Ready, Set, Hack!

Check out what happened

About this event

Introduction and demonstration of two basic facets of ethical hacking, Reconnaissance (Information Gathering for the Ethical Hacker) and Scanning & enumeration (Demonstration with Nmap and Wireshark)

Sub event 1 Goals: (with demonstrations)

  • Define active and passive footprinting
  • Identify methods and procedures in information gathering
  • Understand the use of social networking, search engines, and Google hacking in information gathering
  • Understand the use of whois, ARIN, and nslookup in information gathering
  • Describe the DNS record types

Vulnerability research, although not necessarily a footprinting effort per se, is an important part of your job as an ethical hacker. Research should include looking for the latest exploit news, any zero-day outbreaks in viruses and malware, and what recommendations are being made to deal with them. Some tools available to help in this regard are the National Vulnerability Database (https://nvd.nist.gov), Securitytracker (www.securitytracker.com), Hackerstorm Vulnerability Database Tool (www.hackerstorm.com), and SecurityFocus (www.securityfocus.com). Footprinting is defined as the process of gathering information on computer systems and networks. It is the first step in information gathering and provides a highlevel blueprint of the target system or network. Footprinting follows a logical flow—investigating web resources and competitive intelligence, mapping out network ranges, mining whois and DNS, and finishing up with social engineering, e-mail tracking, and Google hacking. Competitive intelligence refers to the information gathered by a business entity about its competitors’ customers, products, and marketing. Most of this information is readily available and is perfectly legal for you to pursue and acquire. Competitive intelligence tools include Google Alerts, Yahoo! Site Explorer, SEO for Firefox, SpyFu, Quarkbase, and DomainTools.com.

This session intends to expose the attendees into deeper aspects of tools they use on daily basis while feeding them the importance of information in today’s world, especially when dealing with aspects of cyber-security.

Sub even 2 Goals: (with demonstrations)

  • Describe scan types and the objectives of scanning
  • Understand the use of various scanning and enumeration tools
  • Describe TCP communication (three-way handshake and flag types)
  • Understand basic subnetting
  • Understand enumeration and enumeration techniques
  • Describe vulnerability scanning concepts and actions
  • Describe the steps involved in performing enumeration

Scanning is the process of discovering systems on the network and taking a look at what open ports and applications may be running. Scanning methodology phases include the following: check for live systems, check for open ports, scan beyond IDS, perform banner grabbing, scan for vulnerabilities, draw network diagrams, and prepare proxies.

This session mainly intends to prioritize on inculcating a professional approach to the process of scanning which serves as on of the first steps in most ethical hacking tasks.

Featured Presentation

Speaker