Information gathering refers to collecting information about a target company that will help in penetration testing and security auditing of the company.
The objective of this lab is to help students learn different techniques to gather information about a company; you will learn how to:
Extract a company’s information
List employees of the company
Use search engines to collect the information
Search for link popularity of the company’s website
Gather competitive intelligence
List the company’s partners and distributors
Visit the company as an inquirer and extract privileged information
Look up registered information in WhoIs Database
Extract DNS information using domain research tools
Locate the network range
Track email communications
Penetration testing is much more than just running exploits against vulnerable systems. In fact, a penetration test begins before penetration testers have even made contact with the victim's systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to the target system, or at the very least make the target un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the target network with no preparation.
A penetration tester collects the information of a company such as internal and external links of the company's website, people working in the company, geographical location, DNS information, competitive intelligence, network range etc. This information is collected in order to search for vulnerabilities, so as to exploit and sniff valuable information. In order to become an expert penetration tester and security auditor, you must know various techniques to gather a company's information.
The Security Analyst Exercises / Information Gathering contains the following Exercises:
The Virtual Private Cloud for this Lab set utilizes:
Security Analyst Exercises are available as part of the following subscription:
Each subscription provides 6 months access to 15 Different Exercises.
Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Penetration Testing Exercises are designed to give the user an ultimate hands-on experience. Each exercise category above has it’s own Virtual Private Cloud that comes preconfigured with Vulnerable websites, Victim Machines, and the environment is LOADED with tools. Included in your network share are all the supporting tools required to practice in the Cyber Range / Lab environment.
Lab exercises are included for:
- TCPIP Packet Analysis
- Information Gathering
- Vulnerability Analysis
- External Penetration Testing
- Internal Network Penetration Testing
- Firewall Penetration Testing
- IDS Penetration Testing
- Password Cracking Penetration Testing
- Social Engineering Penetration Testing
- Web Application Penetration Testing
- SQL Penetration Testing