Reconnaissance


Reconnaisance
Information threat

Introduction


Technology evolves into inventive shapes as hackers get more cunning and try to defeat defenses and launch more attacks. This blog will provide information on the definition of reconnaissance, cyberattacks that use reconnaissance, methods to prevent cyber threats using reconnaissance, and preventive measures to stop and mitigate cyber threats.

What is Reconnaissance?
Reconnaissance is a term for watching the hacking target and gathering information about how, when, and where they do things. 
Finding as much information about the target as possible before launching the first attack packed with identifying patterns of behavior, of people or systems, an enemy could find and exploit a loophole

Reconnaissance techniques
The two main reconnaissance techniques are
A. Low-tech methods
B. Internet footprinting

Internet footprinting refers to the technical methods of reconnaissance.
 Strategies include:
A. General Web
B. Network enumeration
C. DNS-based reconnaissance
D. Network-based reconnaissance
E. Low technology reconnaissance

Examples of low-tech reconnaissance techniques are:
A. Social Engineering
B. Physical Break-In
C. Dumpster Diving
D. Social engineering


It is the process of deceiving users of a system and convincing them to perform acts useful to the hacker, such as giving out information that can be used to defeat or bypass security mechanisms. 
Social engineering as an information-gathering tool is highly effective at exploiting the most vulnerable asset in an organization: 
Human interaction and the willingness to give out information make people an excellent source of information.
Good social-engineering techniques can speed up the hacking process and in most cases will yield information much more easily

 

Types of social engineering attacks
Social engineering can be broken into two common types:
 A. Human-Based 
B. Computer-Based
Human-based social engineering refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password. Computer-Based social engineering refers to having computer software that attempts to retrieve the desired information. 

This type of social engineering attack, often referred to as phishing, involves sending an email to a user that requests they verify their password by entering it on a web page.

Cyber security

Human-based social engineering 
Human-based techniques can be broadly categorized as follows:
A. Impersonating an Employee or Valid User
B. Posing as an important user
C. Using a third person
D. Call technical support

Shoulder Surfing: It is a technique of gathering passwords by watching over a person’s shoulder while they log in to the system. A hacker can watch a valid user login and then use that password to gain access to the system.

 Dumpster Diving: It involves looking in the trash for information written on pieces of paper or computer printouts.

Computer-Based Social Engineering
Computer-based social-engineering attacks can include the following: 
A. Email attachments 
B. Fake websites 
C. Pop-up windows

  

Reverse social engineering
Using this technique, a hacker creates a persona that appears to be in a position of authority so that employees ask the hacker for information, rather than the other way around. 
Hacker projects herself as an authority vested with the power to solve peoples’ problems.

Reverse attacks are much more difficult to complete successfully.

Social-Engineering Countermeasures
A. Document and enforce security policies and security awareness programs 
B. The corporate security policy should address how and when accounts are set up and terminated, how often passwords are changed, who can access what information, and how policy violations are to be handled.
C. Verifying the identity of employees before giving information.
D. Employee education: All employees should be trained on how to keep confidential data safe.
E. Implementing Call-Back Procedures Many social engineering attacks can be prevented if company employees verify a caller's identity by calling him back at his proper telephone number, as listed in the company telephone directory. 


 Physical break-in/intrusion
Methods
A. Walking past unlocked doors to data centers
B. Piggyback behind legitimate employee

Defense mechanisms
A. security badges
B. track computers leaving premises
C. physically lock down servers
D. Use locks on cabinets containing sensitive information
E. Use automatic password-protected screen savers
F. Encrypt stored files

Cyber security


Dumpster Diving Retrieving sensitive information from the trash.

Hackers also search for outdated hardware and use special tools to restore and read data from the device.
Attackers use dumpster diving to find discarded paper, CDs, and hard drives containing sensitive data

Defense mechanism

A. Use  paper and media shredders
B. Develop a written recycling and trash-handling policy

Internet footprinting

Internet footprinting refers to the technical methods of reconnaissance.
 Four main methods of internet footprinting are shown below:

Cyber security



Reconnaissance via General web searches

Searching an organization’s own website: intruders can obtain employees' personal details and phone numbers and learn about the organization’s culture. Using search engines: intruders can use search engines to find more information about organizations.

Listen in on online forums and groups: employees of an organization may post some technical questions to newsgroups and online forums. 
If these forms are openly accessible to everyone, intruders can easily obtain information to counter such attacks, organizations need to have a clear policy regarding the posting of sensitive information on online platforms and forums.

Network enumeration

Network enumeration is the process of identifying domain names and associated networks. The end result of performing enumeration is that the hacker has the information they need to attack your system. One way of performing network enumeration is through the “whois” database

Whois database

A whois database is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, or an IP address block.
Whois searches are typically done from a command line program (Linux/Unix) or a web browser through publicly available websites that offer the service.
A Whois search can be performed by providing a domain name or an IP address:
#whois examplebusiness.com

                          or

#whois <ip address>

An online Whois search can yield the following kinds of data:

Registrar: The business that handled the domain name registration.
A. Whois server - The URL
B. Nameservers - for the domain name in question
C. Expiration date
D. Registrant name - Who registered the domain
E. Email address  - Registrant address
F. IP address
G. Technical ContactTelephone Number
H. Fax NumberPractical tasksVisit the website belowhttps://www.namecheap.com/domains/whois/Type in any domain name of your choice What kind of information do you see?

Dns-based reconnaissance

A. DNS is a global database that houses a wide range of data, including IP addresses, domain names, and mail server details.

B. A hacker can query a Domain Name Service  (DNS) for information.

C. To gain insight into an organization through DNS-based reconnaissance, the intruder must initially uncover one or more DNS servers associated with the targeted organization.

D. After locating the DNS servers, the intruder attempts to perform a zone transfer DNS zone transfer
A primary DNS server has the "master copy" of a zone, and secondary DNS servers keep copies of the zone for redundancy.
When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone.
This is done through zone transfers.Dns-based reconnaissance

Defense mechanism


1. domain names should not indicate the machine’s operating system type
2. Make sure the organization is not leaking too much info through the DNS servers
Read more!!!!!!

Websites that provide DNS lookup tools
1. www.dnsstuff.com
2. www.network-tools.com
3. www.networksolutions.com

Network-based reconnaissance

Network reconnaissance is a term for testing for potential vulnerabilities in a computer network. 

This may be a legitimate activity by the network owner/operator, seeking to protect it or to enforce its acceptable use policy. It also may be a precursor to external attacks on the network.
Traceroute may help the would-be hacker discover the network topology of a target network as well as access control devices.

Read here: Cyber Threat

Port scanning

Port scanning is defined as “The act of systematically scanning a computer's ports.
Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer

Ping

Part of the Internet Control Message Protocol (ICMP)
Helps to verify whether a host is active
The command is available for all platformsReconnaissance gui client tools for MS Windows1. Sam Spade2. iNetTools3. Cyberkit

 

 



Comments