Search

Introduction to Footprinting and Reconnaissance in Ethical Hacking

Footprinting is one of the most convenient ways for hackers to collect information about targets such as computer systems, devices, and networks. Using this method, hackers can unravel information on open ports of the target system, services running, and remote access probabilities.Since it is the initial phase of hacking it is really important to develop an accurate understanding of the entire process. The systematic footprinting of a target enables the attacker to get a blueprint of the target's security posture.In this article, we will get to know how malicious hackers perform footprinting on the organization or target's system, what all they can do, and how it will be harmful to businesses and individuals. On the other hand, white hat hackers who are well versed in footprinting will be able to improve the security of the organizations they work for. With systematic methodology, businesses can identify their vulnerabilities so they can patch and make changes in policy accordingly.Types of footprinting:Who is footprintingNetwork footprintingDNS footprintingCompetitive intelligenceEmail footprintingWebsite footprintingSocial EngineeringGoogle HackingHow to perform footprinting?Footprinting is the first step, during which the hacker gathers as much information as possible to find ways to enter a target system. For successful footprinting, the attacker needs to first check the visibility of the target and see how to gather related information on the internet through open sources. Through careful analysis, the attacker can determine the scope of potential entry points. The following information can be collected:Company namesDomain namesBusiness subsidiaries  IP AddressesBusiness emails  Network phone numbers  Key employeesand so on.In hacking terms, we can call it the "Front Door" of the castle on target.  The first step of footprinting is to determine what to attack to obtain the "footprint" of the target network which includes, but is not limited to the following:HostnamesNetwork address rangesExposed hosts  Exposed applications  OS and its versionsApplication and its versionsand many more.Apart from this, the attackers have to decide the scope of the target with regards to the entire organization or certain subsidiaries or locations. Based on the scope, they start to dig deep into the information like company web-pages, related organizations, employee details, contacts, e-mail addresses, currents events, locations, news, policies, disgruntled employees, mergers, acquisitions, or events to garner some clues, opportunities, and contacts for attackers.Methods of footprinting1. Port ScanningPort scanners are used to determine live hosts on the internet and find out which Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are listening on each system, as well as which operating system is installed on the host. To identify the relationship of each host and potential security mechanisms between the attacker and targets, they use traceroutes.Tools:NSLookup - to perform DNS queries and zone transfersTracert - to create network maps of the target.Once port scanning and trace routing are done, attackers will create a network map that represents the target's internet footprinting.2. Google HackingDespite what you may infer from the name, this method does not involve hacking Google! This is a means by which you can collect information from the Google search engine in a smart way.Search engines have many features using which you can get uncommon, but very specific search results from the internet. Using these techniques, hackers and attackers perform a search using advanced operators, examples of which are given below.These types of operators can uncover much sensitive information that can potentially harm the target and should therefore not be revealed.Let's take an example. Go to google.com and paste this- allinurl:tsweb/default.htmYou will get more than 200 websites that have tsweb/default folder. Using this, the hacker gets a chance to get into the organization's servers. This is just one example. There is plenty of such information about targets available online, which hackers can take advantage of.3. Ping SweepIf the attacker wants to know which are the machines on your network that are currently live, they can perform a ping sweep. Ping uses ICMP packets to send echo requests to the target system,  and waits for an echo reply. If the device is not reachable, it will show a "request time out"; but if the device is online and not restricted from responding, it will send an echo reply back. Here are some tools used to perform ping sweeps through a range of devices that determine the active devices on the target network.NmapAngry IP scannerSuper Scan  Pinger etc.4.  Who is lookupThis method can be used to collect basic database queries like domain name, IP Address block, location, and much more information about the organization.Example of FootprintingLet's see an example of footprinting using the Linux tool p0f.p0f is a passive TCP/IP stack fingerprinting tool to identify the system running on machines that send network traffic to the box it is running on, or to a machine that shares a medium with the machine on which it is running. p0f can also assist in analyzing other aspects of the remote system. Basically, it is a  tool used to perform a forensic investigation of a system that has been compromised or is under attack. Using this tool, you can analyze the structure of TCP/IP packets to determine OS and other configurations of the target host. Let's check how to do this.step 1 - Open Linux Terminal and type p0fStep 2 - Explore your target host using any browserOnce the connection is established with the target host, the client will start to interact with the server.You can see that my client IP 10.0.2.15 has established a connection with the target web server 72.163.4.185 using port 80.How to prevent Footprinting?Your every move, each activity, or data available on the internet is a potential footprint that can open layers of information for attackers.Now let's discuss preventive steps to avoid threats and reduce the security risk of the organization and individual.1. Delete or De-activate old accountsOnce your account is assigned online, it can be shared anywhere with your full name, email address, pictures, location, and other information. Official email accounts provided to the employees are also available online. Once the employee has left the organization, the email account must be deleted to avoid fraudulent transactions using the same.  2. Unsubscribe from unwanted mailsAll of us keep subscribing to newsletters, events registrations, offers and to many other mail lists. While some of these lists may be useful, most of them result in unnecessary clutter in our mailbox. Unsubscribe to all unnecessary emails so that you can reduce your digital footprinting on the internet.  