Cybersecurity. Part 3. Collecting information for penetration testing and security auditing

In this part of the lecture on Cybersecurity, Bogdan explains the process of collecting information for penetration testing and security auditing, focusing on both external reconnaissance and internal cloud security assessments.

External Reconnaissance

Internet Scanning Services: Tools like Shodan, ZoomEye, and Censys are used to scan the internet and gather information about hosts. These services identify open ports, SSL/TLS certificates, and underlying technologies (e.g., Nginx, Apache).

Information Leakage: SSL/TLS certificates can inadvertently expose subdomains if not managed correctly.

Protocol Analysis: Identifying protocols on specific ports, such as port 25 for SMTP, provides potential attack vectors. Security professionals may use tools like telnet to grab service banners for further investigation.

Domain Information: "Whois" lookups are a basic component of reconnaissance, providing contact information and location details related to domain registration.

Purpose: The primary goal of this reconnaissance is to determine the "attack surface" of a target system before starting an assessment.

Cloud Security Auditing

Automated Auditing: Tools like ScoutSuite can be used to audit cloud environments. By providing API keys for cloud services, these tools connect to the environment and check configurations against security templates.

Common Misconfigurations: A frequent issue is the accidental exposure of services (such as S3 buckets or databases) to the public internet. Developers may not realize their infrastructure is publicly accessible after deployment.

Internal vs. External Checks: While penetration testers perform external checks to find what is exposed, organizations should also perform internal audits using checklists to ensure that services are not inadvertently opened to the public.

Check out our workshops and events calendar at: https://luma.com/calendar/manage/cal-NHAHHepuTWOYDae/events

12:12

0 comments

Ai Start Academy

skool.com/aistartacademy

Ai Education for everyone from the heart of Silicon Valley

Leaderboard (30-day)