Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2020 ■ William Bailey

William Bailey

Week 04 – Scanning

by 7 Comments

This week we talked about initial scans using NMAP and NESSUS.  We also talked about using TCPDUMP as a packet sniffer.  As you work through your virtual environment this week, choose one (or more) of the following questions:

  1. What issue(s) are you encountering with NMAP, NESSUS, or other scanning tools?
  2. Did you discover any “interesting” traffic with TCPDUMP?
  3. How does practicing with a vulnerable device, such as the “MetaSploitable” help you learn more about vulnerability scanning and penetration testing?

 

Week 02: Reconnaissance

by 17 Comments

One of the topics this week is about Reconnaissance, or learning about the target.  You may be hired to think just like an outsider, someone trying to “hack” their way in.  Remember that some of the “hacking” techniques may not require specific coding.  There are so many methods, that for this week’s question, everyone needs to post a unique method of performing reconnaissance in order to earn full points.  Describe the method of reconnaissance, and if possible, provide an example of a “hack” or other breach that can be tied back to the information learned due to reconnaissance.

I’ll start with an example that you’re likely seeing on television as part of New Jersey Transit’s “See Something, Say Something” campaign.  The commercial promotes security awareness, with several suspicious actors.  One of the scenes shows two people along the road, possibly looking at their potential target, but more specifically, another actor taking pictures, and the scene is shown from the viewpoint where we see that the pictures being taken are those of the CCTV system.  Why?   By taking pictures of the facility, the outsider is learning about the physical security controls of the facility, and can plan the attack to avoid the line of sight from these cameras.

Reconnaissance - Examining Physical Security Controls (Cameras)