- You can start with the Internet to search the company and/or the target.
- Social Engineering is another way to get information about employees or the company.
- Dumpster diving is still another method of gathering information.
- Once you have employee names, you can turn to social media to find out even more about them.
- Whois is used to gain information about a target network.
- Nslookup queries DNS servers to gain information about the host network.
- Arin is a website that will provide information about a network.
- Develop information sharing policies in your business.
- Policies related to sharing of company information on social media.
- DNS hardening is also important.
- Search for services.msc to get to all services running on the system.
- Disable IIS banner broadcasting.
The article I read was about a company called Rutter's that was hacked. The hackers gained access to the stores' network system and planted malware. This malware collected information about customers' cards as they were processed. They didn't catch the hackers.
https://www.zdnet.com/article/rutters-store-chain-discloses-security-breach-involving-pos-malware/
No comments:
Post a Comment