Telephone: 732-763-2814
Email: service@infosecpro.com

T O P   T H R E A T S :

Abuse of Cloud Computing

Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile


Common Exploits

Server Specific
Network Specific
CISCO Specific

CITRIX Specific

T E S T I N G   S T E P S

Password Craking

Footprinting - Reconnaissance:

The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilising a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack.

  • 1.  Whois is widely used for querying authoritative registries/ databases to discover the owner of a domain name, an IP address, or an autonomous system number of the system you are targeting.

  • 2. Internet Search
  • 3. DNS Record Retrieval from publically available servers
    • Types of Information Records
      • SOA Records - Indicates the server that has authority for the domain.
      • MX Records - List of a host’s or domain’s mail exchanger server(s).
      • NS Records - List of a host’s or domain’s name server(s).
      • A Records - An address record that allows a computer name to be translated to an IP address. Each computer has to have this record for its IP address to be located via DNS.
      • PTR Records - Lists a host’s domain name, host identified by its IP address.
      • SRV Records - Service location record.
      • HINFO Records - Host information record with CPU type and operating system.
      • TXT Records - Generic text record.
      • CNAME - A host’s canonical name allows additional names/ aliases to be used to locate a computer.
      • RP - Responsible person for the domain.
    • Database Settings
      • Version.bind
      • Serial
      • Refresh
      • Retry
      • Expiry
      • Minimum
    • Sub Domains
    • Internal IP ranges
      • Reverse DNS for IP Range
    • Zone Transfer
  • 4. Social Engineering
    • Remote
      • Phone
        • Scenarios
          • IT Department."Hi, it's Zoe from the helpdesk. I am doing a security audit of the networkand I need to re-synchronise the Active Directory usernames and passwords.This is so that your logon process in the morning receives no undue delays"If you are calling from a mobile number, explain that the helpdesk has beenissued a mobile phone for 'on call' personnel.
        • Results
        • Contact Details
          • Name
          • Email
          • Room number
          • Department
          • Role
      • Email
        • Scenarios
          • Hi there, I am currently carrying out an Active Directory Health Checkfor TARGET COMPANY and require to re-synchronise some outstandingaccounts on behalf of the IT Service Desk. Please reply to medetailing the username and password you use to logon to your desktopin the morning. I have checked with MR JOHN DOE, the IT SecurityAdvisor and he has authorised this request. I will then populate thedatabase with your account details ready for re-synchronisation withActive Directory such that replication of your account will bere-established (this process is transparent to the user and sorequires no further action from yourself). We hope that this exercisewill reduce the time it takes for some users to logon to the network.Best Regards, Andrew Marks
          • Good Morning,The IT Department had a critical failure last night regarding remote access to the corporate network, this will only affect users that occasionally work from home.If you have remote access, please email me with your username and access requirements e.g. what remote access system did you use? VPN and IP address etc, and we will reset the system. We are also using this 'opportunity' to increase the remote access users, so if you believe you need to work from home occasionally, please email me your usernames so I can add them to the correct groups.If you wish to retain your current credentials, also send your password. We do not require your password to carry out the maintainence, but it will change if you do not inform us of it.We apologise for any inconvenience this failure has caused and are working to resolve it as soon as possible. We also thank you for your continued patience and help.Kindest regards,leeEMAIL SIGNATURE
        • Software
        • Results
        • Contact Details
          • Name
          • Phone number
          • Email
          • Room number
          • Department
          • Role
      • Other
    • Local
      • Personas
        • Name
          • Suggest same 1st name.
        • Phone
          • Give work mobile, but remember they have it!
        • Email
          • Have a suitable email address
        • Business Cards
          • Get cards printed
      • Contact Details
        • Name
        • Phone number
        • Email
        • Room number
        • Department
        • Role
      • Scenarios
        • New IT employee
          • New IT employee."Hi, I'm the new guy in IT and I've been told to do a quick survey of users on the network. They give all the worst jobs to the new guys don't they? Can you help me out on this?"Get the following information, try to put a "any problems with it we can help with?" slant on it.UsernameDomainRemote access (Type - Modem/VPN)Remote email (OWA)Most used software?Any comments about the network?Any additional software you would like?What do you think about the security on the network? Password complexity etc.Now give reasons as to why they have complexity for passwords, try and get someone to give you their password and explain how you can make it more secure."Thanks very much and you'll see the results on the company boards soon."
        • Fire Inspector
          • Turning up on the premise of a snap fire inspection, in line with the local government initiatives on fire safety in the workplace.Ensure you have a suitable appearance - High visibility jacket - Clipboard - ID card (fake).Check for:number of fire extinguishers, pressure, type.Fire exits, accessibility etc.Look for any information you can get. Try to get on your own, without supervision!
      • Results
      • Maps
        • Satalitte Imagery
          • Google Maps
        • Building layouts
      • Other
  • 5. Dumpster Diving
    • Rubbish Bins
    • Contract Waste Removal
    • Ebay ex-stock sales i.e. HDD
  • 6. Web Site copy

Other members of our business group:

COPYRIGHT (C) 2000 - 2013 InfoSecPro.com ALL RIGHTS RESERVED