Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT294 Ch 2

CIT294 Ethical Hacking Chapter 2 Gathering Information Terms

QuestionAnswer
Information gathering also known as footprinting, is the process of gathering all available information about an organization.
Reconnaissance Catchall term for watching the hacking target and gathering information about how, when, and where they do things. Identify behavior of people or system to find exploit a loophole.
Competitive Intelligence Information gathering about competitors’ products, marketing, and technologies
Tools that can be used for Competitive Intelligence EDGAR, SpyFu, KeywordSpy, Netcraft.com
Two Steps of Footprinting Unearth initial information and Locate the network range
Footprinting defined as the process of creating a blueprint or map of an organization. Begins by determining the target system, application, or physical location of the target.
Tools used for Footprinting Domain Name Lookup, Whois, NSlookup, Sam Spade
DNS Enumeration the process of locating all the DNS servers and corresponding records for a organization. Can find out information such as usernames, computer names, and IP addresses of potential target systems
Tools used for DNS Enumeration NSLookup, DNStuff, ARIN, Whois
DNS A (Address) Maps a hostname to an IP address
DNS SOA (Start of Authority) Identifies the DNS server responsible for the domain information
DNS CNAME (Canonical Name) provides additional names or aliases for the address record
DNS MX (Mail Exchange) Identifies the mail server for the domain
DNS SRV (Service) Identifies services such as directory services
DNS PTR (Pointer) Maps IP addresses to hostnames
DNS NS (Name Server) Identifies other name servers for the domain
traceroute packet-tracking tool that uses ICMP echo to each hop (router or gateway) a long the path until the destination is reached.. use to find the geographical location of the target. Also gives you information such as internal IP addresses and the gateway
Email tracking programs allow the sender of the email to know whether the recipient reads, forwards, modifies, or deletes an email.
Web spider collect information from websites such as email addresses
Social Engineering Process of deceiving users of a system or network and convincing them to perform acts useful to the hacker, such as giving out information that will bypass security such as authentication and passwords.
Art of Manipulation Build inappropriate trust relations with users. Prey on qualities of human nature such as the desire to be helpful, the tendency to trust people and the fear of getting in trouble. Hackers are able to blend in and appear to be part of the organization.
Two types of Social Engineering Attacks Human-Based and Computer-Based
Impersonating Employee/valid user Type of human-based social engineering where the hacker pretends to be an employee to gain physical access to the company where they can gather information from trash, or computer systems
Posing a important user Type of human-based social engineering where hacker pretends to be executive or manager who needs immediate access to their files. Use intimidation against lower level employees to have them assist them in getting access to the system.
Using a Third Person Type of human-based social engineering where Hacker pretends to have permission from a authorized source to use the system
Calling Technical support Type of human-based social engineering where hacker Calls tech support who are trained to help users
Shoulder surfing Type of human-based social engineering where hacker Gathesr passwords by watching over a persons shoulder while they login to the system
Dumpster diving Type of human-based social engineering where hacker Looks in trash for information written on a piece of paper or computer printouts. Hackers can often find passwords, filenames, or other confidential information
Reverse Social Engineering more advanced method of gaining information. Hacker creates persona that appears to be position of authority so that employees ask hacker for information. For example: hacker pretends to be help desk employee and asks user for password.
Insider Attacks Computer-Based social engineering attack where Hacker infiltrates the organization by getting hired as employee or finding a disgruntled employee to assist in the attack
Identity Theft Computer-Based social engineering attack where Hacker poses as employee or steals the employees identity to penetrate the company. Information can be gained in dumpster diving or shoulder surfing to gain access to company
Phishing Attacks Computer-Based social engineering attack where Sending email and posing as a bank, credit card company or financial institution. Requests a confirmation of confidential information or that customer resets their password or PIN.
URL Obfuscation Uses the URL (Uniform Resource Locator) or website address to hide a fake URL that appears to be legitimate website address.
Created by: Leisac