Silloway Networks
  • Home
    • Services
    • About >
      • Testimonials
  • Security
    • Compliance
    • IronScales
    • Sophos Endpoint
    • Sophos MDR Complete
    • Sophos XGS Firewall
  • Backup
    • DropSuite
  • M365
    • TEAMS >
      • Teams Training Video
  • VOIP
  • Contact
  • Payments
  • Blog
  • Home
    • Services
    • About >
      • Testimonials
  • Security
    • Compliance
    • IronScales
    • Sophos Endpoint
    • Sophos MDR Complete
    • Sophos XGS Firewall
  • Backup
    • DropSuite
  • M365
    • TEAMS >
      • Teams Training Video
  • VOIP
  • Contact
  • Payments
  • Blog

Cybersecurity - One Byte at a Time


Only Amateurs attack machines, Professionals target PEOPLE
​

  • Information Security is BIG
  • How do we start?
  • How do we learn?
  • Leveraging our existing tools
  • Positioning ourselves

Think Like a Hacker!


Passive (and Semi-Passive) Reconnaissance
Picture

Common Passive Recon Activities

  • Identifying IP Addresses and Sub-domains 
  • Identifying External/3rd Party sites
  • Identifying People 
  • Identifying Technologies 
  • Identifying Content of Interest 
  • Identifying Vulnerabilities 
Picture

WHOIS

Names, numbers, pretexting, phishing, social engineering, trolling
Picture

Page Source Code

Coders leave all kinds of notes
Picture

Google Search
site:healthcare.gov -site:www.healthcare.gov 

  • test.healthcare.gov
  • assets.healthcare.gov
  • localhelp.healthcare.gov
  • data.healthcare.gov
  • finder.healthcare.gov
  • finder-origin.healthcare.gov
  • akatest.healthcare.gov
  • finder.healthcare.gov
  • spa.healthcare.gov
  • search.healthcare.gov
  • healthcare.gov
  • chat.healthcare.gov
  • search.imp.healthcare.gov
Picture

PING, NSLOOKUP and TRACERT

There will be a 'Ping' assignment for homework. Check your inbox later. 

Other Methods

Picture

The WayBack Machine

Picture

Maltego

Picture

NetCraft

JOB SEARCHES!


What a job search can reveal to the Hacker
Picture

You're too kind!


What does this job search data reveal?
Picture

The tip of the Iceberg...

Picture
Company Website - Identifying People
Third Party Data Repositories
Social Media - Message Boards and User Forums
Document Metadata
People Search Sites
Financials (SEC databases)
Look for Signatures (Powered by Drupal or WordPress)
Publically posted password policies
​Technologies revealed in the website - 'for tips on installing Avast click here'
Wappalyzer (reveals technologies used on a website)
Document Searches (
site:<target_site> filetype:xls intitle:inventory)
Look for webportals, admin consoles, webmail 
Password reset hints
​Database dump files and user password files
​


Think like a hacker

Hopefully this tutorial has demonstrated some of the ways in which passive reconnaissance can be used to understand how an attackers sees the network

Call today - 802 282-4255

​Silloway Networks offers Enterprise level support to Small and Medium Businesses in Rutland, Addison, Windsor and Bennington Counties. Employing highly-skilled technicians and developing partnerships with best-of-breed technology providers allows Silloway Networks to provide personalized technology solutions to enhance the operation of your business.
Website by Silloway Networks