1 / 12

Footprinting & Intelligence Gathering Paterva & Beyond

Footprinting & Intelligence Gathering Paterva & Beyond. Wardell Motley, C | EH, NSA IAMIEM BSides – Dallas Ft. Worth – 2010 infowarrior0@gmail.com. Agenda. Definitions So what this isn't 0 day!! Why should this matter to me... As a Business?

lashondag
Download Presentation

Footprinting & Intelligence Gathering Paterva & Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Footprinting & Intelligence GatheringPaterva & Beyond Wardell Motley, C|EH, NSA IAM\IEM BSides – Dallas Ft. Worth – 2010 infowarrior0@gmail.com

  2. Agenda • Definitions • So what this isn't 0 day!! • Why should this matter to me... As a Business? As a Penetration Tester? As the individual? • The tools Maltego Maltego Mesh

  3. Definitions Footprinting In computer security, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. http://www.networkdictionary.com/security/f.php Intelligence Gathering In government and military operations, evaluated information concerning the strength, activities, and probable courses of action of international actors that are usually, though not always, enemies or opponents. http://www.answers.com/topic/intelligence-information-gathering

  4. So what this isn't 0 Day!!

  5. Why should this matter to me… What good is 0 Day if you don’t know anything about your target?

  6. As a Business? • Competitors • Compliance ≠ Security • Information leakage I have all my boxes checked but the receptionist just gave the delivery guy the secret key code to get into the front after hours

  7. As a Business? • User Training (This Means a Continuous Process) Does the receptionist really need to give out that much information? • Map out your information flow Who has access to what and why? • Avoid privilege creep If someone changes functions in a company take away the old permissions. *Remember Defense in Depth can be circumvented by Tom Foolery and lack of common sense…

  8. As a Pen Tester? • Proper Intelligence gathering & footprinting is key to protecting & understanding your clients! • The more time spent gaining Intel the less Nessus plugin’s you will need to run!

  9. As a Pen Tester? What else can I look for beyond the usual? • Where does the information flow? Over & Under the firewall P2P & Torrent sites, Online Storage Sites Google Docs anybody? Old Exchange User Archives

  10. As the Individual? That ex girlfriend is back!!

  11. The Tools • Maltego 3 by Paterva (paterva.com) • Zoominfo.com • Many Many others!!!

  12. Questions?

More Related