PART 1: DISCOVERY
TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.
Before we touch the target network and give ourselves away, we are going to want to conduct a lot of footprinting. A ton of information can be discovered about an organization from basic internet searches and basic network requests. Sometimes, we can find sensitive information that is being leaked onto the Internet without an organization knowing it!
Then, when we do touch the network, we want to act like every other user, gently probing for data.
When we do start running port scans on the Internet facing systems, we'll know quite a bit about the company and know what to look at.
Click on the links below to learn some specific techniques in footprinting and discovery:
Discovering IP Ranges Owned by an Organization
Querying DNS -fierce, nslookup, zone file xfr
Netcraft
Google Searches
Who works there?
Social Media
Code Repositories
Message Boards
Searching for email addresses
Searching for telephone numbers
Port Scanning / Ping scan
Websites - WGET