Lecture 2-1

External reconnaissance is gathering data about the target from outside its boundary to find its vulnerabilities and thinking of methods to exploit it. It typically focuses on the carelessness of the company's employees. They can perform ways such as dumpster diving, social media and social engineering.

Organizations get rid of devices that are out of date or no longer in use in a number of ways such as bidding, giving it to recyclers or dumping them in the dumpsters. An attacker will dive through that dumpster to get those devices. An attacker can gain information like an internal setup of an organization, openly stored login credentials on a browser, the privileges and details of users and access to customized system in the network.

Degaussing can be used to remove data. it reduces or eliminates the magnetic field that is stored on the disk of a computer. As for SSD, one suggested way would be to encrypt it with a long random key and forget that key.

Social media is a place where you can find all the information about the user. So, an attacker can create a fake identity using it. They can steal the photos and information from a victim's social media account. Another attack is guessing the victim's password from the information posted on the internet. For example, their birthday, maiden's name, pet's name, etc.

Humans are sympathetic, trusting to friends, show-offs, obedient to higher authority, greedy and curious. Social engineering is using these human nature to manipulate them into doing something that they normally wouldn't do. The six levels of social engineering are - Reciprocation: the victim will do something for the attacker in the act that they feel like they owe them a favor. Scarcity: threatening a short supply of something that the target is in need of. For example, a trip package, a mega sale, a new product release, etc. Consistency: Humans tend to get used to the flow of events. For example, an attacker clones the vendor that the target always buys from and since they always buy there, they don't check if the vendor is valid or not. Liking: Humans are likely to do something for the people that they like. Authority: Humans are most likely to obey those of higher authority. An attacker can act as the government and as for the victim's private information. Validation: Humans will try to follow the trend so that they are not the odd one out.

Pretexting is a form of social engineering where an attacker creates a false scenario or pretext to trick individuals into providing sensitive information or performing actions they normally wouldn't. It often involves impersonating someone else, such as a trusted authority figure or service provider, to gain access to information or resources.

Attackers persuade delivery and transport companies that their deliveries and services are requested elsewhere.

A hacker sends emails to a target pretending to be a legitimate third-party organization. Example: an email claiming a court order notice and ask the recipients to view more details. Upon clicking the link, the recipients installed malware on their computers that can be used for other malicious purposes.

Spear phishing is specifically targeted to obtain information from particular end users in an organization by performing a number of background checks on targets.

An attack strategy, in which the attacker guesses or observes which websites the group often uses and infects one or more of them with malware.

Unlike external reconnaissance, internal reconnaissance is done onsite. Attacks are carried out within an organization’s network, systems and premises. Mostly, this process is aided by software tools such as sniffing and scanning tools. An attacker interacts with the actual target systems to find out information about its vulnerabilities.

Wardriving is an internal reconnaissance technique used to find unsecured wifi networks while moving around in a vehicle. The process includes finding unsecured networks, mapping their locations, and recording the information in an online database. Network stumbler and mini stumbler are commonly used. Network Stumbler records SSIDs and exact GPS locations of unsecured wireless networks. mini stumbler does the same but for mobile and tablets.

Extortion attack is holding computer files for ransom and threatening to release damaging information about a victim to the public. Popular case studies are WannaCry where the hacker asks for $300 within 72 hours through Bitcoin address and it only made $50,000 because a kill switch was discovered and the Ashley Madison incident where after failed extortion attempts, hackers exposed the user data of millions of people. The company offered to pay a total of $11 million to compensate for the exposure of 36 million users.

Targeting non-obvious devices, which seemed to be harmless, in corporate networks. Modern printers come with an inbuilt memory function and only basic security features. Accessing to the printer may reveal the following: ➢Password authentication mechanisms ➢Gathering the sensitive data that users send to be printed ➢Used as entry points into other secure networks