Information Gathering Techniques
There is a saying that goes "The more information you have about the target, the more is the chance of successful exploitation."Information gathering is the first phase of hacking. In this phase, we gather as much information as possible regarding the target’s online presence, which in turn reveal useful information about the target itself. The required information will depend on whether we are doing a network pentest or a web application pentest.
In general, all information gathering techniques can be classified into two main categories:
1. Active information gathering
2. Passive information gathering
Active Information Gathering In active information gathering, we would directly engage with the target, for example, gathering information about what ports are open on a particular target, what services they are running, and what operating system they are using.
Passive Information Gathering In passive information gathering, we do not directly engage with the target. Instead, we use search engines, social media, and other websites to gather information about the target. This method is recommended, since it does not generate any log of presence on the target system. A common example would be to use LinkedIn, Facebook, and other social networks to gather information about the employees and their interests. There are many sources of information; the most important ones are as follows:
Social media website
Search engines
Forums Press releases
People search Job sites
0 comments:
Post a Comment