01--Information Gathering

בס״ד

🔸 01 - Information Gathering

• What are the objectives of information gathering in cybersecurity?

• Any basic cybersecurity information gathering process often includes these two types of data collection goals:

• CAO - Collecting All in One:

• CNI - Collecting Network Information:
  • Such as public, private and associated domain names, network hosts, public and private IP blocks, routing tables, TCP and UDP running services, SSL certificates, open ports and more.

• CMI - Collecting Machine Information:
  • This includes user enumeration, system groups, OS hostnames, OS system type (probably by fingerprinting), system banners (as seen in the banner grabbing blog post), etc.

• CSI - Collecting Social Information:

---

Information gathering techniques and methods

• Ethical hackers use a big variety of techniques and tools to get this precious information about their targets, as well as locations and data collection software they’ll be using towards the information gathering goal.
• Let’s look at the top information gathering methods used to gather information about any target.

• How to gather information?

---

• 1 - Social Engineering: This includes in-person chat, phone conversations and email spoofing attacks.

  • What all these methods have in common is the psychology of human weakness, needed to get maximum data about the target.

---

• 2 - Search Engines: Web crawlers can be used to fetch information about anything, and this includes companies, persons, services, and even real hacks, as seen in our previous article about Google Hacking.

---

• 3 - Social Networks: Open Source Intelligence

  • OSINT ~ Facebook, Twitter, LinkedIn and other social networks are great sources of information to build a profile, especially when targeting individuals.

---

• 4 - Domain Names: These are registered by organizations, governments, public and private agencies, and people.

  • DNS ~ Domain Name Server

  • Therefore, they’re a great starting point when you want to investigate someone.
  • Personal information, associated domains, projects, services and technologies can be found by inspecting domain name information.

• All these techniques are really useful when combined with enterprise security tools.
• Keep reading to discover how to maximize your information gathering results by using some really cool infosec utilities.

---

• E4GL30S1NT:

  E4GL30S1NT - Simple Information Gathering Tool

• Sn1per

  Attack Surface Management Platform | Sn1perSecurity LLC
  Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional.
  For more information, go to https://sn1persecurity.com.

• Termux: SIGIT - Simple Information Gathering Toolkit

  

---

• Information Gathering: Concept, Techniques and Tools explained