Hacking Starter Part 3

8. Cryptography

• Crypto Techniques

• Steganography vs Cryptography - Cryptography vs Encoding vs Hashing vs Obfuscation

• -Types of Encryptions & Hashes

• -Crypto Analysis

• -Insecure Cryptographic Storage -Tools

9. OSINT - Recon (Passive):

• -names about: company, partners , employees https://delta.navisec.io/osint-for-pentesters-part-1-passive-recon-and-asset-discovery/

  • -identification of technology vendors in use -identification of public IP ranges https://mediasonar.com/2020/09/17/osint-techniques-for-security-poi-domains/

  • -identification of primary top-level domains. https://mediasonar.com/2020/08/06/osint-techniques-security-poi/

  • -Email gathering using search engines https://dericksiby94.medium.com/email-harvesting-for-social-engineering-29a3519cb202 https://hakin9.org/harvesting-email-addresses-for-osint-free-course-content/

  • -Identifying technologies https://traversals.com/blog/osint-tools/

  • -WhoIs Information https://webbreacher.com/2016/08/09/harvesting-whois-data-for-osint-using-viewdns-info/

  • -Gathering dns information passively https://pentest-standard.readthedocs.io/en/latest/intelligence_gathering.html

  • https://medium.com/@micallst/osint-resources-for-2019-b15d55187c3f

  • Dark web and breach data https://www.echosec.net/dark-web-threat-intelligence https://connectds.com/dark-web-assessment/

  • Intelligence gathering campaigns https://www.nixu.com/blog/open-source-intelligence-its-incredible-what-you-can-find-public-sources https://support.hoxhunt.com/hc/en-us/articles/360018446512-Open-source-intelligence-OSINT-

  • -Use Google to craft attacks https://applied-risk.com/resources/osint

  • -Security Countermeasures and privacy https://securityintelligence.com/how-open-source-intelligence-could-save-your-network/ https://www.secjuice.com/tracking-osint-hunters/