Footprinting - The first step towards Hacking - That Computer Engineer


Learn | Teach | Explore

Sunday, March 4, 2018

Footprinting - The first step towards Hacking

You must have seen in movies that a hacker types something quickly and finally gets into the system. Believe me or not, hacking is a much longer process. In fact, Footprinting is the first step used by an hacker to gather details about a target through observation and research.

Here, I will discuss about the Footprinting and some of the possible ways for you to stay secure from these methods. My agenda for today will be to discuss some basic steps used by hacker so that you are aware of the possible actions he may take and you respond accordingly.

Always keep in mind the below quotation:

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”  

Goal behind Footprinting 

  • To gain reasonable information about a potential target that could be latter used to perform attacks.
  • The attacker tries to create an image of the target so as to predict his actions and prepare a plan for the attack.

Basic Footprinting methods used

No matter how big or small an information is, its valuable for the attacker. Even the information you may neglect can be a great asset to them. To make you aware of the basic security threats, I have pointed out some of the basic methods any attacker will use. 

Social Networking sites

I will place this on the top resource. With an increase in use of social networking sites, most of the users are becoming vulnerable. Top social networking sites in use will include:
  • Facebook
  • Twitter
  • Linkedin
  • Instagram
 Users post information on these social networking sites. All a hacker needs to do is sit behind a desk along with a cup of coffee and analyse your profile. He will create a profile of the target from the information posted in these sites. So, what are the information he can gain from these accounts? To be honest, a lot. Some of these are:
footprinting ethical hacking
  • Your personal details
  • Family and relationships
  • Your job
  • Your company and your position in that company
  • Likes and dislikes 
  • Interests
  • Location details

Use of search engines

If you don't consider the use of search engine as a threat, you probably don't know its power. Using search engine like Google, Bing or Yahoo, an attacker can gain tremendous amount of information. A simple search can provide you with details of the technology used by the target, employee details and lot of other useful information.

Public websites

There is a lot of information available to the attacker on the public database. 

Location details

With the use of google maps and other tools, our location or the location of our assets can be easily looked up by the attacker to get an overview of the physical structure of the target. You may neglect the location detail but it plays a huge role in security.

Gaining Network Information

If you are the one owning a website, read this one. Various online tools enable anyone to gain information about your domain name that includes ip information, owner details and others.

These are only some of the procedures that I have used to give you an insight. In reality, there are a wide variety of techniques used.

Check out this article Social Engineering to know about the possible techniques used by an attacker over a person to gain information.

No comments:

Post a Comment