3. Use stealth modeThere are many browsers which help you to surf with privacy. This is how you can search online with ease and avoid websites from tracking your interests, location, etc. Using browsers like TOR, Duck Duck Go with some advance settings in your regular browser can restrict the sharing of your information online.4. Use a VPNThere are many VPNs, or Virtual Private Networks, available that you can use for privacy.  A VPN provides you with an extra layer of security to protect your privacy over the internet. This will prevent others from tracking your web activity and being able to collect data by watching your surfing patterns.5. SEOPrevent search engines from crawling through your cached webpages and user anonymous registration details, and minimize unwanted footprints.6. Configure Web serversConfigure your web servers to avoid information leakage and block all unwanted protocols to prevent any unethical external scans. Use TCP/IP and IPSec Protocols.  Always maintain a separation between the internal and external DNS.7.  Do it yourselfPerform footprinting techniques as we have discussed above and do a check to see whether any sensitive or unwanted information of yours is available on the internet. Use the OSINT framework to delve deeper, and remove posted/ shared data that reveals any kind of sensitive information which can be a potential threat. Share tips and tricks to avoid fraud calls and social engineering.What is ReconnaissanceSimilar to footprinting, Reconnaissance is a very important stage in the initial hacking process. In this stage, attackers gather information, much like a detective does! This process involves gathering information about the target flaws, vulnerabilities that can be used in penetration testing, and the beginning of any data breaches.Any information gathered about the target may be a crucial piece of the jigsaw, needed to reveal the critical vulnerabilities of the target.What critical information can be revealed in the reconnaissance phase?1) Network InformationIP addressessubnet masknetwork topologydomain names2) Host Informationuser- namesgroup namesarchitecture typeoperating system family and versionTCP and UDP services running with versions3) Security Policiespassword complexity requirementspassword change frequencyexpired/disabled account retentionphysical security (e.g. access badges, door locks, etc.)firewallsintrusion detection systems4) Personnel detailsdesignationstelephone numbersocial hangoutscomputer skillsThere are two types of reconnaissance.1. Passive reconnaissanceThis is when the attacker gathers information about the target through openly available sources. There are multiple sources available free on the internet which may provide a blueprint of the organization or individual.2. Active reconnaissanceHere, the attacker directly interacts with the target's computer system to gain information using scanning, eavesdropping, and packet capturing techniques. The advantage of active reconnaissance is that the collected information is quite accurate and relevant; however, there is a risk of getting detected.Netcat, Nmap are the best tools for this.What is Enumeration?Once an attacker creates an active connection with the target, they are able to perform directed queries to gain more information. For example,UsernameshostnamesIP addressPasswords (or strength)configurationThe information gathered about the target can be used to identify vulnerabilities in the target system. Once an attacker gains this information, they can steal private data and sometimes, even worse, change the configuration.Types of EnumerationThere are multiple types of enumeration. Let’s take a look at one example.DNS EnumerationDNS enumeration is the technique employed to find all the DNS servers and their corresponding records for an organization. A list of DNS records provides an overview of database records.DNS zone transfer will allow replication of DNS data or DNS files. The user will perform a DNS zone transfer query from the name server. If the name server allows transfer by any other unauthorized user than all DNS names and IP addresses hosted by the name server will return in ASCII Test.Some of the tools that can be for this include nslookup, maltego, dnenum,  dnsrecon, etc.Here is an example that uses nslookup.NSlookup queries DNS servers for machine names and addresses.For example, if we want to find the IP address of Google's web server by entering nslookup, we will enter the below command.nslookup www.google.comand then the output will be like this.C:\>nslookup www.google.com Server:  dnsr1.sbcglobal.net Address:  68.94.156.1 Non-authoritative answer: Name:    www.1.google.com Addresses:  64.233.187.99, 64.233.187.104 Aliases:  www.google.comThe first two lines of output tell us which DNS servers are being queried. In this case, it’s dnsr1.sbcglobal.net in Texas. The non-authoritative answer lists two IP addresses for the Google web servers.Responses from non-authoritative servers do not contain copies of any domains. They have a cache file that is constructed from all the DNS lookups it has performed in the past, for which it has received an authoritative response.In the interactive mode, the user will be given a prompt of >; at which point, the user can enter a variety of options, including attempts to perform a zone transfer.The hackers can enumerate other information like network resources and sharing, routing tables, machine names, applications and banners, users, and groups, etc.There are other types of enumeration.Windows enumerationLinux enumerationLDAP enumerationNetBios enumeration  SNMP enumerationNTP enumeration etc.Steps to prevent enumeration.Use centralized network administration contact details in the NIC (Network Information Center) database to prevent social engineering against IT departments.Configure Name servers to disable DNS zone transfer for untrusted hosts.Configure web servers to prevent indexing of directories without index files and avoid keeping sensitive files and documents on publicly accessible hosts like FTP, HTTP, etc.Configure SMTP servers to ignore emails from unknown recipients.Disable SMBUse NTLM or basic authentication to limit access for authorized users only.Implement the group policy security option named "access restrictions for anonymous connections."ConclusionIn this article, you have learned about the initial steps involved in hacking, during the pre-attack phase, including information gathering, scanning, and mapping the network.The more information the hacker is able to gather, the higher are their chances of a successful attack. If you increase your security right from the initial phase, it will reduce the possibilities for an attacker to get into your system. By controlling your digital footprint, you can increase your security posture and keep your data safe from hackers.

