Why Footprinting?
Footprinting allows attacker to know about the complete security posture of an organization.
It reduces attackers area to specific range of ip address, networks,domain names,remote access,...
It allows attacker to build their own information database about target organization security weakness to take actions...
It allows attacker to draw a map or outline the target organization the target network infrastucture to know about the actual environment that they are going to break.
Footprinting Threats
Attacker gather valuable system and network information such as account details,operating system and installed applications,network components,server names.database schema details,etc,... from footprinting techniques..
Attackers use search engines to extract information about a target such as employee details.intranet portal,login pages,..which help in performing for social engineering and other type of advanced system hacks.
Collect Location Information
Using Google Earth tool to get the location of the place
People Search on Social Networking Services
Facebook,Twitter,Linkedin,Youtube,..
Website Footprinting
Information obtained from target website enables hacker to build map of website structure and architecture.
Mirroring Entire Website
- Mirroring an entire website on the local system enables to dissect and identify vulnerabilities
- Web mirroring tools allow you to download a website to a local directory
Tracking Email Communications
Attacker Tracks email to gather information about the physical location of an individual to perform social engineering that in turn may help in mapping target organization network
Email tracking is a method to monitor and spy on the delivered emails to the recipient.
Footprinting through social Engineering
- Social engineering is the art of convincing people to reveal confidential information
- Social engineers depend on the fact that people are unaware of their vluable information and are careless about protecting it.
Collect Information Using Eavesdropping,Shoulder Surfing, and Dupster Diving
1). Eavesdropping
- Eaves Dropping is unauthorized listening of conversations or reading of messages
- It is interception of any form of communication such as audio,video or data
2). Shoulder Surfing
- Shoulder surfing is the procedure where the attackers look over the user shoulder to gain critical information.
- Attackers gather information such as passwords,personal identification number,account numbers,credit card information,etc,..
3). Dumpster Diving
- Dumpster diving is looking for treasure in someone else's trash
- It involves collections of phone bills,contact information,etc,.
Post a Comment
Thank you for visiting Afridi's Technoworld