Reconnaissance with Nmap Scripting Engine
In this previous topic, we have seen how Nmap can be used to perform port scanning against a given target.Read more
Of course, this is just one of the capabilities of this great tool. In fact, another very useful feature is represented by Nmap Scripting Engine (NSE).
Attack Simulation: from No Access to Domain Admin
The main aim of this article is to show how much it is important to keep systems up to date with the latest Security patches; in particular, this post is about Security in corporate Windows environments.Read more
Port Scanning with Nmap
Port scanning is a technique used to identify if a port on the target host is open or closed; a port can be open if there is a service that uses that specific port to communicate with other systems. This is the reason why if a port is open it is possible to eventually identify what kind of service uses it by sending specially crafted packets to the target.Read more
This activity represents an important step in the active reconnaissance phase.
Network Discovery with Nmap and Netdiscover
Network discovery represents an important phase in the Information Gathering activity: it is the process of identifying live hosts on the network. This means that its purpose is not to find all possible informations about the targets (like open ports or vulnerabilities), but just to understand their logical location inside the network. Mapping targets is useful to model network infrastructure.Read more
Open Source Intelligence with Maltego
Maltego is a visual link analysis and data mining tool and it is the most famous software for performing Open Source Intelligence. It provides a library of plugins, called “transforms”, which are used to execute queries on open sources in order to gather information about a certain target and display them on a nice graph. In fact, differently from the command line tools seen until now, Maltego has a Graphical User Interface through which the user performs his research and analyzes results returned on the graph.Read more
Open Source Intelligence with theHarvester
Another interesting tool for gathering informations, which can be used in combination with Recon-ng, is theHarvester.Read more
Even if this tool is not as complex as Recon-ng, it helps to harvest a huge quantity of data in an automated way by using web search engines and social networks. By doing so, this information gathering suite allows to understand target footprints on the Internet, so it is useful to know what an attacker can see on the web about a certain company.
Macro Malware Analysis
Malware, in general, is any kind of malicious program which executes on a machine; it can be used for a large variety of purposes such as influence computer behavior, display ads, steal personal informations, take control of remote machines and so on.Read more
Open Source Web Reconnaissance with Recon-ng
During a penetration test, a big part of the success in the exploitation phase depends from how good the information gathering was performed. Since this activity, especially when dealing with a huge amount of informations, is time consuming, it is a good idea to rely on tools which make reconnaissance in automated way.
Recon-ng is an incredibly powerful tool for Open Source Intelligence Gathering (OSINT); actually, it is a reconnaissance framework written in Python built with a Metasploit like usage model (we will see what Metasploit is further on, for now it is enough to know that it is the most famous penetration testing framework).Read more
Information Gathering with Shodan
Today a large number of devices are connected to Internet, from smartphones or watches to air-conditioning devices or even refrigerators: this is what has been called “Internet of Things” (IoT), i.e. the network composed by physical devices collecting and exchanging data between themselves.Read more
Information Gathering with Google Search Engine
Generally, when we want to search for a particular argument, we open up our favourite browser, navigate to a Web Search Engine and type in some words related to that matter. Depending from how good we set up the research, we obtain more or less pertinent results.
Basically, everytime we launch a search we make a query to the web search engine: there are some particular expressions known to the engine, called Advanced Search Operators, which make a search more effective. Queries built like these are also called “Google dorks”.Read more
Main Steps of an Attack
Following a portion of the phases presented in the Penetration Testing Execution Standards (PTES), which represents a technical guideline for performing a penetration test, i.e. a simulation of a real attack against a certain target, we will focus on the theory and practice behind the following main steps:
- Information gathering or reconnaissance;
- Vulnerability analysis;
Since these steps mimic how the attacker thinks and acts, performing this process via previous authorization is also called “Ethical Hacking”.Read more
The title of this blog is pretty self-explanatory: “Spread Security”, in other words, share knowledge to increase awareness.
The reason why I started this project is because Information Security is a very interesting argument which is getting more and more critical as time goes by due to the growing presence of devices on the Internet.
In this scenario it is important to understand what type of attacks are in the wild and how to secure our devices, i.e. our data, from malicious users trying to steal personal informations such as credentials and documents.Read more