WEBVTT 00:00.980 --> 00:07.430 Introduction to information gathering, information gathering is the first and one of the most important 00:07.430 --> 00:09.500 activities in penetration testing. 00:09.740 --> 00:15.890 This step is carried out in order to find out as much information as possible about how to get machine. 00:16.430 --> 00:22.880 The more information we have, the better our chances will be for exploiting the target. 00:23.740 --> 00:30.700 During the information gathering phase, our main focus is to collect facts about the target machines, 00:30.700 --> 00:34.900 such as the IP address, available services and open ports. 00:35.140 --> 00:40.960 This information plays a vital role in the process of penetration testing to achieve this goal. 00:41.140 --> 00:47.560 We will be and will be learning certain scanning techniques such as SMB scanning, SSL server scanning. 00:48.010 --> 00:56.290 FTP scanning is an enumeration, how it be scanning, and we are scanning the brute forcing by end of 00:56.290 --> 00:59.350 this course, actually in the middle of this course, of course. 00:59.770 --> 01:07.600 So information gathering footprinting and enumeration are terms that are used often used interchangeably, 01:07.900 --> 01:09.450 but they are still different. 01:09.460 --> 01:15.580 According to the Sun, standard footprinting is the ability to obtain essential information about an 01:15.580 --> 01:21.490 organization, so this information includes the technologies that are being used, such as internet, 01:21.490 --> 01:24.520 intranet, remote access and extra on it. 01:25.000 --> 01:30.250 In addition to the technologies, the security policies and procedures must be explored. 01:31.210 --> 01:37.690 So scanning consists of six steps in mapping out whether a network is performing and automating ping 01:37.690 --> 01:44.200 sweeper on the range of IP addresses and network blocks to determine if individual systems are alive. 01:45.250 --> 01:50.930 So integration involves active connections to a system and directed queries. 01:50.950 --> 01:57.310 So this is the type of information enumerated by hackers can be loosely grouped into categories such 01:57.310 --> 02:05.200 as network resources and shares, users and groups, applications and banners and network blocks. 02:05.950 --> 02:11.680 There are basically three types of techniques used in information gathering. 02:12.220 --> 02:15.700 So first is passive information gathering. 02:16.510 --> 02:23.470 This technique is used to gain information about the target without having any physical connectivity 02:23.650 --> 02:25.060 or access to it. 02:25.660 --> 02:33.310 So this means that we use other resources to gain information about a target, such as by using the 02:33.310 --> 02:37.690 WHO is query server, look up and so on. 02:38.720 --> 02:45.710 Suppose our target is an online application, but then a simple who is up can provide us with a lot 02:45.710 --> 02:51.230 of information about the web application, such as its IP address, its domains and subdomains. 02:51.950 --> 02:55.730 Uh, actually the location of server, of course, the hosting server and so on. 02:56.300 --> 03:03.770 So the this information can be very useful during penetration testing as it can widen our track of exploiting 03:03.770 --> 03:04.340 the target. 03:05.430 --> 03:09.960 And then secondly, we have active information gathering. 03:10.380 --> 03:17.400 So in this technique, a logical connection is to set up with the target in order to gain information. 03:17.790 --> 03:24.660 So this technique provides us with the next level of information which can directly supplement our understanding 03:24.660 --> 03:27.030 of the target security in port scanning. 03:27.030 --> 03:33.410 The target is the most widely used active scanning technique in which we focus on the open ports and 03:33.420 --> 03:35.640 available services running on a target. 03:36.120 --> 03:42.120 And lastly, we have social engineering, so this type of information gathering is similar to passive 03:42.120 --> 03:45.660 information gathering, but relies on Monero. 03:46.470 --> 03:53.130 So and the information leaked out in the form of printouts, telephone conversations, incorrect email 03:53.130 --> 03:54.180 ideas and so on. 03:54.630 --> 04:01.110 So the techniques for utilizing this method are numerous, and the ethos of information gathering is 04:01.110 --> 04:05.140 very different and social engineering is a category in itself. 04:05.160 --> 04:12.030 For example, hackers who use their domain names that sound similar with the spelling mistakes and set 04:12.030 --> 04:14.970 up a mail server to receive such a run or some emails. 04:15.750 --> 04:19.440 Such domains are known as doppelganger domains. 04:19.680 --> 04:22.650 This is the evil twin here. 04:23.340 --> 04:30.600 So the victims of social engineering are tricked into releasing desired information that they do not 04:30.600 --> 04:34.140 realize will be used to attack an enterprise network. 04:34.650 --> 04:40.770 For example, an employee in an intrepid enterprise company may be tricked into revealing an employee 04:40.770 --> 04:45.570 ID number to someone who's pretending to be someone he she trusts. 04:46.890 --> 04:52.770 While the employee number may not seem valuable to the employee, which makes it easier for him to reveal 04:52.770 --> 04:54.420 this information in the first place. 04:54.840 --> 05:01.260 So the social engineer and the social engineer can use that employee number in conjunction with the 05:01.260 --> 05:06.270 other information that has been gathered to get closer to finding your way into enterprise network.