What is the threat of an attacker knowing about your network?
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
Identification of network resources is an important preparatory step before hacking. If a hacker knows that your corporate portal is running IIS 10 running Windows Server 2019, then he needs to find the vulnerabilities to which these software products are exposed. The easiest way to do this is to search vulnerability databases. If nothing could be found, then a particularly advanced hacker can try to find a "loophole" on his own by collecting an exact copy of the hacked system and trying to analyze the code on his own. There are special tools for this, which we will touch on later. After analyzing the vulnerabilities "offline", the hacker will then be able to quickly carry out an attack and inject malicious code into the attacked system.
Later on the channel, we will discuss in detail the issues related to the remote analysis of network services. Also, a little later we will look at such a little-studied, but nevertheless important aspect as social engineering.