Information gathering is a first step and helps in every field of cybersecurity. It is a procedure to gather sensitive information about the target. Sensitive information can include IP addresses, email addresses, system details, and other data that may expose a target to vulnerabilities. The target could be a website, an application, an organisation, or a person.
How in every field?
Different fields:
- Red Team/Penetration Tester: People have to find information about their target.
- OSINT: This field is completely about data.
- Defensive/Blue Team: People need to find data about the cyber attack or malware.
Today, we are going to discuss various techniques and tools used for information gathering.
Some standard tools include WHOIS, which shows information about the domain name, and Nmap, which helps explore networks.
Gaining knowledge about these tools prepares you for what comes next. It is an excellent way to begin comprehending various approaches.
Example
An attacker named Ryan begins gathering information by visiting a company’s website. He will start collecting publicly available information. It could include domain registrations, email addresses, social media profiles, and employee information, all of which can be found online.
By putting all the information together, Ryan can understand the company’s structure and identify potential weak points, making it easier to plan an attack.
This step takes time and more effort because the more information you have about the target, the more likely you are to succeed in the attack. A successful attack means finding a weakness, planning to take advantage of where the organisation lacks, making it easier to reach goals.
Information Gathering is also known as reconnaissance and footprinting.
Importance
Information collection is a critical component of cybersecurity. Organisations may gain a better understanding of their networks, detect possible threats and weaknesses, and establish security plans by gathering data.
Additionally, information collection may help firms detect and respond to cyberattacks and develop stronger security policies. Information collecting may also be used to identify malicious actors, create a baseline of typical network activity, and detect abnormal patterns of behaviour.
Finally, information collection may help firms develop more effective cybersecurity policies, processes, and training programs.
Principles
To gather information well, you should follow some basic footprinting principles. These include:
- Following a Simple Process: Make a step-by-step process and follow it to collect information. This makes it easier to track and review the data you have collected.
- Planning: Good planning helps ensure that the essential details are accounted for.
- Use reliable sources: Ensure the information you collect comes from trustworthy sources.
Types of Reconnaissance
There are two types of information gathering techniques:
Passive
Passive information gathering is also known as passive reconnaissance. It involves collecting information about a target without directly interacting with it.
To perform passive recon, the attacker uses publicly available resources.
For example, Ryan (attacker) wants to gather information about company A. Ryan goes to the company’s website, social media profile, or even the newspaper. From here, Ryan can get information about company A and its employees.
In the above example, the attacker has all the information to plan an attack. This can lead to a successful phishing attack that steals data.
Tools:
- DNSDumper: DNS map built from DNS records and passive sources.
- Metagoofil: Extracts metadata from public documents on a target domain.
- Maltego: An OSINT tool to aggregate public records and data mining about the target.
- Wireshark: Captures and inspects network traffic from an interface or a PCAP file.
Active
Active information gathering involves interacting and collecting data directly with the target.
This technique involves scanning a network for vulnerabilities, brute forcing, and injecting malicious code using other tools.
For example, Bob (a security professional) wants to use a tool to scan the network for open ports on a web server, enabling him to identify weaknesses that could be exploited for unauthorised access.
Tools:
- DNSrecon: Perform DNS enumeration by querying records, attempting zone transfers, and brute forcing names.
- Nmap: Port scanning, running services, and OS/service fingerprints. It also has a vulnerability scanning feature.
- Metasploit: Framework for active scanning,
- RustScan: High-speed port scanning to find open ports.
Some of the tools are already pre-installed in Linux-based OSs such as Kali Linux, Parrot OS, or BlackArch.
Conclusion
Most people make a common mistake of not knowing their target. As a result, finding a minor vulnerability can take months. Companies may gain a better understanding of their networks, identify potential vulnerabilities and weaknesses, and develop plans to protect their systems by collecting information.
Information collection may help companies improve their security procedures and identify and respond to cyberattacks. Information can be gathered using several methods and resources, such as vulnerability scanners, social media, network mapping tools, search engines, and more.
Cyber criminals also employ a range of methods, including packet capture, social engineering, and network scanning, to obtain information.
Information gathering is a crucial skill that every cybersecurity professional should know. To master it, you have to master the skill rather than focus on tools. The tools are to help your workflow. By using multiple tools, you can extract more and more information.
The next step is Scanning and Enumeration.
