Lab: Open Source Intelligence
Gathering and Social Engineering
Open source intelligence gathering
Google Hacking and passive information gathering
Google search terms
Google search examples
Google Hacking Database (GHDB)
Open source inte
Below is the screenshot of the whois information for globalenterprises.com.
Below is an image of the profile of a target, LouAnne Garfinkle, who works for Global Enterprises.
Below is an image of the blog post by LouAnne where it states what ty
1. What type of firewall does Global Enterprises use and what are some of the technical
vulnerabilities that might be exploited?
Global Enterprise is using pfSense, which is an open source firewall which runs on the hardware
Using OpenVAS to scan the host 192.168.16.100, 3 medium and 4 low level vulnerabilities were
found, as can be seen in the image above.
Security issues reported for 192.168.16.100 include a notification about DCE. DCE (Distributed
The below image contains the rule as specified in the Excel spreadsheet. The rules include a rule to
allow web browsing (excluding HTTPS), allow the retrieval of email using SMTP, allow access to FTP,
allow domain lookups so that the users do n
1. Using only the filtering table and the outgoing chain: What firewall rule can you use to
prevent users from sending out SNMP polling requests?
To add a rule to the output chain in IPtables to prevent users from sending SNMP polling
Lab Report Week 2
Comparing Ethernet Source & Destination
Comparing the report from NetWitness Investigator with the packet information from Wireshark, you
can see that Wireshark provides the source MAC address of the response in the screen capture below
Wireless Equivalent Privacy Protocol
WEP was included in the 802.11 standard to provide confidentiality, integrity and access control to a
WLAN. WEP encryption encrypts each data frame using a stream cipher. The stream cipher is a
symmetric cryptosystem (
1. Which tool, Wireshark or NetWitness Investigator, would be used to determine whether
the wireless transmitter and/or receiver addresses were being spoofed in an attempt to
hide some aspect of the wireless communications, possibly to
Above is nmap scan of 192.168.16.100. The web server port 80 and the DNS port 53 are the two
ports from the WAN rules that show up as open in the nmap port scan. When running nmap
192.168.16.100 p25 the SMTP port is shown as filtered a