Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
14

Video Transcription

00:02
I welcome back to the course in the last module, we went over some of the basic information that you're gonna need to know to be successful in the course. So we did it show you how to set up a virtual box in Kelly Lennox as well? That's if you're not using the cyber labs. I do recommend to use a cyber lab environment just because you get so much
00:20
access to so many different machines that you can pretty much do
00:23
just about anything.
00:25
We also went over Ah, quick lab on password cracking with the tool called John the Ripper. So that's a dictionary attack, type of tool. And so we used the word list against our very simple password that when we were able to crack that
00:38
we also talk about some basics. Things like black hat way have versus gray hat. Um,
00:43
different laws that you're going to need to know is the penetration tester or, you know, quote unquote unethical hacker on, and also the CIA triage.
00:52
So, in this video right here, we're gonna go over a pre assessment for our model to show our footprint in Latin section on and then right After that, we're gonna jump into the foot printing lecture, and then we have several labs and we're going to do to kind of honing your skills. So let's go ahead and get started here
01:07
now. I do want to mention if you haven't looked at Marja one yet, pause this video. Go back that there's a lot of information
01:11
you're gonna need, especially if you're gonna try to take the sort of fine ethical hacker examination. Three. C Council. What I've done is kind of basically included just about anything you would need to know for kind of their introduction. Top of section on that exam material, so you definitely want to check it out. It's a lot of good information,
01:32
even just good information for your career in the industry.
01:36
So let's get back to our pre assessment here. Question number one. John is a criminal hacker, and he decides to starts to Dumpster outside Super Secret and incorporated
01:45
to see if you can find any information about the company. So, according to the City Council definition, Jonah's doing what So again, just think of the kind of exam type of Ah,
01:53
doesn't definition there.
01:57
All right, so if he chose Answer. See, you are correct, right? So it's gonna be passive footprint in according to the City Council's definition. But in real life, if you jump in a dumpster of a company and someone sees you, you're gonna be talking to the police or security at the at at a minimum so that it would be active. That would require some kind of interaction. But for our purposes, this question was
02:17
defined off of the easy counsel
02:20
material. And so it's gonna be positive foot printing if someone jumps in the double. So essentially, it's Dumpster diving.
02:27
All right, question number two Wish example of the these would be passive footprint.
02:34
All right, so if you said answer, be performing Google hacking on the target, you are correct. So again, our main difference here between active and passive, his interaction. So we look at a there, it says, having coffee with the talking with them. See, it kind of gives it away, right? It says interacted with the target on social media. Now, even though we don't meet him in person,
02:52
it's still that interaction is what's gonna cause it to be active for pretty
02:55
and of course we have. Tailgating is well now to digress. Just a moment till getting and piggybacking in real world are generally considered the same thing. So basically, you're following somebody some authorized users through the door and you're not authorized. Nobody knows who you are. But the EEC counsel definition tailgating basically means that
03:15
you have a fake badge or, you know, USC criminal have a fake badge, and you just follow someone through the door.
03:22
And whereas piggybacking is, you don't have a fake badge and you just follow something through the door.
03:28
I know kind of kind of clears mother, but that's you kind of. You have to know that for the exam, you probably won't see it too much, but just kind of keep it in the back. Your head.
03:38
Question number three. So the command to search for only files of a specific type is which,
03:46
all right, so if you guessed file type colon type, you are correct. Now that command may or may not still work in Google hacking, and that's what we're talking about in this particular question. Google Dorking is it's sometimes called that command may or may not work
04:00
in that at this time we're in the future, so just keep that in mind and we'll talk about that in the actual Google hacking lab. We do.
04:09
So the Air Force, uh, info, coolness string actually displays information that Google stores about the particular page itself.
04:16
Ah, answer. See the link String that one there displaced linked pages based on a particular search term. And then, of course, in your oil that one is pretty self explanatory. Basically displaced pages pages Excuse me with the string inside of the Earl.
04:31
So, for example, if I had a website
04:34
u R L called you know, w W on Microsoft dot com four slash password, you know, And I did a search for If I did it in You, Errol String for password, then it should list mike shot dot com slash password for one of the the search results. So
04:53
and that's kind of strange example. I hope Microsoft's not that
04:56
that bad a security that they would leave some like that, but you just never know
05:00
eso Question Number four here If I want to get notified anytime a company updates their social media page or any other page for that matter, I could set up a what?
05:13
Ours. If you said alert or or alert. That is correct. Er s So you don't want to, like, set up a Eurail? That doesn't make any sense. Ah, website, you know, could be beneficial. But you have to set up the car s s feed and stuff like that. What's the point of that? When you could just do answer c and set up an alert, You know, whether this Google or some other tool out there
05:31
and then, of course, answered, Eve is wrong. As usual, it's distributed denial of service it
05:36
and that's the type of attack type.
05:39
So in this video, we went over just kind of, ah, high level pre assessment for this particular module.
05:46
Uh, I do want to stress that we just touched down like, four questions here, but he's kind of cover the generalized information that we're gonna look at
05:51
now. There are laps in the module, but then the next video, we're gonna jump into the lecture component of it.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor