1
00:00:09,170 --> 00:00:16,830
Let us start with new section information gathering, this is the first phase of hacking in this lecture.

2
00:00:17,240 --> 00:00:23,540
We are going to study what is information gathering as well as objectives and importance of information

3
00:00:23,540 --> 00:00:23,960
gathering.

4
00:00:25,130 --> 00:00:31,070
There is a saying that goes the more information you have about the target, the more is the chance

5
00:00:31,070 --> 00:00:32,690
of successful exploitation.

6
00:00:33,380 --> 00:00:36,350
Information gathering is the first phase of hacking.

7
00:00:36,800 --> 00:00:43,340
In this phase, we gather as much information as possible regarding the targets online presence, but

8
00:00:43,370 --> 00:00:46,940
in turn reveal useful information about the target itself.

9
00:00:47,600 --> 00:00:53,540
The required information will depend on whether we are doing a network or a web application when this

10
00:00:54,170 --> 00:00:55,840
information is power.

11
00:00:56,570 --> 00:00:58,580
And in most scenarios it's true.

12
00:00:59,120 --> 00:01:04,610
Having critical information at the right time and especially knowing how to use it can be a great source

13
00:01:04,610 --> 00:01:07,310
of power in the cybersecurity world.

14
00:01:07,580 --> 00:01:14,480
The security data about any target which can the person company domain name also is something that is

15
00:01:14,480 --> 00:01:20,060
coveted by all the parties on all fronts, including red teams and blue teams.

16
00:01:20,540 --> 00:01:26,690
Therefore, mastering the information gathering process is one of the ultimate goals of any cybersecurity

17
00:01:26,690 --> 00:01:29,780
researcher than any black head or white hat.

18
00:01:29,780 --> 00:01:33,630
Hacker needs to gain as much information as possible about the target.

19
00:01:33,980 --> 00:01:40,640
The first step he does is the information gathering, but it's a fun activity for some researchers.

20
00:01:40,910 --> 00:01:47,390
Information gathering is also one of the most time consuming tasks during the Interlaken process.

21
00:01:47,750 --> 00:01:52,940
And that is why time management is very important in information gathering process.

22
00:01:53,990 --> 00:02:00,410
In general, all the information gathering techniques can be classified into two main categories active

23
00:02:00,410 --> 00:02:06,200
information gathering and passu information gathering in Act two information gathering, which would

24
00:02:06,200 --> 00:02:07,790
directly engage with the target.

25
00:02:08,030 --> 00:02:13,580
For example, gathering information about what ports are open on a particular target, what services

26
00:02:13,580 --> 00:02:16,190
they are running and what operating system they are using.

27
00:02:16,560 --> 00:02:22,010
However, the techniques involving active information gathering would be very noisy at the other end

28
00:02:22,160 --> 00:02:28,880
as they are easily detected by the ideas APIs and the firewalls and under the log of the presence and

29
00:02:28,880 --> 00:02:33,350
hence not recommended sometimes in better information gathering.

30
00:02:33,680 --> 00:02:35,720
We do not directly engage with the target.

31
00:02:35,890 --> 00:02:42,540
Instead, we use search engines, social media and other websites to gather information about the target.

32
00:02:43,370 --> 00:02:49,260
This method is recommended since it does not generate any log of the presence on the target system.

33
00:02:49,850 --> 00:02:56,300
A common example would be to use LinkedIn, Facebook and other social networks to gather information

34
00:02:56,300 --> 00:02:58,310
about employees and their interests.

35
00:02:58,940 --> 00:03:04,960
This would be very useful when you perform phishing, key logging, browser exploitation and other landside

36
00:03:05,000 --> 00:03:06,270
attacks on the employees.

37
00:03:07,250 --> 00:03:11,780
So what are the objectives of information gathering in cyber security?

38
00:03:12,530 --> 00:03:18,800
Any basic cyber security information gathering process often includes these two types of data collection

39
00:03:18,800 --> 00:03:19,170
goals.

40
00:03:19,580 --> 00:03:26,030
First is the collecting network data network data says public, private and associated domain names,

41
00:03:26,210 --> 00:03:32,480
network hosts, public and private IP blocks, routing tables, DCB and europese, attending services,

42
00:03:32,720 --> 00:03:35,640
SSL certificates, open ports and many more.

43
00:03:36,170 --> 00:03:39,350
And second is collecting system related information.

44
00:03:39,770 --> 00:03:47,660
This includes user numeration system groups always host names, operating system type that is probably

45
00:03:47,660 --> 00:03:52,910
fingerprinting of the operating system system banners that is moneygrubbing and many more.

46
00:03:54,020 --> 00:03:59,600
Now let us look at the top methods used to gather information about any targets.

47
00:04:00,050 --> 00:04:02,090
The first is social engineering.

48
00:04:02,480 --> 00:04:07,130
This includes in-person chat, phone conversations and email spoofing attacks.

49
00:04:07,760 --> 00:04:13,610
What all these methods have in common is the psychology of human weakness that is needed to get maximum

50
00:04:13,610 --> 00:04:16,700
data about the targeted search engines.

51
00:04:17,210 --> 00:04:23,180
The products can be used to get information about anything, and this includes companies, persons,

52
00:04:23,330 --> 00:04:25,400
services and even real hacks.

53
00:04:26,530 --> 00:04:33,760
Social networks, Facebook, Twitter, LinkedIn, Instagram and other social networks are a great source

54
00:04:33,760 --> 00:04:40,890
of information to build a profile, especially when we are targeting particular individuals domain names.

55
00:04:41,590 --> 00:04:46,930
These are registered by the organizations, governments, public and private agencies and people.

56
00:04:47,200 --> 00:04:51,610
Therefore, they are a great starting point when you want to investigate someone.

57
00:04:52,180 --> 00:04:58,690
Personal information, associated domains, products, services and technologies can be found by inspecting

58
00:04:58,690 --> 00:05:00,130
domain name information.

59
00:05:01,630 --> 00:05:06,650
Internet service authority to DNS servers are a great source of information.

60
00:05:07,180 --> 00:05:13,180
They often include every single surface point exposed to the Internet, which means a direct link to

61
00:05:13,180 --> 00:05:16,930
religious services such as the EDP email and many more.

62
00:05:18,200 --> 00:05:25,900
Even the job sites are a great source of information if a particular individual posts his job requirement

63
00:05:25,910 --> 00:05:32,210
on a particular job site, and if a hacker sees that like X, Y, Z person posts, you want a job as

64
00:05:32,210 --> 00:05:38,960
a software engineer and he sees that the hacker will have a vision call to that person and viewed him

65
00:05:38,960 --> 00:05:45,140
with a hefty package like he will say, I will give you a one like dollar package, and for that you

66
00:05:45,140 --> 00:05:47,420
need to pay ten thousand dollars in advance.

67
00:05:47,570 --> 00:05:50,570
And this is the main source that hacker gathers.

68
00:05:51,760 --> 00:05:59,620
So this is all you need to get your information gathering during any protest, so the first is get proper

69
00:05:59,620 --> 00:06:00,370
authorization.

70
00:06:01,270 --> 00:06:06,940
We need to get the proper authorization and define the scope of the assessment, define the scope of

71
00:06:06,940 --> 00:06:07,500
the assessment.

72
00:06:07,660 --> 00:06:12,490
We need to dive deep into a target, like what is the profile of the target and what the target do.

73
00:06:12,490 --> 00:06:15,700
And all next is both on footprinting.

74
00:06:15,700 --> 00:06:22,570
Two previously mentioned sources, footprinting search engines such as Google, Yahoo, Bing, etc..

75
00:06:22,780 --> 00:06:29,050
I used to gather target organizations information such as impeller details, login pages, Internet

76
00:06:29,050 --> 00:06:35,350
portals, operating systems, used financial information that helps in performing social engineering

77
00:06:35,350 --> 00:06:37,680
and other types of 11 system attacks.

78
00:06:38,320 --> 00:06:40,570
Next is to gather computer intelligence.

79
00:06:41,200 --> 00:06:43,660
Basically, what is competitive intelligence?

80
00:06:44,290 --> 00:06:49,240
Competitive intelligence information is the most vital information for any hacker.

81
00:06:49,630 --> 00:06:55,390
This information can lead to complete information gathering and complete dive deep into the target.

82
00:06:55,960 --> 00:06:57,790
Next is the Who is Look-Up?

83
00:06:58,360 --> 00:07:04,770
We need to perform who is footprinting using tools such as who is Look-Up Smart, who is bad?

84
00:07:04,800 --> 00:07:10,630
I began and many more to create a detailed map of organization network gather personal information that

85
00:07:10,630 --> 00:07:16,630
assists in performing social engineering and gather other information like network orders and many more.

86
00:07:17,740 --> 00:07:24,730
Next, we need to perform DNS footprinting using tools such as DNS stuff, MIGHTINESS tools and many

87
00:07:24,730 --> 00:07:29,860
more Grinderman kiosks in the network and perform social engineering attacks.

88
00:07:31,620 --> 00:07:38,280
On network footprinting, using tools such as but analyze a pro visual route duo, Spider, to create

89
00:07:38,280 --> 00:07:45,360
a map of Target's network, implement social engineering techniques such as eavesdropping, shoulder

90
00:07:45,360 --> 00:07:51,390
surfing, dumpster diving and fishing that may help to gather more critical information about the target.

91
00:07:51,720 --> 00:07:55,440
And at the end of pretesting, document all the findings.

92
00:07:57,160 --> 00:08:02,410
In the next lecture, we will start with information regarding practicals, the first spectacle will

93
00:08:02,410 --> 00:08:03,340
be multicore.