Reconnaissance Tools and Techniques: A Comprehensive Guide to Information Gathering
jadavvineet73
436 views
21 slides
Aug 19, 2024
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
This report by T S Sai Karthik provides an in-depth exploration of the tools and methods utilized for reconnaissance, a crucial phase in information gathering. The presentation covers various techniques used by cybersecurity professionals to collect data on targets, including both passive and active...
Slide Content
A Report on tools and methods that are used for Reconnaissance (Information Gathering) Project By:- T S Sai Karthik
Agenda Introduction information Gathering/Reconnaissance Methods of Information Gathering/ Reconnaissance What kind of Information to be Gathered Different tools for Gathering Information Uses of Information Gathering/ Reconnaissance Functionalities of Reconnaissance/Information Gathering Out Comes of Reconnaissance/ Information Gathering
Introduction information Gathering Information Gathering is means gathering different kinds of information about the target. It is basically, the first step or beginning stage of Ethical hacking, Where the pen tester's or Hacker’s tries to gather all the information about the target, In order to use it for Hacking. It is a method used by analysts to determine the needs of customers and users. Techniques that provide safety, utility, usability , learnability, etc. Various tools and techniques are available, including public sources(Community edition) and private sources( Expert edition). It can be classified into the following categories :- Foot printing Scanning Enumeration Reconnaissance Kali Linux - Information Gathering Tools - GeeksforGeeks
Methods of Information Gathering There are two Methods of Gathering an Information:- 1) Active Information Gathering 2) Passive Information Gathering Active information Gathering: - Active information gathering is being there physically present and tailgating on a target to gather information. Passive Information Gathering :- Passive techniques rely on the observation of publicly available data, information that is inadvertently leaked, or network monitoring.
Information gathering majorly includes two types of data collection:- Collective Network data such as public and private Collecting system related information - Operating system version OS host names Associated domain names Network host Public and private Ip blocks Routing tables TCP and UDP running services Open ports SSL certificates Information to be Gathered
Nmap (Network Mapper) is a powerful tool that helps you discover and gather information about devices and services running on a network. In simple terms, Nmap is like a special tool that lets you see which computers or devices are connected to a network and what programs or applications are running on them. It’s like having a special pair of glasses that can see which houses have people living in them and what kinds of activities are happening inside each house. Nmap allows you to: 1. Find live devices on a network. 2. Check which ports or doors are open on those devices. 3. Identify the services or applications running on those open ports. Nmap(Network Mapper)
-A nmap 192.168.1.1 -A Enables OS detection, version detection, script scanning, and traceroute Commands -O nmap 192.168.1.1 -O Remote OS detection using TCP/IP stack fingerprinting -oN nmap 192.168.1.1 -oN normal.file Normal output to the file normal.file -6 nmap -6 2607:f0d0:1002:51::4 Enable IPv6 scanning -h nmap -h nmap help screen -F nmap 192.168.1.1 -F Fast port scan (100 ports) Nmap Cheat Sheet 2024: All the Commands & Flags (stationx.net)
Proof of Concept Nmap
whois is a database record of all the registered domains over the internet. It is used for many purposes, a few of them are listed below. It is used by Network Administrators in order to identify and fix DNS or domain-related issues. It is used to check the availability of domain names. It is used to identify trademark infringement. It could even be used to track down the registrants of the Fraud domain . Whois lookup
- You can use the whois command with domain names or Internet Protocol (IP) addresses. A slightly different set of information is returned for each of these. - Whois geeksforgeeks.com Using whois with an IP address is just as simple as using it with a domain name. Just specify an IP address after whois . - Whois 199.59.243.226 Commands How to Use the whois Command on Linux (howtogeek.com)
Proof of Concept
Metasploit is classified as a penetration testing framework. It is used mainly by penetration testers to identify vulnerabilities, execute exploit code, and run payloads to compromise target systems. Metasploit has many benefits. It provides access to an extensive and continually growing database of exploits. The framework also includes a variety of payloads and a ranking system to gauge the effectiveness of exploits. And It's completely free and open source. In Metasploit, a module is a component that executes specific operations, such as scanning or exploiting a target. A module can be categorized into seven types: auxiliaries, encoders, evasions, exploits, nops , payloads, and post modules. Metasploit Metasploit Tutorial 2024: The Complete Beginners Guide (stationx.net)
Metasploit Modules Auxiliary Modules : Non-exploit modules, like scanners and fuzzers , serve additional functionalities. Encoders : Encodes the raw payload code to evade detection by antivirus or other defenses. Different encoding algorithms are used, like XOR, shuffle, prepend, etc. Evasions : Contains techniques to generate payloads that avoid detection. This helps payloads bypass antivirus and host-based security. Exploits : Takes advantage of software vulnerabilities like buffer overflows, SQL injection, etc. Allows execution of arbitrary code provided by the payload component. Nops : Used to pad buffer overflows for increased reliability. It contains inert instructions that perform no operations. Payloads : Get executed upon successful exploitation and perform tasks such as opening shells or escalating privileges. While many payloads initiate a Meterpreter session, others might run code that performs actions like adding user accounts. Post : Executed on compromised hosts after exploitation to gather data, maintain persistence, and pivot to other hosts. Metasploit Tutorial 2024: The Complete Beginners Guide (stationx.net)
Proof of Concept
Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible. You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available today . Wireshark
The following are some of the many features Wireshark provides: Available for UNIX and Windows . Capture live packet data from a network interface. Open files containing packet data captured with tcpdump/WinDump, Wireshark, and many other packet capture programs. Import packets from text files containing hex dumps of packet data. Display packets with very detailed protocol information . Save packet data captured. Export some or all packets in a number of capture file formats. Filter packets on many criteria. Search for packets on many criteria. Colorize packet display based on filters. Create various statistics . Features
Proof of Concept
Best Practices to Prevent Cyber attack and Information Leak - Some of the best ways to approach cyber attack defense include: 1) Educate staff about cyber security 2) Encrypt and backup data 3) Conduct regular audits 4) Be mindful of insider data breaches 5) Restrict admin rights 6) Install a firewall 7) Keep software, devices and operating systems up to date 8) Ensure a best practice password policy 9) Ensure endpoint protection
Questions ?
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 436
- Slides 21
- Age 469 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views