CEH v12 Module 2: Footprinting and Reconnaissance. It teaches how to use the latest tools and techniques to perform footprinting and reconnaissance, which is a crucial pre-attack phase.
Reconnaissance is the practice of secretly discovering and gathering information about a system. This method is often used in penetration testing or ethical hacking.
The CEH v12 learning curriculum has changed due to the evolution of technology over time.
The new educational program includes training, laboratories, examinations, and practice exams.
The CEH exam has a pass rate of about 70% and lasts four hours. Candidates need to score at least 70% to pass.
Footprinting and reconnaissance are critical phases in the information-gathering process for ethical hacking or penetration testing.
These activities involve collecting as much data as possible about a target system or network to identify potential vulnerabilities and weaknesses.
Here are some key concepts and techniques used in footprinting and reconnaissance:
- Passive Footprinting:
- Social Engineering: Gathering information from publicly available sources, such as social media, to learn about employees, organizational structure, and potential points of entry.
- WHOIS Lookup: Querying WHOIS databases to obtain information about domain ownership, registration, and contact details.
- Active Footprinting:
- DNS Interrogation: Utilizing DNS tools (e.g., nslookup, dig) to gather information about domain names, IP addresses, and mail servers.
- Network Scanning: Conducting scans (e.g., using Nmap) to identify live hosts, open ports, and services running on target systems.
- Traceroute: Mapping the network path from the source to the target to identify routers and network infrastructure.
- Footprinting Tools:
- Maltego: A powerful tool for open-source intelligence and forensics, helping to visualize relationships between entities.
- TheHarvester: Collects information from various public sources, including search engines, PGP key servers, and SHODAN.
- Google Dorking: Using advanced search techniques in Google to find sensitive information and vulnerabilities.
- Web Footprinting:
- Web Scraping: Extracting data from websites, directories, and forums to gather information about employees, technologies used, and potential vulnerabilities.
- Spidering and Crawling: Using tools like Burp Suite or automated scripts to navigate and map the structure of a website.
- Social Engineering:
- Phishing: Sending deceptive emails or messages to trick individuals into revealing sensitive information or credentials.
- Impersonation: Pretending to be a trusted entity to extract information through conversation.
- Countermeasures:
- Firewalls and Intrusion Prevention Systems (IPS): Implementing strong network security measures to prevent unauthorized access.
- Regular Audits: Conducting periodic security audits to identify and rectify vulnerabilities.
- Employee Training: Providing security awareness training to employees to reduce the risk of social engineering attacks.
Remember, ethical hacking should always be conducted within the boundaries of the law and with proper authorization. Unauthorized access to systems is illegal and can lead to severe consequences.