Thursday, April 8, 2010

Ethical Hacking cont. (2)- Finding public information

This is a continuation of the post: Introducing Ethical Hacking.

One of the important steps to ethical hacking is to assume you have no information about company (in other words, to forget everything you know about your corporation) and start from ground up. So let's start with only your corporation's name (you have to know which organisation to hack).

Gathering information from public sources
1- Google: "Google" your company and see what information you can gather.
2- Hoovers and Yahoo! Finance: Detailed information about companies available to the general public.
3- U.S Securities and Exchange Commission: SEC filings that the company has made.
4- United States Patent and Trademark Office: For patent and trademark information.
5- Whois- DNS Servers responsible for hosting.

What information to look for:
1- Employee's Names/Contact Information.
2- Key Dates
3- SEC filings
4- Patents
5- Presentations, Articles, Webcasts

I'll stop there. There's plenty of work there for you to do. In the meantime, I will be writing up the next section.

For more information (detailed information) check out Hacking: The Art of Exploitation:

No comments:

Post a Comment