Introduction to Footprinting and Reconnaissance in Ethical Hacking

2K
Introduction to Footprinting and Reconnaissance in Ethical Hacking

Footprinting is one of the most convenient ways for hackers to collect information about targets such as computer systems, devices, and networks. Using this method, hackers can unravel information on open ports of the target system, services running, and remote access probabilities.

Since it is the initial phase of hacking it is really important to develop an accurate understanding of the entire process. The systematic footprinting of a target enables the attacker to get a blueprint of the target's security posture.

In this article, we will get to know how malicious hackers perform footprinting on the organization or target's system, what all they can do, and how it will be harmful to businesses and individuals. On the other hand, white hat hackers who are well versed in footprinting will be able to improve the security of the organizations they work for. With systematic methodology, businesses can identify their vulnerabilities so they can patch and make changes in policy accordingly.

Types of footprinting:

  • Who is footprinting
  • Network footprinting
  • DNS footprinting
  • Competitive intelligence
  • Email footprinting
  • Website footprinting
  • Social Engineering
  • Google Hacking

How to perform footprinting?

Footprinting is the first step, during which the hacker gathers as much information as possible to find ways to enter a target system. For successful footprinting, the attacker needs to first check the visibility of the target and see how to gather related information on the internet through open sources. Through careful analysis, the attacker can determine the scope of potential entry points. The following information can be collected:

  • Company names
  • Domain names
  • Business subsidiaries  
  • IP Addresses
  • Business emails  
  • Network phone numbers  
  • Key employees

and so on.

In hacking terms, we can call it the "Front Door" of the castle on target.  

The first step of footprinting is to determine what to attack to obtain the "footprint" of the target network which includes, but is not limited to the following:

  • Hostnames
  • Network address ranges
  • Exposed hosts  
  • Exposed applications  
  • OS and its versions
  • Application and its versions

and many more.

Apart from this, the attackers have to decide the scope of the target with regards to the entire organization or certain subsidiaries or locations. Based on the scope, they start to dig deep into the information like company web-pages, related organizations, employee details, contacts, e-mail addresses, currents events, locations, news, policies, disgruntled employees, mergers, acquisitions, or events to garner some clues, opportunities, and contacts for attackers.

Methods of footprinting

1. Port Scanning

Port scanners are used to determine live hosts on the internet and find out which Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are listening on each system, as well as which operating system is installed on the host. To identify the relationship of each host and potential security mechanisms between the attacker and targets, they use traceroutes.

Tools:

  • NSLookup - to perform DNS queries and zone transfers
  • Tracert - to create network maps of the target.

Once port scanning and trace routing are done, attackers will create a network map that represents the target's internet footprinting.

2. Google Hacking

Despite what you may infer from the name, this method does not involve hacking Google! This is a means by which you can collect information from the Google search engine in a smart way.

Search engines have many features using which you can get uncommon, but very specific search results from the internet. Using these techniques, hackers and attackers perform a search using advanced operators, examples of which are given below.

Introduction to Footprinting and Reconnaissance in Ethical Hacking

These types of operators can uncover much sensitive information that can potentially harm the target and should therefore not be revealed.

Let's take an example. 

Go to google.com and paste this- allinurl:tsweb/default.htm

You will get more than 200 websites that have tsweb/default folder. Using this, the hacker gets a chance to get into the organization's servers. This is just one example. There is plenty of such information about targets available online, which hackers can take advantage of.

3. Ping Sweep

If the attacker wants to know which are the machines on your network that are currently live, they can perform a ping sweep. Ping uses ICMP packets to send echo requests to the target system,  and waits for an echo reply. If the device is not reachable, it will show a "request time out"; but if the device is online and not restricted from responding, it will send an echo reply back. Here are some tools used to perform ping sweeps through a range of devices that determine the active devices on the target network.

