Chapter 8. Reconnaissance

Previous page
Table of content
Next page
 <  Day Day Up  >  

Every attack ”from a sophisticated e-commerce server hack to simple script- kiddie mischief ”has one thing in common: before the buffer overflow is executed, before the malicious SQL is injected, or before the lethal blow is dealt, there is always a distinct reconnaissance phase . Reconnaissance (recon) might include something as simple as looking up a web server name before a denial-of-service attack or as complex as a full-scale enterprise audit. The attacker's goal is to determine targets, find the best avenues for attack, and map the defensive capabilities of the target organization. In this chapter, we discuss several ways to perform intelligence gathering for both casual " weekend hackers" and professionals such as penetration testers.

Recon can be performed online and offline. Online recon includes web searching, web site analysis, and IT resource mapping such as port scanning. Offline recon includes classic "humint" (human intelligence), paper document analysis (such as dumpster diving), and other methods .

 <  Day Day Up  >  

Previous page
Table of content
Next page
Security Warrior
Security Warrior
ISBN: 0596005458
EAN: 2147483647
Year: 2004
Pages: 211
Authors: Cyrus Peikari, Anton Chuvakin
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
.NET-A Complete Development Cycle
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy