More Related Content
Similar to Offensive Security basics part 2 (20)
![INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/internshipreview-ishaq1recovered-230109133242-4ce6a92f-thumbnail.jpg?width=560&fit=bounds)
Offensive Security basics part 2
- 1. Cover the Basics: Part 2 February 4, 2018
- 2. Audience ● Beginners in OffSec ● Students
- 3. Objective Objective of this session is to give a starting point to people like me who want to explore the world of Offensive Security. This session is not for people who just want to learn hacking (aka Black Hat hacking)
- 4. Topics ● Phase 1 | Reconnaissance ● Phase 2 | Scanning ● Phase 3 | Gaining Access ● Phase 4 | Maintaining Access ● Phase 5 | Covering Tracks / Reporting
- 5. Phase 1 | Reconnaissance
- 6. Supposedly - Abraham Lincoln If I had four hours to chop down a tree, I’d spend the first two hours sharpening the axe
- 7. Reconnaissance ● Active Reconnaissance In this process, you directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities. ● Passive Reconnaissance In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.
- 8. Footprinting Tools and tricks to get the information about the computer, IP and mac address, related user and system. ● Passive Footprinting Reviewing a company’s website is an example of passive footprinting. ● Active Footprinting Whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
- 9. Footprinting
- 11. Domain Name Information (whois.domaintools.com)
- 12. Quick Fix - Domain Name Information It's always recommended to keep your domain name profile a private one which should hide the above-mentioned information from potential hackers.
- 15. Quick Fix - IP Information If a computer system or network is linked with the Internet directly, then you cannot hide the IP address and the related information such as the hosting company, its location, ISP, etc. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server. This way, it will be difficult for any potential hacker to reach your server directly. Another effective way of hiding your system IP and ultimately all the associated information is to go through a Virtual Private Network (VPN). If you configure a VPN, then the whole traffic routes through the VPN network, so your true IP address assigned by your ISP is always hidden.
- 16. History of the Website
- 17. Quick Fix - History of the Website Though there are some advantages of keeping your website in an archive database, but if you do not like anybody to see how your website progressed through different stages, then you can request archive.org to delete the history of your website.
- 18. Fingerprinting The term OS fingerprinting in Ethical Hacking refers to any method used to determine what operating system is running on a remote computer. ● Passive Footprinting Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host. ● Active Footprinting Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS.
- 19. nmap Host Scan (nmap -O -v)
- 20. Quick Fix - nmap host scan You can hide your main system behind a secure proxy server or a VPN so that your complete identity is safe and ultimately your main system remains safe.
- 21. nmap Port Scan (nmap -sT -p 80)
- 22. Quick Fix - nmap port scan It is always recommended to check and close all the unwanted ports to safeguard the system from malicious attacks.
- 23. Ping Sweep A ping sweep is a network scanning technique that you can use to determine which IP address from a range of IP addresses map to live hosts. Ping Sweep is also known as ICMP sweep. You can use fping command for ping sweep. This command is a ping- like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
- 24. Quick Fix - ping sweep To disable ping sweeps on a network, you can block ICMP ECHO requests from outside sources. This can be done using the following command which will create a firewall rule in iptable. iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
- 25. Prerequisites to be an effective hacker
- 26. The Fundamental Skills ● Basic Computer Skills ● Networking Skills ● Linux Skills ● Wireshark / Tcpdump (sniffing) ● Virtualization / Cloud ● Security Concepts & Technologies ● Wireless Technologies
- 27. The Intermediate Skills ● Scripting ● Database Skills ● Web Applications ● Forensics ● Advanced TCP/IP ● Cryptography ● Reverse Engineering ● IoT The Intangible Skills ● Think Creatively ● Problem-Solving Skills ● Persistence
- 28. © Harpreet Singh Wadhwa Harpreet Singh Wadhwa https://www.meetup.com/offsecblr https://twitter.com/wharpreet Mailto: [email protected]