  • Nmap
  • Angry IP scanner
  • Super Scan  
  • Pinger etc.

4.  Who is lookup

This method can be used to collect basic database queries like domain name, IP Address block, location, and much more information about the organization.

Introduction to Footprinting and Reconnaissance in Ethical Hacking

Example of Footprinting

Let's see an example of footprinting using the Linux tool p0f.

p0f is a passive TCP/IP stack fingerprinting tool to identify the system running on machines that send network traffic to the box it is running on, or to a machine that shares a medium with the machine on which it is running. p0f can also assist in analyzing other aspects of the remote system. Basically, it is a  tool used to perform a forensic investigation of a system that has been compromised or is under attack. Using this tool, you can analyze the structure of TCP/IP packets to determine OS and other configurations of the target host. Let's check how to do this.

  • step 1 - Open Linux Terminal and type p0f
  • Step 2 - Explore your target host using any browser

Once the connection is established with the target host, the client will start to interact with the server.

Introduction to Footprinting and Reconnaissance in Ethical Hacking

You can see that my client IP 10.0.2.15 has established a connection with the target web server 72.163.4.185 using port 80.

How to prevent Footprinting?

Your every move, each activity, or data available on the internet is a potential footprint that can open layers of information for attackers.

Now let's discuss preventive steps to avoid threats and reduce the security risk of the organization and individual.

1. Delete or De-activate old accounts

Once your account is assigned online, it can be shared anywhere with your full name, email address, pictures, location, and other information. Official email accounts provided to the employees are also available online. Once the employee has left the organization, the email account must be deleted to avoid fraudulent transactions using the same.  

2. Unsubscribe from unwanted mails

All of us keep subscribing to newsletters, events registrations, offers and to many other mail lists. While some of these lists may be useful, most of them result in unnecessary clutter in our mailbox. Unsubscribe to all unnecessary emails so that you can reduce your digital footprinting on the internet.  

3. Use stealth mode

There are many browsers which help you to surf with privacy. This is how you can search online with ease and avoid websites from tracking your interests, location, etc. Using browsers like TOR, Duck Duck Go with some advance settings in your regular browser can restrict the sharing of your information online.

4. Use a VPN

There are many VPNs, or Virtual Private Networks, available that you can use for privacy.  A VPN provides you with an extra layer of security to protect your privacy over the internet. This will prevent others from tracking your web activity and being able to collect data by watching your surfing patterns.

5. SEO

Prevent search engines from crawling through your cached webpages and user anonymous registration details, and minimize unwanted footprints.

6. Configure Web servers

Configure your web servers to avoid information leakage and block all unwanted protocols to prevent any unethical external scans. Use TCP/IP and IPSec Protocols.  Always maintain a separation between the internal and external DNS.

7.  Do it yourself

Perform footprinting techniques as we have discussed above and do a check to see whether any sensitive or unwanted information of yours is available on the internet. Use the OSINT framework to delve deeper, and remove posted/ shared data that reveals any kind of sensitive information which can be a potential threat. Share tips and tricks to avoid fraud calls and social engineering.

What is Reconnaissance

Similar to footprinting, Reconnaissance is a very important stage in the initial hacking process. In this stage, attackers gather information, much like a detective does! This process involves gathering information about the target flaws, vulnerabilities that can be used in penetration testing, and the beginning of any data breaches.

Any information gathered about the target may be a crucial piece of the jigsaw, needed to reveal the critical vulnerabilities of the target.

What critical information can be revealed in the reconnaissance phase?

1) Network Information

  • IP addresses
  • subnet mask
  • network topology
  • domain names

2) Host Information

  • user- names
  • group names
  • architecture type
  • operating system family and version
  • TCP and UDP services running with versions

3) Security Policies

  • password complexity requirements
  • password change frequency
  • expired/disabled account retention
  • physical security (e.g. access badges, door locks, etc.)
  • firewalls
  • intrusion detection systems

4) Personnel details

  • designations
  • telephone number
  • social hangouts
  • computer skills

There are two types of reconnaissance.

1. Passive reconnaissance

This is when the attacker gathers information about the target through openly available sources. There are multiple sources available free on the internet which may provide a blueprint of the organization or individual.

2. Active reconnaissance

Here, the attacker directly interacts with the target's computer system to gain information using scanning, eavesdropping, and packet capturing techniques. The advantage of active reconnaissance is that the collected information is quite accurate and relevant; however, there is a risk of getting detected.

Netcat, Nmap are the best tools for this.

What is Enumeration?

Once an attacker creates an active connection with the target, they are able to perform directed queries to gain more information. For example,

  • Usernames
  • hostnames
  • IP address
  • Passwords (or strength)
  • configuration

The information gathered about the target can be used to identify vulnerabilities in the target system. Once an attacker gains this information, they can steal private data and sometimes, even worse, change the configuration.

