As an aspiring ethical hacker and penetration tester, it's vital to understand the importance of gathering information about your target. As many of us would want to create a weapon (exploit) to take advantage of a security weakness (vulnerability) on a target system, network, or organization, we must understand the attack surface of our desired target. The more information we know about the target, the more knowledge we will have about how to compromise their systems. This is the mindset of a threat actor that develops over time. If you can think like a hacker and compromise a system as an ethical hacker or penetration tester, so can a real hacker. This is why we must perform penetration testing techniques on an organization – to quickly discover security flaws and implement countermeasures to prevent a real cyber attack from occurring in the future.

In this chapter, you will begin your journey by understanding the importance...

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

• Kali Linux 2021.2: https://www.kali.org/get-kali/
• Osintgram: https://github.com/Datalux/Osintgram
• Sherlock: https://github.com/sherlock-project/sherlock

Thinking like a hacker helps penetration testers discover and exploit security vulnerabilities within their target organizations. The first stage of the Cyber Kill Chain is reconnaissance as it is the most important part of hacking into a target system or network. Without understanding anything about the target, it will be very challenging or even impossible to compromise the target if the right tools and exploits are not used to take advantage of the security vulnerabilities on the system.

Without performing reconnaissance (information gathering) on the target, both threat actors and penetration testers will have difficulties moving on to the later phases of the Cyber Kill Chain. Hence, ethical hackers and penetration testers must conduct extensive research into gathering as much information as possible to create a profile of their target.

Reconnaissance can be divided into two categories:

• Passive: Uses an indirect approach...

Passive information gathering is when you use an indirect approach to obtain information about your target. This method obtains the information that's publicly available from many sources, thus eliminating direct contact with the potential target. Passive information gathering is usually fruitful, and a lot of organizations usually publish information and details about their organizations as a marketing strategy for their existing and potential customers. Sometimes, when organizations advertise a vacancy on a job recruiting website, the recruiter posts technical requirements for the potential candidate. From a penetration tester's point of view, the technical details can indicate the types of platforms, operating systems, network device vendors, and applications that are running within the organization's network infrastructure.

Important Note

Please ensure that you do not perform scans on any target organization&apos...

Gathering information before exploiting and gaining access to a network or system will help the penetration tester narrow the scope of the attack and focus on the security vulnerabilities of the target. This means the penetration tester can design specific types of attacks, exploits, and payloads that are suitable for the attack surface of the target. We will begin our information-gathering phase by utilizing the largest computer network in existence: the internet.

The internet has many platforms, ranging from forums and messaging boards to social media platforms. A lot of companies create an online presence to help market their products and services to potential clients. In doing so, the creation of a company's website, Facebook, Instagram, Twitter, LinkedIn, and so on ensures that their potential customers get to know who they are and what services and products are being offered. The marketing department is usually responsible for ensuring...

There are many techniques and tools a penetration tester uses to gather information about their target using data from various sources on the internet. Using OSINT strategies, you need to ensure you do not make direct contact with the organization and that your identity is not revealed during the process. Over the next few sections, you will learn how to use various strategies and tools to help conceal your identity, as well as mask your network traffic, while gathering intelligence about your targets.

Importance of a sock puppet

A sock puppet is a piece of terminology that's used within the cybersecurity industry, especially among penetration testers. A sock puppet is simply a misrepresentation of an individual, such as creating an entire fake identity. While pretending to be someone else is unlawful, hackers always create a fake identity on the internet when gathering information about their targets. By creating a misrepresentation...

In this chapter, you learned about the importance of performing reconnaissance and footprinting techniques on a target before exploiting its systems and networks. You learned how to use various strategies to ensure your network traffic is anonymized and how to create a sock puppet to cloak your true identity on the internet. Furthermore, you learned how to use various online tools and Kali Linux to help automate the process of collecting data to profile a target organization, as well as to discover any of their assets, which may be connected to the internet.

I hope this chapter has been informative for you and will prove helpful in your journey as an aspiring penetration tester, where you'll be learning how to simulate real-world cyberattacks to discover security vulnerabilities and perform exploitation using Kali Linux. In the next chapter, Chapter 5, Exploring Active Information Gathering, we will focus more on a direct approach to information gathering and how to...

To learn more about Make this a single sentence.

open source intelligence, please go to https://hub.packtpub.com/open-source-intelligence/.