmi 02-addm overviewAddmi 02-addm overview
Addmi 02-addm overview
odanyboy
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
Yury Chemerkin
 
Forensic tools
Forensic toolsForensic tools
Forensic tools
Venkata Sreeram
 

Similar a Owasp modern information gathering (20)

technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks5 must-have security testing tools for your pentesting tasks
5 must-have security testing tools for your pentesting tasks
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineering
 
Web hacking
Web hackingWeb hacking
Web hacking
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisDistributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
Playing with shodan
Playing with shodanPlaying with shodan
Playing with shodan
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Addmi 02-addm overview
Addmi 02-addm overviewAddmi 02-addm overview
Addmi 02-addm overview
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
Forensic tools
Forensic toolsForensic tools
Forensic tools
 

Más de KZA

Más de KZA (6)

Testers zijn te voorspelbaar
Testers zijn te voorspelbaarTesters zijn te voorspelbaar
Testers zijn te voorspelbaar
 
Workshop Vaardig Vragen
Workshop Vaardig Vragen Workshop Vaardig Vragen
Workshop Vaardig Vragen
 
Het exit van de testmanager
Het exit van de testmanagerHet exit van de testmanager
Het exit van de testmanager
 
De grootste misverstanden
De grootste misverstandenDe grootste misverstanden
De grootste misverstanden
 
Things to consider when building a castle in the sky
Things to consider when building a castle in the skyThings to consider when building a castle in the sky
Things to consider when building a castle in the sky
 
De verborgen problemen bij cloudoplossingen
De verborgen problemen bij cloudoplossingenDe verborgen problemen bij cloudoplossingen
De verborgen problemen bij cloudoplossingen
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Owasp modern information gathering

  • 1. Modern information gathering Onderwerp: Modern Information Gathering Datum: 26-JUN-2012 Aanwezigen: OWASP Classificatie: Public
  • 2. Who Am I Dave van Stein 38 years Tester > 11 years (Application) Security Testing “Certified Ethical Hacker”
  • 3. Agenda Goal of the presentation What is Information Gathering ? Domain scanning Search engine ‘abuse’ Other tools Some Social Engineering Remedies Conclusions
  • 4. Goal of this presentation Give insight in amount of information anonymously available on internet about your system (and users) Give insight in the amount and possibilities of tools freely available Identify entrypoint Gain access Secure access Do stuff Clear up the mess Come back another time (simplified procedure)
  • 5. ‘Classic’ Domain Scanning Steps involved: Get network information with ping and traceroute Get DNS information with WHOIS and LOOKUP Do DNS zone transfer for subdomains Download website for extra info Scan servers Problems: DNS zone transfers often not authorized Active connection with target => detectable
  • 6. Modern Information Gathering Interesting information: Domains and subdomains IP adresses Applications and technologies Hotspots (known vulnerabilities) Usernames and passwords Sensitive information Passive As little contact as possible with target No direct scanning, no intrusion No logging and no alarm triggering !
  • 7. Sources of information Public records WHOIS: information about owner DNS : information about IP adresses Search engines Often little restrictions on websites Cache all information gathered Tweaking provides additional information Various websites Anonymous Combine above techniques Sort results for nice presentation Advanced and Automated Specialized (offline) Tools scanning
  • 8. Shodanhq.com Shodan IP adresses Server banner X-Powered-by banner Cookies Search filters City, Country, Geo Hostname, ip address / net block Os, port date (before / after) ssl cert version, bits, issuer ssl cipher support, bit support , protocol
  • 9. ServerSniff.net Server Sniff NS reports Domain reports Subdomains Various (trace)routes Various ping types Shows robots.txt Anonymous !
  • 12. Domain Scanning: Robtex Domain ‘Swiss Army Knife’ Provides ALL information linked to a domain
  • 14. Google Advanced search filetype: (or ext:) Find documents of the specified type. E.g. PDF, XLS, DOC intext: The terms must appear in the text of the page. intitle: The terms must appear in the title of the page. inurl: The terms must appear in the URL of the page.
  • 15. Google Hacking Database www.johnny.ihackstuff.com (edit: http://johnny.ihackstuff.com/ghdb.php) Collection of queries for finding ‘interesting’ stuff No longer updated Possible results of GHD: Identify systems in use (including version) Identify known exploits Locations of sensitive information User-id’s & passwords Logging files Many other things
  • 16. The NEW and IMPROVED GHDB
  • 17. Bing.com Finds subdomains with ‘IP:x.x.x.x’
  • 24. FOCA
  • 25. Maltego Intelligence and forensics tool Connects many different sources of info Represents in graphical way Very extensive capabilities
  • 26. Maltego Can also be used for social engineering - Facebook & twitter - Email adresses - Phone numbers - etc
  • 28. Conclusions What search engines see, hackers can abuse Anonymous, online and offline, Highly automated Many tools are freely available Networks can be mapped with much detail in minutes Much information about your company, systems and users available on internet
  • 29. Remedies (1/2) Limit access • Allow search engines only to see what they need to see. • Make sure unauthorized users are not able to look into or even see files they do not need to see. • Force possible intruders to use methods that can be scanned and monitored. Use the tools of hackers • Scan your systems with the tools hackers use and check the information that is found. • Scan for error messages and other things that reveal information about the system and services and remove them. Check what spiders can see • Use a spider simulator to check what spiders can see and if your application still functions correctly.
  • 30. Remedies (2/2) Awareness • Be aware of all possible sources of information. Create awareness among employees. Assume all information will possibly abused Clean documents • Remove al metadata from documents before publishing. Audit frequently • Keep your knowledge up-to-date and scan regularly for information that can be found about your systems or hire professionals do to it for you.
  • 31. Interesting books on the subject