Types of Enumeration

There are multiple types of enumeration. Let’s take a look at one example.

DNS Enumeration

DNS enumeration is the technique employed to find all the DNS servers and their corresponding records for an organization. A list of DNS records provides an overview of database records.

DNS zone transfer will allow replication of DNS data or DNS files. The user will perform a DNS zone transfer query from the name server. If the name server allows transfer by any other unauthorized user than all DNS names and IP addresses hosted by the name server will return in ASCII Test.

Some of the tools that can be for this include nslookup, maltego, dnenum,  dnsrecon, etc.

Here is an example that uses nslookup.

NSlookup queries DNS servers for machine names and addresses.

For example, if we want to find the IP address of Google's web server by entering nslookup, we will enter the below command.

nslookup www.google.com

and then the output will be like this.

C:\>nslookup www.google.com
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1
Non-authoritative answer:
Name:    www.1.google.com
Addresses:  64.233.187.99, 64.233.187.104
Aliases:  www.google.com

The first two lines of output tell us which DNS servers are being queried. In this case, it’s dnsr1.sbcglobal.net in Texas. The non-authoritative answer lists two IP addresses for the Google web servers.

Responses from non-authoritative servers do not contain copies of any domains. They have a cache file that is constructed from all the DNS lookups it has performed in the past, for which it has received an authoritative response.

In the interactive mode, the user will be given a prompt of >; at which point, the user can enter a variety of options, including attempts to perform a zone transfer.

The hackers can enumerate other information like network resources and sharing, routing tables, machine names, applications and banners, users, and groups, etc.

There are other types of enumeration.

  • Windows enumeration
  • Linux enumeration
  • LDAP enumeration
  • NetBios enumeration  
  • SNMP enumeration
  • NTP enumeration etc.

Steps to prevent enumeration.

  1. Use centralized network administration contact details in the NIC (Network Information Center) database to prevent social engineering against IT departments.
  2. Configure Name servers to disable DNS zone transfer for untrusted hosts.
    Configure web servers to prevent indexing of directories without index files and avoid keeping sensitive files and documents on publicly accessible hosts like FTP, HTTP, etc.
  3. Configure SMTP servers to ignore emails from unknown recipients.
  4. Disable SMB
  5. Use NTLM or basic authentication to limit access for authorized users only.
    Implement the group policy security option named "access restrictions for anonymous connections."

Conclusion

In this article, you have learned about the initial steps involved in hacking, during the pre-attack phase, including information gathering, scanning, and mapping the network.

The more information the hacker is able to gather, the higher are their chances of a successful attack. If you increase your security right from the initial phase, it will reduce the possibilities for an attacker to get into your system. By controlling your digital footprint, you can increase your security posture and keep your data safe from hackers.

KnowledgeHut

KnowledgeHut

Author

KnowledgeHut is an outcome-focused global ed-tech company. We help organizations and professionals unlock excellence through skills development. We offer training solutions under the people and process, data science, full-stack development, cybersecurity, future technologies and digital transformation verticals.
Website : https://www.knowledgehut.com

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

How To Clear CEH in First Attempt?

