1. INFORMATION GATHERING
IN A PENTEST
By : Syarif
@fl3xu5
Cybercrime Investigation Center Mabes Polri
Jakarta, 28 Januari 2012
2. Agenda
About Pentest ( Penetration Testing )
Pentest Phase
How Important do Information Gathering
Passive & Active Information Gathering
Google Hack
Netcraft
Whois
host
dig
3. About Pentest ( Penetration Testing )
A method to evaluate the security of computer system / network
Practice ( attacking ) an IT System like a ‘hacker’ do
Find a security holes ( systemic weaknesses )
By pass security mechanism
compromise an Organization’s IT System Security
Must have a permission from IT System owner
~ The Person is called a Pentester ~
5. How Important do Information Gath.
Information Gath. Chance of Successful attack~
6. Passive & Active Information Gathering
Passive Information Gathering Active Information Gathering
Google Hacking
Netcraft
Whois
Nslookup
Port Scanning
Service Scanning
Nmap
Metasploit
7. Google Hack
was introduced by Johnny Long
based on google basic usage information :http://
www.google.com/help/basics.html!
More : http://www.google.com/help/
operators.html