Reconnaissance



The term reconnaissance comes from the military and means to actively seek an enemy's intentions by collecting and gathering information about an enemy's composition and capabilities via direct observation, usually by scouts or military intelligence personnel trained in surveillance. In the world of ethical hacking, reconnaissance applies to the process of information gathering. Reconnaissance is a catchall term for watching the hacking target and gathering information about how, when, and where they do things. By identifying patterns of behavior, of people or systems, an enemy could find and exploit a loophole.

Understanding Competitive Intelligence

Competitive intelligence means information gathering about competitors' products, marketing, and technologies. Most competitive intelligence is nonintrusive to the company being investigated and is benign in nature—it's used for product comparison or as a sales and marketing tactic to better understand how competitors are positioning their products or services. Several tools exist for the purpose of competitive intelligence gathering and can be used by hackers to gather information about a potential target.
In Exercise 1 through 3, I will show you how to use the SpyFu and KeywordSpy online tools to gather information about a target website. SpyFu and KeywordSpy will give keywords for websites. This allows you to perform some information gathering regarding a website. I use these two tools because they are easy to use and completely passive, meaning a potential target could not detect the information gathering.
Exercise 1: Using SpyFu

To use the SpyFu online tool to gather competitive intelligence information:
  1. Go to the www.spyfu.com website and enter the website address of the target in the search field:
    Image from book
  2. Review the report and determine valuable keywords, links, or other information.

Exercise 2: Using KeywordSpy

To use the KeywordSpy online tool to gather competitive intelligence information:
  1. Go to the www.keywordspy.com website and enter the website address of the target in the search field:
    Image from book
  2. Review the report and determine valuable keywords, links, or other information.

Another useful tool to perform competitive intelligence and information gathering is the EDGAR database. This is a database of all the SEC filings for public companies. Information can be gathered by reviewing the SEC filings for contact names and addresses. In Exercise 3 I will show you how to use the EDGAR database for gathering information on potential targets.
Exercise 3: Using the EDGAR Database to Gather Information

  1. Determine the company's stock symbol using Google.
  2. Open a web browser to www.sec.gov.
  3. On the right side of the page, click the link EDGAR Filers.
    Image from book
  4. Click the Search For Filings menu and enter the company name or stock symbol to search the filings for information. You can learn, for example, where the company is registered and who reported the filing.
  5. Use the Yahoo! yellow pages (http://yp.yahoo.com) to see if an address or phone number is listed for any of the employee names you have located.
  6. Use Google Groups and job-posting websites to search on the names you have found. Are there any IT jobs posted or other information in the newsgroups that would indicate the type of network or systems the organization has?
    The website www.Netcraft.com is another good source for passive information gathering. The website will attempt to determine the operating system and web server version running on a web server. 

No comments:

Post a Comment

Popular Posts