Cybercrime and hacking attacks are doubling year on year. Not just corporate giants and government entities, but even small scale companies and start-ups are afraid of being victims of cyber theft. Organizations may face major losses not just in their profits but also loss of reputation, data, and customers. Therefore, almost all organizations want to keep their data and privacy of their customers safe from cyber criminals. These organizations spend a fortune on implementing robust technology architecture and on hiring professionals who can identify loopholes in the cyber security systems and patch them up before hackers can get through. These professionals, known as ethical hackers or white hat hackers, can help organizations protect their assets (people, process, and technology) from cybercriminals.Why CEH? The exponential rise in data, and our dependence on virtual systems has also consequently raised attacks from cyber criminals and data breaches. This has made the role of the ethical hacker among the most important job roles in these times. There is a huge demand for cybersecurity experts in almost all types of businesses. To hire security experts, organizations have some basic or minimum benchmarks set. These security experts are expected to have a good understanding of security concepts, and knowledge of the latest tools, processes, and frameworks so that they can be one step ahead of cyber criminals and prevent data breach.  This is where certifications such as the CEH - Certified Ethical Hacker by EC-Council comes into play. The CEH is the most comprehensive program for ethical hackers as it covers the latest hacking trends and familiarises professionals with the technologies that will help prevent data breaches. This international accreditation is recognised world over, so no matter where you are, your skills and knowledge will be considered valid by all organizations, anywhere in the world. To defeat the hacker, you need to think like a hacker. This program is all about developing the hacker mindset but in an ethical way. Once you are ready to jump into this, passing the CEH exam is your 1st milestone in your career. In this article, we will learn how to become a certified ethical hacker in the very first attempt, for which hard work and dedication are highly recommended.  Preparation Steps We will discuss here the 5 steps to prepare for CEH certification.  1. Plan the training Once you decide to achieve the certification, you need a concrete plan for training as well as practice. Choose the best source for training. We highly recommend choosing offline classroom training if you are a student or novice in cybersecurity. Usually, you can complete training in 3-4 months or less.  The reason we recommend an offline course is that meeting other like-minded learners and professionals will help you  develop the ethical hacker mindset. You can get in touch with proper mentors, people with similar mind-sets and take advantage of group study which can reveal many unknown issues, incidents, and examples. Of course, this will cost you more but you can’t learn to swim without getting wet.2. Get your hands dirty – Practice! The plus point of the latest version of CEH v11 is that it is more focused,  practical based and scenario-based with the latest content that equips students with hands-on skills. Remember, security is all about practice and implementation rather than a bunch of documents and do’s and don’ts checklist. In the course of gaining the credential you will learn about methods and tools that you can use to protect the organization such as security implementations, testing, and monitoring. Just bookish knowledge won’t help there. We recommend that spending at least 2 hours daily practice apart from training will improve your skills dramatically.3. Study Guides  While we did mention above not to be bookish, books are a treasure trove of knowledge and even for clearing the CEH you must do a thorough read of the recommended books.  You can religiously follow study guides and clear your concept on every topic in a very descriptive manner. This will answer all your “What and Why” in terms of cybersecurity and ethical hacking. Of course, this is world-class content and therefore you will get exact definitions, descriptions, and diagrams for almost all topics. We recommend studying at least 1 hour daily to get clear on all topics during the training.  4. Study groups - Community Study groups will polish your knowledge and skills for CEH topics. There are many study groups you can join where you can resolve your queries, clear your doubts, take help to learn something, and help others too. This will help you to stay in the company of like-minded people and you will get to learn fast.  However, it is recommended not to share any personal/sensitive information. Beware of any unknown person who asks for sensitive information like your IP address, location, personal information, or anything apart from CEH courseware.   We recommend making a study group with the people you know who are also attempting the exam. You can take the help of your trainer or mentor to manage this group. Be active and participate in group activities like quizzes or group discussions. 5. Self-assessment Keep learning is the key element of CEH training. Brush up your knowledge for the exam perspective as that is your main goal to become certified. For this, you need to learn how to give the exam and what type of questions are asked. For a second, let’s imagine the scenario of a war. If a new trainee soldier having knowledge of arms and wearing his 15 kgs protective suit jumped into the warzone, do you think he can fight better and save the lives of others without having any practice? Probably not, because he is unaware of war scenarios, combat methods, and ways of attack and defense in real war zones where the situation is uncertain. The same concept applies to CEH exams. You may face a lot of weird-looking or twisted or tricky questions with confusing multiple answers. Therefore, once you are done with your CEH training and you have knowledge of all topics, you need to test it like a mock drill of the war zone.There are many sources available where you can practice the exam questions. This platform will help you to understand the methods to ace the exam questions, and complete them within the required timeframe. Here we are sharing some links to practice for your exams. ( Note: We do not promote any website or any platform here. These links are shared to help students find good options for studying.) CEH ASSESSMENT- EC-CouncilEC-Council® CEH™ Exam PrepCEH practice examApart from this, you can follow blogs, industry experts, and relevant videos for more understanding and guidance.Required soft skills Every job roles needs certain skills apart from the core skills needed to perform on the job. These include soft skills that will help you grow as an individual and as a professional.Be Curious – Be hungry for knowledge and for learning new things and gaining new skills.  Be Enthusiastic - Be enthusiastic and motivated throughout your journey as a hacker and you will be rewarded.  Eliminate the distractions - Avoid time-wasting or non-productive activities during the training like spending time on online games or social media. About the exam After getting trained and completing your practice, it is time for the exam. The CEH exam is a 4 hour exam with 125 multiple choice questions. Check the below link for the exam blueprint to get an idea of the percentage ratio of each module during the CEH exam. Examination centres can be chosen based on your location. Keep your exam code with you. The exam organizers have a process to determine the difficulty rating of each question. For more information, you can check out the EC-Council website and get in touch with your training center.Conclusion So, start your journey on becoming a certified cyber security professional with the CEH course and credential. As with anything else, practice makes perfect and you will become better as an ethical hacker with practice. Work hard and you will definitely achieve your CEH certification at the very first attempt. 
9623
How To Clear CEH in First Attempt?

Cybercrime and hacking attacks are doubling year o... Read More

What Is SQL Injection (SQLi)

In today’s world cyber-attacks are triggered to alter or steal the information of a person or an organization in a huge volume of data. It is very much important to protect the data/database from security related attacks.SQL injection is one of the top trending cyber attack techniques recognized by the world’s top non-profit security foundation OWASP (Open Web Application Security Project). SQL injection attacks are made by inserting or injecting the SQL query input from the client end of the application. In this article, we will learn about the SQL injection, types of attacks using SQL injection and preventive steps.  What is SQL Injection? SQL injection attack is used to insert malicious SQL statements into an entry field for execution. This injection technique is the most common web application hacking attack that allows an attacker to get unauthorised access, commit identity spoofing, tamper, take control or destroy your database. This is an attack that is very simple and easy to carry out even for script kiddies.  As we can see in the above picture, this is the second most common vulnerability that can impact databases. SQL injection flaws occur because of poorly designed web applications that can exploit SQL statements that execute malicious code.  How SQL injection is used is very much dependent on the intention of the hacker. With unauthorized access to a database server, what can attackers do? Here are some examples: Download unauthorized data of a person or an organization Delete/modify data Permanently destroy data/backups Add a virus to a system Alter security Encrypt/steal/alter data and hold it for ransom Publicly shame an organization via a web or social media hack Use data to harm business operations How does SQL injection work? To understand SQL injection, you need to know what SQL is.   SQL – SQL stands for Structured Query Language. This language is mainly developed for interacting with the relational database. For data manipulation, Query is used to insert data, modify the database, or just to access the required data.Image SourceSQL Injection is one of the most vulnerable threats which may exploit the entire database of any private organization or government sector where code is injected in a web page.  An SQL statement will be altered in a manner which goes with ALWAYS TRUE as constraint. (In simple words 1=1  This will be always true) It allows an attacker to view unauthorized data. This might include data belonging to other users, or any other data that the application itself is able to access. An attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.SQL injection TypesThere are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:Tautologies – Used to Bypass AuthenticationSelect * from USERTable where uid=‘xyz’ and pwd =’x’ or ‘5’=’5’;Union – Used to Extract Data. A different dataset is returned from the Database.  Illegal/Logically Incorrect Queries - Used to Identify injectable parameters.  Piggybacked Queries - Multiple queries are executed without the knowledge of the user which may lead to Database exploitation. Injected queries are added to the normal executable query. Inference - Different responses from the database are cross checked by changing its behavior.  Stored procedure - Injection is done to the stored procedure present in the Database.Common Causes and how to avoid SQL Injection Attack-If we are assuming our application’s code/web forms are well protected against any kind of attack by default, application changes and assumptions that were true in the past or present may not be true in the future and may require additional changes. These assumptions eventually lead to compliance and security auditing failures. Using unsupported or legacy software/code/tools or features may lead to security holes and there could be chances of delay in catching or fixing such issues. Running patched and upgraded versions of code is critical to avoid security exploits. Continuously monitoring for new security vulnerabilities and reacting as needed is an important step towards avoiding unnecessary surprises. Reviewing old code is very important, and timely changes in the code are highly recommended as technologies keeps changing. The versions, functions, and extensions require regular upgrades. Older versions or codes are quite vulnerable and might be unable to maintain the integrity of your application. How to detect SQL injection vulnerabilitiesAs a pentester, you can use two techniques to find SQL injection vulnerabilities with high efficiency - manual and automated testing.Manual Testing During application development there are set of tests performed on each level, that help to detect any SQL injection vulnerability, if it exists. Check with the single ' character ‘ and look for errors or other anomalies. The tester can add some SQL specific syntax into code that can evaluate the original value of the entry point and other values, and check for different responses by the application. Another method is to create a Boolean condition, for example “OR 1=1” and “OR 1=2”, and check again to see if the application response is different.  There are some payloads available that are designed to trigger time delays if executed in SQL query, and you can check if there is any delay in response. Automated TestingThere are many good tools and frameworks available in the market. Here is the list of some of the best tools for SQL injection detection. SQLMap Appsider by Rapid7 Accunetix Wapiti Netsparker etc.How to prevent SQL injection vulnerability? To prevent or avoid SQL injection vulnerability, we must first understand why it occurs, and why it is listed as one of the vulnerabilities in the OWASP top 10.  The SQL injection is so easy to perform, that even a script kiddie can make an attempt.  Another reason is the treasure of critical data that lures the attacker to use SQL injection.  Below is the vulnerable code for SQL injection where the user input is concatenated directly into the query: String query = “;SELECT * FROM products WHERE category = ‘";+ input + "’" Statement statement = connection.createStatement(); ResultSet resultSet = statement.executeQuery(query); Check out the code below that helps to prevents the user input from interfering with the query structure: PreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?");  statement.setString(1, input);  ResultSet resultSet = statement.executeQuery(); Primary recommendations: Use Parameterised queries  Least Privilege Use stored procedures if required White listing the input fields Avoid displaying detailed error messages that are useful to an attacker. It is also important to get patch updates regularly, as every day there are many new vulnerabilities that are found.  It is also recommended to use a Web Application Firewall to protect your application, which can help you to filter and find malicious data.  Where Do We Go Next? It is very important to identify and mitigate this notorious vulnerability and take immediate actions to keep your systems secure. Many skilled attackers are waiting to take advantage of your mistakes, like poor code, so that they can hack into the database. We know this vulnerability is very old but we have to be aware of the outcomes of this type of vulnerability and try to prevent this during the development phase, rather than covering up the liability later.  
7376
What Is SQL Injection (SQLi)

In today’s world cyber-attacks are triggered to ... Read More

The Importance Of PCI ; Data Security Standard (DSS)

As the world moves towards digital means of payments and transactions, there has also been concerns over the security and protection of cardholder information. According to the PCI Security Standards Council, more than 500 million card holder records with confidential information have been breached since 2005. Merchants, who accept digital forms of payments, are at the centre of digital payments, and can become a victim of financial fraud at multiple points, including: • The point-of-sale device or machine • Wireless hotspots • Connected computer or any other device • Transmission of the cardholder data to the service provider. Risk factors According to a business survey conducted by Forrester Consulting, a majority of businesses conduct activities increase the risk of card fraud, including storage of card number, expiration date, any verification code, and customer date. Introduction to Data Security Standard (DSS) The Payment Card Industry’s Data Security Standard (PCI-DSS) is a security standard mandatory for organizations that handle payments using cards, issued from major card types including MasterCard, Visa, and American Express. This PCI standard is mandatory for all card brands and is administered by the PCI Security Standards Council. The sole aim of the PCI standards is to protect cardholder data and to reduce card frauds. Objectives The objective of PCI-DSS course is the protection of cardholder data during storage, processing, and transmission. Cardholder account information includes the unique primary account number (PAN) printed in the front of every card. Merchants or any service provider, who process card payments, must never store sensitive information about the transaction after the authorization. This includes confidential data that is stored in the magnetic stripe of the card, along with any personal identification information entered by the cardholder. Requirements The PCI Data Security Standards specifies a list of 12 mandatory requirements, which are grouped under 6 control objectives, as listed below: 1) Build and maintenance of a high-security network, which includes: * Installation of a secure firewall to protect cardholder data. This restricts (or blocks) all traffic from untrusted networks, and prohibit direct public access between the Internet and the cardholder data environment. * Changing of the vendor-provided default password and other security measures. This is important as most card fraudsters are able to break into the cardholder’s internal network using the default passwords. 2) Protection of cardholder information, which includes: * Encryption of cardholder information that is transmitted over public networks. Encryption technology renders the transmitted data unreadable by any unauthorized person. Use of cryptography and security protocols such as SSL/TLS or IPSec can be used to safeguard customer data. * Protection of the stored cardholder data. Sensitive data on the magnetic chip of the card must not be stored. In case the PAN needs to be stored, it must be stored in an unreadable format. Limit the duration of storage of cardholder data. 3) Maintenance of a vulnerability management program, which includes: * Use and regular updates of anti-virus software programs on all systems. Harmful viruses can enter the user network through email and other online activities. Anti-virus software is an effective tool to protect computer systems from external attacks. * Development and maintenance of secure systems and applications. Security vulnerabilities in the system and applications can enable cyber criminals to access PAN and other secure data. Ensure that all the systems and application are updated with the latest security patch from the vendor. 4) Secure access control measures, which includes: * Restricting business access to cardholder information. Limit access to confidential cardholder data to only those users whose work requires this information. Additionally, restrict the access to the least amount of data required for business purpose. * Assigning of a unique ID to every person with computer access. This is important to be able to trace if the access to critical data has been executed by only authorized persons. 5). Restricting of the physical access to cardholder data. Physical access to cardholder data must be restricted to all onsite personnel, visitors, and all paper and electronic media. 6) Regular monitoring and testing of networks, which includes: * Tracking and monitoring of all access points to network resources and cardholder data. Use of logging mechanisms and tracking of user activities are included. * Regular testing of security procedures and processes. Periodic testing of security controls is important, along with internal and external network scans. 7) Maintaining of an information security policy, which includes: * Maintenance of a company policy that addresses information security. This includes establishing a security policy that addresses all the PCI-DSS requirements, along with an annual process to detect any vulnerability. These set of requirements is mandatory for companies that manufacture devices that accept and process PIN-based transactions or any other type of digital payments. Financial institutions, merchants, and service providers must ensure that they only use devices, approved for PTS (PIN transaction security).
The Importance Of PCI ; Data Security Standard (DS...

As the world moves towards digital means of paymen... Read More