dinsdag 25 maart 2008

BlackHat: hacking by numbers

So, two guys from sensepost are doing this training on hacking by numbers.

Interesting stuff, it basically boils down to: get as much as possible information on your target. Do this by utilizing public sources [think google [link:], netcraft, ARIN, msn.livesearch.com [ip:], kartoo.com and the likes] and reverse the pointers you find there. See what else is hosted on these IP addresses, see what other domains are registered and|or linked. Check for 'backlinks' that might indicate strong ties between companies.

And keep doing the:
:start
Single domain
Expand
Lots of domains
Reduce
Find what we really need
goto start

Both Nick & Jeremy keep saying: "Remember, domain names are IP addresses and IP addresses are points of attack"

Last but not least:
Find out private information of key individuals for social engineering.

Oh and for our hosts, this is for you :D


Peeps & posts [from] here:
Nathan McFeters
Petko D. Petkov
PortSwigger & Marcus
Mikko Hyykoski
Sandro

And some who are not:
Dimitri Sklyarov

Geen opmerkingen: