SlideShare a Scribd company logo

Information gath

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP
EducationTechnologyBusiness
1 of 21
Download to read offline
INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
How Important do Information Gath. Information Gath. Chance of Successful attack~
Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
Google Hack ( cont’d ) Google basic search help
Google Hack ( cont’d ) Operators and More Search help
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Examples :
Google Hack ( cont’d ) Other Examples :
Google Hack ( cont’d ) Other Examples :
Google Hack ( cont’d ) More Examples :
Netcraft an Internet monitoring company based on England Uptimes OS detection web server
Netcraft ( cont’d )
Whois
host
dig
REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/

Recommended

iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
Prakashchand Suthar
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Multi-Agent System for APT Detection
Multi-Agent System for APT DetectionMulti-Agent System for APT Detection
Multi-Agent System for APT Detection
Thibault Debatty
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
AlienVault
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 

Recommended

iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
Prakashchand Suthar
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Multi-Agent System for APT Detection
Multi-Agent System for APT DetectionMulti-Agent System for APT Detection
Multi-Agent System for APT Detection
Thibault Debatty
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
AlienVault
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
henelpj
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded
 
Investigating Malware using Memory Forensics
Investigating Malware using Memory ForensicsInvestigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
Cysinfo Cyber Security Community
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
Security Bootcamp
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
Florent Batard
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
FFRI, Inc.
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
Xavier Mertens
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
n|u - The Open Security Community
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
GTU
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
securityxploded
 
Michelle K Webster: Malware - Cryptolocker Research Final
Michelle K Webster: Malware - Cryptolocker Research FinalMichelle K Webster: Malware - Cryptolocker Research Final
Michelle K Webster: Malware - Cryptolocker Research Final
M.K. Webster
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP
 

More Related Content

What's hot

Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
n|u - The Open Security Community
 

What's hot (20)

THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Investigating Malware using Memory Forensics
Investigating Malware using Memory ForensicsInvestigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Hunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory ForensicsHunting Ghost RAT Using Memory Forensics
Hunting Ghost RAT Using Memory Forensics
 
Michelle K Webster: Malware - Cryptolocker Research Final
Michelle K Webster: Malware - Cryptolocker Research FinalMichelle K Webster: Malware - Cryptolocker Research Final
Michelle K Webster: Malware - Cryptolocker Research Final
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
 

Viewers also liked

Viewers also liked (6)

My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
 
Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
 

Similar to Information gath

Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism
 

Similar to Information gath (20)

Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Ceh intro
Ceh introCeh intro
Ceh intro
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Hunt down the evil of your infrastructure
Hunt down the evil of your infrastructureHunt down the evil of your infrastructure
Hunt down the evil of your infrastructure
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Basic of Ethical Hacking and Penetration Testing - 1st Module
Basic of Ethical Hacking and Penetration Testing - 1st ModuleBasic of Ethical Hacking and Penetration Testing - 1st Module
Basic of Ethical Hacking and Penetration Testing - 1st Module
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Recently uploaded (20)

General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 

Information gath