Pass ECCouncil CEH 312-50 Exam in First Attempt Guaranteed!

All ECCouncil CEH 312-50 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the 312-50 CEH Certified Ethical Hacker (312-50v9) practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

FootPrinting - Reconnaissance and Information Gathering

3. Methods of Obtaining Information And Physical Access

Now, there are three different methods of obtaining information, which include physical access, social access, and digital access. And we're going to talk about each one of those in the following slides. Let's start with physical access. Now, we know that physical security must protect all collections of information, whether on a server, in a filing cabinet, or even in the trash bin. As well as potentially gaining access to the network, allowing a hacker into your office gives them the opportunity to collect information that could be subsequently used in social engineering attacks.

One of the perks of dumpster diving is finding lists of old accounts, email addresses, and employee details. These can be a goldmine for a hacker. Because he knows these people's names, he can create the impression and subsequent social engineering that a hacker is already involved with the target company. Physical security measures that prevent or deter attackers from accessing a facility's resources or information stored on physical media This includes physical security, which is one of the all-encompassing security steps. The thing that I want you to understand is that it is actually the key to protecting a company's network. The one thing you must understand is that if you don't have physical security, you have no security.

4. Social Access

In this series of lectures, we're going to be discussing social engineering access. And I tell you, this one is a pickle. This one is going to be very difficult to train your staff to find and circumvent. So the first step is that we need to obtain information about a target. We're going to try employees, consultants, vendors, customers, and even security experts. Or we're perhaps going to pose as one of these individuals.

The hacker is going to do He's going to use various types of tactics. Various types of tactics would be things like showing up in person, making himself appear to be an employee, or hiring a consultant. I tell you the one that always seems to work: if you just simply dress up in a nice business suit, have a clipboard in your hand, or, in today's terms, an iPad in your hand, and ask somebody to move out of their seat, They'll do it 95% of the time without even knowing who you are. I need to check something on your computer for just a second, and you're in.

As in, you could do this over the telephone or possibly even digital access.We're going to discuss some shoulder-surfing techniques and reverse social engineering as well. Now what happens with social engineering and different methods of obtaining it? Shoulder surfing refers to direct observation techniques that involve looking over someone's shoulder to get information. It's typically the practise of obtaining confidential information by manipulating legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or get them to do something against typical policies. You've probably heard of unethical people calling and claiming to be from Microsoft. Their computer has let them know that something is going on. Now, first off, Microsoft won't call you. Second off, the reason this works is that 90% of people are using a Microsoft operating system.

So it's probably going to work. They're going to tell you that they need to do certain things to your computer and then end up charging you. You'll give them their credit card, and it's just a complete and absolute ruse. The last thing I want to talk about is something called "reverse social engineering." I want you to take a look at the slide in the upper left-hand corner. You notice there are a couple of guys pulling a network cable out. Let's say, for example, that I go into an office and I'm considered to be the "guru" person in the office. God forbid.

You would never want to have to call the help desk because the staff there will laugh at you and make you feel vulnerable. As a result, you end up calling someone in your own local circles who you require. Well, this person may be a little nefarious. He barely unplugs your network cable. So the light goes out, and everyone basically waits around for him to be asked. The person comes over and asks, "Could you help me?" My computer won't log on. Oh, let's see what's going on. You sit down at their desk, and their username is there. It basically asks you, "What's your password?" 95% of the time, they just tell you their password. What should be happening is that someone types in their password for them. What's the proper response to a social engineer? First off, you have to basically make sure you know they are a social engineer.

That's the hardest part, because they're going to ask you questions that would appear similar to something that someone would ask you if they were an employee, a consultant, a vendor, a customer, or maybe a security expert that's coming in to help you. This is the biggest difficulty. and stop social engineering. The problem is that you may not even know that it's happened until it's over. Now, I've got a little bit of homework for you to do in this particular section. I created this graphic for a good friend of mine. His name is Jason Street. He's probably one of the best social engineers. I need you to go to YouTube and plug in this particular URL. This particular URL is going to bring up about a 45-minute video. And I want you to watch that. If you go ahead and watch the entire thing, you will be floored.

5. Digital Access

In this lecture, we're going to talk about digital access. Now, hackers obtain the information they use to try and attack you digitally from a lot of different places. Public sources, primarily DNS server search engines, targeted themselves, in other words, by going to the website.

To give you an idea of some public sources of information, let's look at domain name registration, more specifically, who is registering which domain names. If we have a certain section on the WHOIS information, you'll be able to determine how well you think you are doing. domain name services, search engines, and even the SEC, which stands for Security and Exchange Commission filings. More specifically, the targeted system in the Edgar database informs us of the systems and operations that are active, as well as other information. Let's dig a little bit deeper into some of these.

Let's first start with the registry queries. The Registry, also known as Registrar Queries or WHOIS, is a query and response protocol that's designed primarily for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. But it's also used for a wider range of information. The protocol stores and delivers database content in human-readable form. Now, the notion or the idea behind this is that if you have the capability of being able to register a domain name for your company, you are someone of note or someone of authority at that particular company. As a result, someone who is easily socially engineered.

Organizational queries would contain things like specific registrations to obtain instances of a target's name. Results show many different domains associated with the company, as it may use a large number of domains within its dedicated server or system. Lastly, a domain query A domain query is based on the results found in an organisational query. Using a domain query, you could find the company's address, the domain name administrator, and his or her telephone.

All of this would be part of the who is Information. But I'm going to show you an example and a demonstration here in just a couple of moments. The administrative contact could be very useful to the hacker because it gives the hacker a reason to do social engineering.

As I said before, this is someone of note at the organization. If you have the capability of creating the whois information for a domain and registering that, you are definitely somebody of note at that organization. To protect themselves, many administrators now post false phone numbers or extensions. So when somebody asks for this particular extension number, which is absolutely false, they know that they are getting it from Information.

6. Passive vs Active Reconnaissance

We're going to talk about passive versus active reconnaissance. Now, passive reconnaissance is the process of collecting information about some intended target without the target really knowing what's going on. Active reconnaissance, on the other hand, is the process of collecting that same information, which is more common because you're getting it directly from the target system; in other words, you're going to probe the target system to try and get this information. Now, passive reconnaissance relies on information that may be available online, but it has the advantage that the information can be searched for and compiled without alerting the particular target.

A good example of this may be Google. If I go into Google, as you'll see in a couple of lectures, I can pretty much find out whatever's on your website without ever visiting it by just effectively querying Google effectively. When was the last time Google called you and said, "There's somebody looking for stuff about your website on Google"? Yeah, it's a website. What do you think they're going to be doing? Google is never going to call you, so you're never going to be notified that somebody is searching for something.

Active reconnaissance, on the other hand, may provide more accurate and up-to-date information, but there is a risk that the target will realise what is going on and that they are being investigated, which could trip a trip wire. I used to say in my classes things that made you think, like how you could look for WHOIS information on a domain name query and get the host master's name, then call the company and ask for that specific individual.

They may say, "Well, John Smith hasn't worked here for five years." Or I guess you would need to say something like two years, because that's about as long as a domain can actually be registered. but you kind of get the idea. So those things that make you think, "John Smith," he's not even here. Other examples might be, "Why don't they put locks on seven elevens?" If they're open 24 hours, what colour does the smurf turn when you choke him? They're already blue. and you get the idea.

ECCouncil CEH 312-50 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass 312-50 CEH Certified Ethical Hacker (312-50v9) certification exam dumps & practice test questions and answers are to help students.