Data is the most important asset of an organization. Leakage of data will expose the weak points of your company, so securing the company’s important data is the main concern.
If confidential information is leaked, then a company can be finished by its competitors.
Just for an example if you share your bank details with another person, maybe you get a bank account empty soon. Hackers are seeking such types of details.
You should be aware of it that Your important personal details is available publicly without your knowledge. Your contact details, your name, mobile no. email address, and more.
What is Information Gathering?
Information gathering is a phase of penetration testing or ethical hacking. Where hackers or attackers gather the information as much as possible elated internal and external security architecture.
They have to face a target. The details of any system help the attacker to identify the vulnerabilities within it, which can be exploited and gain access in later faces.
If you have deep knowledge about the target reduces the focus area & brings you closer to the target. More information about target more possibilities to win.
If you have enough required details about the target, you are close to getting key to hacking.
For Example, You focus the target by mean of the range of IP address you have to go through, to hack target or regarding domain information or else.
No information no chance to WIN!
Information Gathering Process
Information gathering is the first step to ethical hacking or Penetration testing as I have told you already.
Experts refer to information gathering as footprinting as well.
In this section, you must collect every possible data about the target and it’s a network. This piece of details helps you to find out the different possible ways to enter into the target network.
There are type of information gathering techniques, you can use
- Source 1: Gather personal data through publically sources like google, social media, and something else.
- Source 2: You can retrieve sensitive and important data from any secret source through social engineering
You can gather information through social engineering attacks, systems or network attacks, or through any other technique.
Basically, you can use 2 methods to complete first task footprinting
- Method 1: Active method, where interact with the target directly and get useful details as much as possible.
- Method 2: Passive Method: Passive methods, where hacker seeks data related to the target indirectly. There is no any type of interaction between attacker and target.
Pseudonymous Information Gathering techniques
Pseudonymous footprinting includes footprinting through online sources. In Pseudonymous footprinting, data about a target is shared by posting with an assumed name. This type of information is shared with the real credential to avoid trace to an actual source of information.
Internet Information Gathering
All the methods for gaining data through the internet are called Internet information gathering technique or the internet footprinting.
In Internet Footprinting, processes such as Google Hacking, Google Search, Google Application including search engines other than Google as well.
Objectives of Information Gathering
The major objectives of Footprinting are: –
- To know security posture
- To reduce focus area
- Identify vulnerabilities
- Draw network map
Information Gathering techniques
It is not a big deal for an attacker to gather useful details regarding anyone through the internet, social media, official websites
Most of the time official websites of a small company or reputed company have much data about their users, Even these details are not useful for a basic person.
Having such type of information on the website can increase the reputation of the company in the market. So this company, user detail is not sensitive, as we think.
But a collection of this type of data may fulfill the requirements of an attacker.
And the attacker can gather enough information by a little effort. Below are more often information gathering techniques used by hackers for collecting data: –
- Footprinting through Search Engines
- Footprinting through Advance Google Hacking Techniques
- Footprinting through Social Networking Gites
- Footprinting through Websites
- Footprinting through Email
- Footprinting through Competitive Intelligence
- Footprinting through WHOIS
- Footprinting through DNS
- Footprinting through Network
- Footprinting through Social Engineering