Course Hero Logo

In your agreement followed by a statement absolving

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 9 - 11 out of 33 pages.

in your agreement, followed by a statement absolving your team from unintentional problems,then, yes—congratulations—you’re accountable.Want another one you should think about? Try worrying about what actions your targettakes when they see you. If a network admin shuts everything down because he thinks they’reunder attack and that causesfill in the blank,are you at fault? You may be if you don’t have aclause that reads something like the following:The actions taken by the target in response to any detection of our activities are alsobeyond our control…What happens if a client decides they don’t want to accept that clause in the agreement?Well, since there’s absolutely no way to guarantee even the calmest of pen test tools andtechniques won’t alter or even destroy data or systems, my advice would be to run. Justbecause toolsets and techniques are designated passive in nature, and just because they aren’tdesigned to exploit or cause harm, don’t believe you can just fire away and not worry about it.And just as facts don’t care about feelings, tools don’t give a rip about your intent. Get youragreement in order first, then let your tools out on Spring Break.NOTEThe Computer Fraud and Abuse Act (1986) makes conspiracy to commit hacking acrime. Therefore, it’s important the ethical hacker get an ironclad agreement in placebefore evenattemptingbasic footprinting.While we’re on the subject of using websites to uncover information, don’t neglect theinnumerable options available to you—all of which are free and perfectly legal. Socialnetworking sites can provide all sorts of information. Sites such as LinkedIn(), where professionals build relationships with peers, can be a great place toprofile for attacks later. Facebook and Twitter are also great sources of information, especiallywhen the company has had layoffs or other personnel problems recently—disgruntled former
employees are always good for some relevant company dirt. And, just for some real fun, checkoutto see just how powerful social networking can befor determined hackers.EXAM TIPYou can also use alerting to help monitor your target. Google, Yahoo!, andTwitter all offer services that provide up-to-date information that can be texted or e-mailed toyou when there is a change.Google HackingA useful tactic in footprinting a target was popularized mainly in late 2004 by a guy namedJohnny Long, who was part of an IT security team at his job. While performing pen tests andethical hacking, he started paying attention to how the search strings worked in Google. Thesearch engine has always had additional operators designed to allow you to fine-tune your searchstring. What Mr. Long did was simply apply that logic for a more nefarious purpose.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 33 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
One
Professor
NoProfessor

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture