DevLeague Coding Bootcamp
DevLeague is a Full Stack Coding Bootcamp
Creating a profile target in the context of penetration testing recon
Footprinting is essentially the process of looking for clues.
You should know plenty about your target before you ever try to attack them,
No matter how big or small, every piece of information about a target could prove to be valuable at some point.
Footprinting is the process of collecting as much publicly available information about a target as possible.
The result of our footprinting process will result in a comprehensive "blueprint" of the security profile of the target organization.
Are they the same??
Footprinting should be considered a part of recon but possibly not the entire process.
Footprinting is often thought of as the process of mapping out the landscape of a target system or entity
Recon is often thought to be the larger context of gathering as much information about a target as possible
Active Footprinting - The act of physically touching a device, network, property, etc... This is easily discoverable activity. Ex. Social Engineering
Passive Footprinting - The act of gathering information from publicly available sources. Most footprinting activities should be passive in nature.
Anonymous Footprinting - The act of gathering information anonymously or in a way to be not identifiable
Pseudononymous Footprinting - VERY BAD - This is the act of performing actions under the identity of another person, potentially making them liable for illegal activity or prosecution
The general outcome desired from the footprinting of phase of recon can generally be grouped into the following four categories:
Ultimately goals should be defined up front so that you don't end up with an over abundance of data
The Computer Fraud and Abuse Act(1986) states that conspiracy to commit hacking a crime.
IMPORTANT: Remember to always get explicit authorization to conduct any kind of penetration testing against a target, even when searching publicly available information.
The intended outcome of the footprinting process is to create a profile of the target using the following methods:
The intended outcome of the footprinting process is to create a profile of the target using the following methods:
A number of public web sites and other methods are available to search for publicly available information:
We can often decipher information about a given target through analyzing public websites and email headers
By DevLeague Coding Bootcamp
Introduction to the footprinting phase of recon.