Information is the most important asset of an organization. Leakage of information will expose the weak points of your company, so securing the company’s information is the main concern.
If confidential information is leaked, then a company can be finished by its competitors.
Just for an example if you share your bank information with another person, maybe you get a bank account empty soon. Hackers are seeking such type of information.
You should be aware of it that Your important information is available publicly without your knowledge. Your contact details, your name, mobile no. email address, and more.
What is Information Gathering?
Information gathering is a phase of penetration testing or ethical hacking. Where hackers or attackers gather the information as much as possible elated internal and external security architecture.
They have to face a target. The information of any system helps the attacker to identify the vulnerabilities within it, which can be exploited and gain access in later faces.
If you have deep information about the target reduces the focus area & brings you closer to the target. More information about target more possibilities to win.
If you have enough information about the target, you are close to getting key to hacking.
For Example, You focus the target by mean of the range of IP address you have to go through, to hack target or regarding domain information or else.
No information no chance to WIN!
Information Gathering Process
Information gathering is the first step to ethical hacking or Penetration testing as I have told you already.
Experts refer to information gathering as footprinting as well.
In this section, you must collect every possible information about the target and it’s a network. This piece of information helps you to find out the different possible ways to enter into the target network.
You can gather such type of information through two sources
- Source 1: Gather personal information through publically sources like google, social media and something else.
- Source 2: You can retrieve sensitive information from any secret source through social engineering
You can gather information through social engineering attacks, systems or network attacks, or through any other technique.
Basically, you can use 2 methods to complete first task footprinting
- Method 1: Active method, where interact with the target directly and get useful information as much as possible.
- Method 2: Passive Method: Passive methods, where hacker seeks information related to target indirectly. There is no any type of interaction between attacker and target.
Pseudonymous Information Gathering
Pseudonymous footprinting includes footprinting through online sources. In Pseudonymous footprinting, information about a target is shared by posting with an assumed name. This type information is shared with the real credential to avoid trace to an actual source of information.
Internet Information Gathering
All the methods for gaining information through the internet are called Internet information gathering or the internet footprinting.
In Internet Footprinting, processes such as Google Hacking, Google Search, Google Application including search engines other than Google as well.
Objectives of Information Gathering
The major objectives of Footprinting are: –
- To know security posture
- To reduce focus area
- Identify vulnerabilities
- Draw network map
Information Gathering techniques
It is not a big deal for an attacker to gather useful information regarding anyone through the internet, social media, official websites
Most of the time official websites of a small company or reputed company have much information about their users, Even this information is not useful for a basic person.
Having such type of information on the website can increase the reputation of the company in the market. So this information is not sensitive, as we think.
But a collection of this type of information may fulfill the requirements of an attacker.
And the attacker can gather enough information by a little effort. Below are more often information gathering techniques used by hackers for collecting information: –
- Information Gathering through Search Engines
- Information Gathering through Advance Google Hacking Techniques
- Information Gathering through Social Networking Gites
- Information Gathering through Websites
- Information Gathering through Email
- Information Gathering through Competitive Intelligence
- Information Gathering through WHOIS
- Information Gathering through DNS
- Information Gathering through Network
- Information Gathering through Social Engineering