This Chapter introduces you to the two of the most important pre-attack phases: footprinting and scanning. Although these steps don't constitute breaking in, they occur at the point which a hacker will start to get interactive. The goal here is to discover what a hacker or other malicious user can uncover about the organization, its technical infrastructure, locations, employees, policies, security stance, and financial situation. Just as most hardened criminals don't just heist an armored car, elite hackers won't attack a network before they understand what they are up against. Even script kiddies can do some amount of pre-attack reconnaissance as they look for a target of opportunity.
This Chapter starts off by looking at some general ways that individuals can attempt to gain information about an organization passively and without the organization's knowledge. Next, it gets interactive and reviews scanning techniques. The goal of scanning is to discover open ports and applications.
Determining Assessment Scope |
Part I: Exam Preparation
The Business Aspects of Penetration Testing
The Technical Foundations of Hacking
Footprinting and Scanning
Enumeration and System Hacking
Linux and Automated Security Assessment Tools
Trojans and Backdoors
Sniffers, Session Hijacking, and Denial of Service
Web Server Hacking, Web Applications, and Database Attacks
Wireless Technologies, Security, and Attacks
IDS, Firewalls, and Honeypots
Buffer Overflows, Viruses, and Worms
Cryptographic Attacks and Defenses
Physical Security and Social Engineering
Part II: Final Review
Part III: Appendixes
Appendix A. Using the ExamGear Special Edition Software