Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Hey, everyone, welcome back to the core. So in the last video, we wrapped up our lab on taking a look at Philip Nomads Social Media profile. Right, So we'd look through all of his post. We looked through all these photos and the hole in 10 with all of that was to gather more information about the target and potentially use different social engineering attacks on poor Philip or his friends and family.
In this video, we're gonna do a very, very quick lab. It's just gonna be d'oh do a quick who is query on. And then in the next macho, we're gonna jump into scanning and enumeration.
So let's go ahead and get started. So I've gotta step by step lab guide for this. But again, I mentioned it's gonna be a very, very simple lab.
So you just need a Web browser for this lab and then in the search box of whatever web brother you choose to use his type in who is
and the ah and don't put the bracket in there. You don't need to do all that. But the site you're looking for at least the one that I use there's many who is tools out there? I use I can cite just for the most part, I don't believe that they're downloading malware on me at least, um so this one's pretty easy to use.
So the company we're gonna pick on here is gonna actually just be Microsoft's who were just going to use Microsoft
search here. So the www dot Microsoft dot com,
uh, here in step number six
and then we're just gonna look it up. It's gonna prompt us to make sure we're not a robot on. And then we're just going to go through the confirmation there. And then, basically, we've got two questions. Number one. What kind of information do we get back, if any on and then number two. Just think through how you think a criminal hacker could actually use the information they're getting.
All right, So once we've typed in the website in this case again, it's gonna be www dot Microsoft dot com. I'll have to do select the look up, but in there
it's gonna take a second or so. Sometimes it takes a little bit thio to pull it up for you, so just be patient with that.
And in most cases you can check the boxes say yes, I'm a human. But in some cases it'll actually prompt you and make you accuse, you know, the typical thing, like juice and traffic lights, or choose the the photos that only have buses in them or whatever the case might be.
So you'll see here that almost instantaneously after we verify where human, it gives us some information back now again, much of this isn't gonna be helpful to us because of the size of Microsoft, right? So, like domains of Microsoft dot com,
you know of where we could be relatively certain that there's a good measure of security surrounding that. But you never know the phone number. There is probably either a form of illegal or just kind of a generalized phone phone line. Same thing with the facts there. And then, of course, the mailing addresses just the corporate headquarters mailing address. So
and for our purposes, not extremely valuable information there.
Now we do see the register information mark monitor is is one that a lot of larger companies use. So there again, just because we're using such a large company, not really relevant or valuable information for us.
Ah, and so we've got some names, silver information, but again, not necessarily valuable information for us either.
So the whole purpose of a who is query, you know, it's just to see if there's any helpful information regarding the name servers or regarding, you know, the contact information of the order. The domain registrars, what is called for the organization.
In this case, it wasn't helpful, However,
in some cases, depending on the size of the organization, it may be a very beneficial avenue to go.
So definitely make sure you do that. This is a very simple thing. You see, it took just a matter of seconds to do. Ah, who is query? As some of this video just did that quick, who is query again? The step by step lab guide is available for download for you, but I I anticipated I built it, since some entry level people are gonna be taking this. But I also, uh,
I understand the senior level people probably won't even use a step by step guide. But
for the all the step by step guys, as I've mentioned there in the downloadable the Resource is section of the course. Make sure you download all that stuff. It's a lot of good information for you.
And in the next module we're gonna cover, it's as a mention scanning enumeration. We're gonna take a big focus on end map in that module. We're not gonna well, kind of hit things at a high level. Everything else. But we're definitely gonna jump in and map quite a bit. Ah, and I see quite a bit weird. Sort of deep, deep dive or anything,
but I definitely want you to walk away with some foundational understanding of end map
on some of the different commands that we use with it.