Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Passive Information Gathering

-


Passive Information gathering refers to the process of collecting information about a target network and its environment by passive methods.  The entire “information gathering” is considered as a ״methodological” procedure, because those critical information gathered, is categorized based on a previous discovery. The Idea of information gathering is have an entire blueprint of the network infrastructure of the target organization. The blueprints will be probably unique for each and every branch. Passive information gathering is completely harmless to the target organization since we do not directly engage with the target organization. Technically speaking, we have four intention while performing information gathering
1. Collect all available information, passively and actively about the target and its network
2. Identify the operating system, platforms, web server versions, etc.
3. Perform techniques such as Whois llokup, DNS fingerprinting, other network and organizational queries
4. Find vulnerabilities and exploits for launching attacks
In this blog we’ll explore about the using passive method for information gathering.


FINANCE


To know the financial posture of a target we can either use google finance or yahoo finance, this will show whether the company is making money or losing shares.
https://www.google.com/finance
https://in.finance.yahoo.com/

ALERTS

Alerts are generally used for receiving updates via mail or sms for any update on a particular subject. This service is generally used for competitive information gathering. As a pentester we can use it to monitor how the updates of clients id flooded through internet.
https://policies.yahoo.com/us/en/yahoo/privacy/products/alerts/
https://www.google.co.in/alerts

ARCHIVE

The archive.org stores all most all version of every website in internet. If you want to know how the previous version of the website looked like, or else if you want to know the frequency of target updating their website. Then archive is one of best for help
https://archive.org/

EMAIL

Generate a discussion with the support or front desk via email. The email header will definitely have sender’s and receiver’s address, which can be used track geo-location; it will also have IP address of the mail server, authentication method used etc. I’m pasting one of my favorite email tracker. If you want to track a email you’ve sent, like its path, destination, when did the recipient open the document etc . can be done via service known as point of mail
http://whatismyipaddress.com/trace-email#

WHOIS LOOKUP

In simple word, WHOIS database is something that has information of all users that owns a registered domain. Simply speaking if you want to know owner of website, then that information can be retrieved from these databases. The WHOIS table provide the personal information of the site owners, like email , physical address, phone number, IP address of the server, ports open, when was the site registered, when will it expire etc.
https://centralops.net/co/DomainDossier.aspx?dom_whois=1
http://viewdns.info/

DNS FOOTPRINTING

The DNS footprinting allows the pentester know more details about the target organization. The pentester extract the DNS information from DNS server. This information may have ip address, domain names, computer names, mail servers etc.  I’m adding commonly see domain records
Address Mapping records (A)
IP Version 6 Address records (AAAA)
Canonical Name records (CNAME)
Host Information records (HINFO)
Integrated Services Digital Network records (ISDN)
Mail exchanger record (MX)
Name Server records (NS)
Reverse-lookup Pointer records (PTR)
Start of Authority records (SOA)
Text records (TXT)
http://www.dnsstuff.com/

GOOGLE DORKS


 The very first method is to use search engines. If robots.txt of a site has allowed the search engines crawlers, the the crawlers/spiders will take all the information, which may have sensitive URL, credentials etc. To use information from spiders, we craft special search queries to list out such information.
inurl:certifiedhacker.com
Simply paste the above query in google and, this query will return all the urls that have certified hacker in it. Such queries are called google dorks and this method is generally known as Google hacking. You’ll see lots of useful queries in google hacking database of exploit db.
https://www.exploit-db.com/google-hacking-database/

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more