CIS 4350

SpiderFoot

A tool with a graphical user interface (GUI) that queries more than 100 OSINT sources to grab intelligence on email addresses names, IP addresses, domain names, web servers, and more.

Recon-ng

Automate footprinting with this powerful, advanced frameworkusing search engines, social media, and many other sources.

White Pages

Conduct reverse phone number lookups and retrieve addressinformation.

Maltego

Discover relevant files, email addresses, and other importantinformation with this powerful graphic user interface (GUI) tool.

FOCA

Extract metadata from documents on websites to revealthe document creator's network logon and email address, information on IP addresses of internal devices, and more.

Whois

Gather IP and domain information.

netcat (command available on all *nix systems; can be downloaded for Windows platforms from the N MAP website)

Read and write data to ports over a network.

wget (command available on all *nix systems; can be downloaded for Windows platforms from Wget for Windows HTML site)

Retrieve HTTP, HTTPS, and FTP files over the Internet.

To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? a. Whois b.Whatis c. Domain Dossier d. Nbtslat

c. Domain Dossier

Which of the following enables you to view all host computers on a network? a. SOA b. ipconfig c. Zone Transfers d. HTTP HEAD method

c. Zone transfer.

Which of the following enables you to view all host computers on a network? a.S O A b.ipconfig c.Zone transfers d.HTTP HEAD method

c. Zone transfers Zone transfers enable an individual to view all host computers on a network. It basically gives an organization's network diagram.

What command-line tool can be used to harvest DNS information? a.dns-get b.dug c.dig d.axfer

c. dig The dig command-line tool can be used to harvest information.

A cookie can store information about a website's visitors. TRue or False?

true

Spear phishing

• Combines social engineering with exploiting vulnerabilities • Attack is directed at specific people in an organization • Comes from someone the recipient knows • Mentions topics of mutual interest

Footprinting (may also be called reconnaissance)

• Finding information on a company's network • Passive and nonintrusive

Many attackers do "case the joint"

• Look over the location • Find weaknesses in security systems • Determine what types of locks and alarm systems are used

Tactics used by social engineers

• Persuasion • Intimidation • Coercion • Extortion/blackmailing

Shoulder surfer

• Reads what users enter on keyboards • Logon names • Passwords • PINs

Techniques to gain information from unsuspecting people

• Urgency • Quid pro quo • Status quo • Kindness • Position

With just a URL, you can determine the following that a company is using:

• Web server • OS • Names of IT personnel

OSINT Framework

A collection of OSINT tools presented in an interactive web-basedmind map that organizes the information visually. You canexpand nodes to find collections of tools suited for the task youwant to accomplish.

HTTPS operates on port

443

HTTP operates on port _______

80

dig (Command available on all *nix systems;can be downloaded for Windows platforms from the BIND 9 website. dig is contained inthe BIND download, so download BIND.)

Perform DNS zone transfers; replaces the nslookup command.

Google Groups

Search for email addresses in technical or nontechnicalnewsgroup postings.

WayBackMachine

Search through previous versions of the website to uncover historical information about a target.

Spyse

Spyse is a cybersecurity search engine. You can use it to search entire domains or individual systems for vulnerabilities, IPs, DNS records, domains, and more. Spyse claims to be "themost complete Internet assets registry for every cybersecurity professional."

Zed Attack Proxy

This is a useful website analysis tool that can crawl throughremote websites and even produce a list of vulnerabilities for aremote website.

Domain Dossier

This web tool is useful in gathering IP and domain information (including whois, DNS, and traceroute).

Google and Google HackingDatabase (GHDB), also called Google Dorks

Uncover files, systems, sites, and other information about a target using advanced operators and specially crafted queries. Some of these queries can be found at.

Netcraft Site Report

Uncover the underlying technologies that a website operates on.

TheHarvester

Used for finding email addresses, subdomains, IPs, URLs, employee names, and more. This is a command line only tool.

Which of the following contains host records for a domain? a. DNS b. WINS c. Linux server d. UNIX web clients

a. DNS

Which of the following is a fast and easy way to gather information about a company? a. Conduct port scanning b. Perform a zone transfer of the company's DNS server c. view the company's website. d. Look for company ads in public publications.

c. View the company's website

Which of the following is a good website for gathering information on a domian? a. www.google.com b. whois.domaintools.com at https://centralops.net/co/ c. www.arin.net d. All of the above

d. All of the above.

To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a.Cname record b.Host record c.PTR record d.S O A record

d. S O A record To determine a company's primary DNS server, you can look for a DNS server containing a Start of Authority (S O A) record.

_____ is one of the components most vulnerable to network attacks. a.TCP/IP b.WINS c.DHCP d.DNS

d.DNS DNS is the network component responsible for resolving hostnames to IP addresses and vice versa. It is a major area of potential vulnerability for network attacks.