O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Information gath

10.161 visualizações

Publicada em

Publicada em: Educação, Tecnologia, Negócios

Information gath

  1. 1. INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
  2. 2. Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
  3. 3. About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
  4. 4. Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
  5. 5. How Important do Information Gath. Information Gath. Chance of Successful attack~
  6. 6. Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
  7. 7. Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
  8. 8. Google Hack ( cont’d ) Google basic search help
  9. 9. Google Hack ( cont’d ) Operators and More Search help
  10. 10. Google Hack ( cont’d ) Examples :
  11. 11. Google Hack ( cont’d ) Examples :
  12. 12. Google Hack ( cont’d ) Examples :
  13. 13. Google Hack ( cont’d ) Other Examples :
  14. 14. Google Hack ( cont’d ) Other Examples :
  15. 15. Google Hack ( cont’d ) More Examples :
  16. 16. Netcraft an Internet monitoring company based on England Uptimes OS detection web server
  17. 17. Netcraft ( cont’d )
  18. 18. Whois
  19. 19. host
  20. 20. dig
  21. 21. REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/

×