7 hours 6 minutes
Hey, everyone, welcome back to the course in this video. We're gonna go over a brief introduction to foot printing, so we'll talk about what foot printing actually is. And we'll also talk about some of the objectives of why we do foot printing.
So what is foot printing? Well, essentially, it's just gathering information. So think of it this way. Let's say that I'm hungry and I want to get some dinner at a restaurant
unless pretend it's a Chinese restaurant is what I'm looking for. So what I'll do is I'll go in my favorite search engine, maybe a Google or Bing or whatever you use
and will search for Chinese restaurants in our local area.
And then what I'll do once I find a list of those, I'm gonna start looking up those individual restaurants and I'm gonna look and see. Do they have good reviews? Was the food good? Was the customer service good?
Is it close to me because I don't want to drive all the way across town just to get some food? So I'm gonna find information about that restaurant, gonna find more information about that restaurant before I make a decision on going to that restaurant or another one
in a similar way. Foot printing is how we gather information on our target and then determine how do we actually get into that target? So footprint allows us to identify information about our target. Target could be a company that could also just be an individual. It really just depends on the penetration test that you're doing.
So what is for pretty allow us to do well allows us to get information about things like the security posture of the organization.
It also allows us to narrow the focus area. So instead of me trying to attack 1000 different Web servers, maybe I identify that your employees are a little weak on social media, and I'm able to manipulate them to give me some logging credentials or to give me some critical information about the organization that helps me get in. So instead of me
trying to go in 1000 different directions now I have a focus of Oh, this is the best way to get into that organization.
It also helps us identify vulnerabilities. So once identify maybe that you've got some default passwords in use, so maybe I run showed in, and I find that you've got a couple of routers that are vulnerable now. I know I confined these specific vulnerabilities for those routers and try those and try to gain access to your organization.
And then it also helps us, to some extent, draw a map of the network. Right? So we're able to see the devices and get more information about what kinds of servers Aaron use What kinds of host systems are in use,
and we could do a lot of this actually through social engineering.
So what's our goal with footprint? What are some of the objectives? Right? So we talked about things like knowing our security posture, the organization, reducing our focus area and just getting laser focused on what we should specifically be attacking. We talked about identifying vulnerabilities as well as helps us map out the information on the network.
Now let's talk about specific stuff that we can get
from foot printing. What's the objective of the adversary? So, with network information, right, we're collecting the network information and getting things like, uh, domain names network blocks. So I p address ranges were potentially getting some, like Internet website information we're getting information about services running
on the systems were learning about network protocols that they might be using. Uh, we might be learning about VPN points that they have. So just a variety of network information. We can also figure out Are they using things like voice over I P, which many organizations thes days are using? What kind of authentication mechanisms are they using on their network?
So just a bunch of different information about the network. We're also looking for a system specific information. So
we're looking for the names of users on the system or group information routing tables, S and M P information, the architecture of the system itself. So how are they laying it out? System name, information as well as credentials, Right. So things like password hashes and then general information about the organization.
This could be things on. There may be other website,
so it could be, uh, information like employee details or if they've got, like, a phone directory or email directory of employees. We can identify, for example, how their email addresses are structured. Is it john dot smith? Or is it j dot smith at sample dot com we could get information about location, we could get
address information, so maybe they've got multiple office locations. Now we know where those, uh,
satellite offices are.
We could get information off their website. We could near the website and get information in the HTML source code so we could look for comments. Maybe a developer hard coded a password in there or something. And they forgot about it. Maybe the hard coded, some other information in there or commented other information in there that could be beneficial to us as we're attacking this organization.
And we can also look at, see what kind of security policies might they have,
especially for public companies. We can look at their 10-K and see what information is in there. What's what kinds of risk are they seeing in the organization? And then we could figure out ways that we can actually exploit those.
So just a quick question here for you. Some of the network information and adversary can collect includes which of the following is it I p addresses? Is it protocol information or is it information about domain names?
Well, this is kind of a trick question here, right? the answer is all of them. If you recall collecting the network information, we can get information about domain names, protocols, the I p address information. We can also learn about any VPN endpoints we can do system enumeration. We can learn about, like the authentication mechanisms that they're using as well.
So in this video, we just talked about what footprint is again. It's just collecting that information to think of it in the way that you look at your entire life, right when you wanna purchase something on like Amazon,
you go and you look at it. You look at reviews. Usually you maybe look at some competing products and see well, which one's the best price. All that is is gathering information. Same thing with footprint. We're just gathering information. We're just doing it, though in a different way, because we're looking to get information about a specific target as opposed to just shopping online.
And then we also talked about some of the objectives of foot printing. So again, collecting that network information information about the system, as well as more general information about the organization