This video introduces the tools available for cyberattacks.
- [Instructor] It's becoming easier to launch a cyberattack. Attackers still need some programming skills, but attack tools are readily available on the internet for them to leverage. The first step in a cyberattack is reconnaissance, or recon, which is all about gathering as much information as possible on your victim. Criminals can conduct much of this initial recon through the internet. Using a search engine like Google to figure out the organizational structure of a company is a popular technique. Which can in turn lead to a social engineering attempt in which an intruder impersonates as a person of authority to gain access to confidential information such as a password. Internet searches can also produce Social Security Numbers, or SSNs, credit card numbers, and internet protocol, or IP addresses, just to name a few. There is so much recon you can do with a search engine like Google. Believe it or not, Google hacking is an established term, as you can see here on this Offensive Security website. Other recon tools such as Nmap, and its graphical user interface, or GUI version, Zenmap are even more powerful because they allow their users to directly probe what's vulnerable in cyberspace. Let's say that attacker's goal is to discover what devices are active in a network. All they need is to install Nmap on their computer, type Nmap, space, dash sn, dash 10.35.4.0/24, and then press enter. This command scans the network whose subnet ID 10.35.4.0. The forward slash and the number 24 indicate that the first three numbers of the given IP address 10.35.4 is the subnet ID. As you can see here, there are three hosts up and running, which is 10.35.4.150, 153, and 158. We'll go over the term subnet ID in more detail in another lesson. Based on the returned output we now know that the hosts with the IPs shown here are up and running in the 10.35.4 subnet. After learning what devices are active you can continue to use Nmap to investigate even more by learning what ports are open and what software and its version are tied to the open ports. What I'm showing here is only the tip of the iceberg. There's so much more you can do with Nmap, including its stealth options to minimize the possibility of detection. I always find it amazing that all these tools are available free of charge and so accessible, making the job of criminals easier. Once learning the vulnerabilities of a potential victim, the next step is to launch an attack to exploit the weaknesses. As you might have guessed already, there are even more tool choices out there which implement the exploits.
- Goals of network forensics
- Using a syslog and Microsoft Log Parser
- Investigating network traffic
- How protocol analysis works
- ARP and DNS poisoning
- Working with network forensics tools
- Using packet sniffers