Best Practices of Information Gathering with Tools and Techniques:- Hacker's Role

-


Hacker is guy who continuously test the system operation to check any loophole and help to built a secure system. For doing that things my research/ knowledge always go towards "Information Gathering".
Information gathering means to getting an information/Details about the person/system/technology/Organization for testing their Secure Network. The first step to learn in Cybersecurity as per my research/knowledge is Information Gathering. You are not a script kiddies or pro Hacker or bug hunter but you can able to collect the information for specific target very well. This information helps  getting access of  their environment to cross check the security. It's not need to learn any kind of specific programming language, any specific technology to learn information gathering.
Types of Information Gathering:-
1) Passive Information Gathering:-
To collect a data of target with Indirect Connection which means to getting a data of Target using OSINT(Open Source Intelligence Technique) Or (Publicly Available Information).
2) Active Information Gathering:-
Process of Information Gathering of target with direct interaction. In Active Information Gathering we can connect directly target IT's infrastructure.

Types of Information we able to Gather:-
1) Network/Host based Information:- Network Ranges and IP blocks,DNS names, name server,Mail server, software language.
2) Employees Information:- Name, Phone no., Email I'd, Identity Information,Role, Intrest.
Their is lot of practice and experience in information gathering to connect a direct interaction with IT's infrastructure. So we focus on the Passive Information Gathering Techniques and Tools:-
Techniques:-
* Search engine based:-
  i) Google Dorks
  ii) Shodan
* Social Network Based:-
  Tracing an identity on various social   availability platforms.
* Whois lookup
* Website footprinting
-> HTTrack
-> archive.org
* Web Technology Footprinting
-> Whatweb
-> buitwith
* Cloud Recon
* Domain_ Subdomain recon
* Metadata
Tools Or Framework:-
* Recon-ng
* Maltego
* Sublist3r
* theHarvester
* OSRframework
* Netcraft
* Shodan
* Metagoofil
* FOCA
Using the Tool name you can view their tools official website or Live practical demo of tool uses and installation process.

Content Source And Credit:- HackeSploit (YouTube Channel)

Comments

Post a Comment

Popular posts from this blog

-
                                 Hotel open Wifi-SPYING "a user information"      *NOw a days the attacker targeted a hotel,malls,multiplex open wifi .Many people are visited at a particular hotel an they connect   with hotel;s open wifi.    *At the time the risk are generated for user.At that time the hacker mostly perform "Man-IN-The Middle" attack. in this attack,    the attacker connected in a same network ,trace your each and every activity on internet,spy your conversation(in packet format)     *The main thing is that"our privacy" are trending at the time..Everyone wants to maintain our privacy..But we give a golden chance     to attacker for leaking(spoilling) our privacy..But this overall scenario are not hearing at india..Because After coming a "Jio Data"...
Read more
-
Today We Started a Blog For LateST Cyber News. So, Let's Get Started it. * We all know the "WANNACRY" Ransomware Hack affects telecommunication Providers,many business worldwide,infecting hundreds of thousands of unpatched windows server running in Smb v1 in more than 150 countries in few hours.    For That Reason Microsoft Decide not to use 30 years old SMB (sever message  block)v1 protocol  in next upcoming windows 10(Redstone 3) Update. * The Hackers group (Shadow Brokers) announced to release more "zero-day exploits and hacking tools"which developed by US spy agency.It also announced the VIP service for visitors to learn the Queries and learning a tools and upcoming exploits in some Thousands of Dollars in bitcoins currency. * Now a day's we always use video conferencing,voice calling,messaging With "SKYPE". In the skype the critical vulnerability are discovered by expert. It allow the hackers to remotely execute malicious code in live ...
Read more